User Tag List

hidden window

This is a discussion on hidden window within the Resolved HJT Threads forums, part of the Tech Support Forum category. can some one please tell me what shellcon hidden window is, the only reason that i ask is because when


 
 
Thread Tools Search this Thread
Old 02-27-2007, 08:02 PM   #1
Guest
 
Join Date: Feb 2007
Posts: 23
OS:



can some one please tell me what shellcon hidden window is, the only reason
that i ask is because when i shutdown or reboot my system a end program
window comes up and says that the program is ending.

I ran HijackThis and the following is its log info:




Logfile of HijackThis v1.99.1
Scan saved at 12:08:04 AM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.640\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ShStatEXE] "c:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG Electronics\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - https://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{101D7DA9-543D-4FA0-8EAA-6C59B03C65D3}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{12FD8E9C-1936-4160-B630-B979F1F94A32}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CE90620-7A32-4D85-9C5F-A9DDC9A3E20E}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95C0D25-6E0E-428D-874C-4981E1BC3CDE}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133 85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\..\{101D7DA9-543D-4FA0-8EAA-6C59B03C65D3}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.133 85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\..\{101D7DA9-543D-4FA0-8EAA-6C59B03C65D3}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133 85.255.112.195
O18 - Protocol: bw+0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
ck101 is offline  
Sponsored Links
Advertisement
 
Old 02-28-2007, 06:38 AM   #2
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


Hello ck101 and welcome to TSF,

This seems to be a problem with your MUSICMATCH Jukebox program ... it appears many people have had this problem when installing or upgrading to with MMJB 10 .https://wiki.answers.com/Q/What_is_sh..._hidden_window

I do see an infection on your system. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Before we begin, please unzip HiJackThis to it's own folder, like c:\HJT. While we’re cleaning the rest of your system, various tools used will clean the temp folder which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

***************************************************

Please download FixWareout from one of these sites:
https://downloads.subratam.org/Fixwareout.exe
https://www.bleepingcomputer.com/file...Fixwareout.exe
  • Save it to your desktop and run it.
  • Click "Next", then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin: Please follow the prompts.
  • You will be asked to reboot your compute: Please do so.
  • Your system may take longer than usual to load and this is normal.
Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

**If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again.

Run HijackThis. Click "Do a System Scan Only" , and place a check next to the following items (if found):

O17 - HKLM\System\CCS\Services\Tcpip\..\{101D7DA9-543D-4FA0-8EAA-6C59B03C65D3}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{12FD8E9C-1936-4160-B630-B979F1F94A32}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CE90620-7A32-4D85-9C5F-A9DDC9A3E20E}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95C0D25-6E0E-428D-874C-4981E1BC3CDE}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133 85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\..\{101D7DA9-543D-4FA0-8EAA-6C59B03C65D3}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.133 85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\..\{101D7DA9-543D-4FA0-8EAA-6C59B03C65D3}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133 85.255.112.195
**Fix all those O18 Logitech entries except the first one--leave one entry intact**


Click FIX CHECKED. Close HijackThis.

----------------------------------------------------------------

Download ComboScan to your Desktop.Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on comboscan.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - ComboScan.txt <- this one will be maximized and Supplementary.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum.
  5. Please attach Supplementary.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\ComboScanSupplementary.txt
  3. Click Upload.
--------------------------------------------------------------------

Please include the following in your next reply:

C:\fixwareout\report.txt
ComboScan.txt
an attached Supplementary.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 02-28-2007, 09:02 PM   #3
Guest
 
Join Date: Feb 2007
Posts: 23
OS:



Thanks for the help Ried

here are the results:

SUMMPEMENTARY:

ComboScan v20070226.18 run by Administrator on 2007-02-28 at 23:53:42
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.48 MiB / 521.37 MiB
Pagefile Memory (total/avail): 2461.68 MiB / 2053.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1989.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 128.53 GiB total, 47.05 GiB free.
D: is Fixed (NTFS) - 20.51 GiB total, 20.45 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: Trend Micro AntiVirus - Virus Protection v15.10.1206 (Trend Micro, Inc.)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KEJRIWAL-083646
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\KEJRIWAL-083646
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\system32;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\SSH Communications Security\SSH Secure Shell
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=KEJRIWAL-083646
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Ares 1.9.3 --> "C:\Program Files\Ares\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Vision M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
D-i-v-X - AV Codec Pack --> C:\WINDOWS\system32\divxcp\Uninst.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy Video Splitter 1.28 --> "C:\Program Files\Easy Video Splitter\unins000.exe"
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
Free WMA to MP3 Converter 1.08 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 1.99.1 --> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.640\HijackThis.exe /uninstall
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LG PhoneManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EE65592-88FD-48AA-98CA-EE9BDB1FF518}\setup.exe" -l0x9 -removeonly
LG SyncManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92636B62-9423-4246-82FE-69E2F4158350}\setup.exe" -l0x9 -removeonly
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook 2002 --> MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MINITAB 14 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A87E25E5-38BA-46AD-A008-1D4FB3D332D3}
Mozilla Firefox (1.5.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.10 (en-US)"
Mp3 Tag Tools v1.2 --> "C:\Program Files\Mp3TagToolsv12\uninstall.exe"
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
NSIS Media Extension --> C:\Program Files\Common Files\NSIS\uninst.exe
ONIMUSHA3 PC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{722CEEBA-22BB-4448-9903-4B89F53B74DB}\setup.exe" -l0x9 -removeonly
Paint.NET v3.0 --> MsiExec.exe /X{267AB309-8021-4CAE-9698-D9A0BEEF7FBA}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Scarface: The World is Yours --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{28142407-ACAD-4ECD-A6B6-9FA8471F6062}
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Trend Micro AntiVirus --> MsiExec.exe /X{71E4D679-20AB-41E9-A350-D5BF92088FFE}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XviD Media Codec 1.1.1 --> C:\Program Files\XviD\uninst.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- End of ComboScan: finished at 2007-02-28 at 23:55:33 -------------------------

COMBOSCAN:

ComboScan v20070226.18 run by Administrator on 2007-02-28 at 23:53:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Administrator.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:54:35 PM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\comboscan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\ADMINI~1\Desktop\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG Electronics\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - https://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - https://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: bw+0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3S EagleNT - C:\WINDOWS\system32\drivers\EagleNT.sys (not found)
3S EntDrv51 - C:\WINDOWS\system32\drivers\EntDrv51.sys (not found)
1R FileDisk - C:\WINDOWS\system32\drivers\filedisk.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S GMSIPCI - G:\INSTALL\GMSIPCI.SYS (not found)
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1S kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R L8042Kbd (Logitech SetPoint Keyboard Driver) - C:\WINDOWS\system32\drivers\L8042Kbd.sys
3R L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042mou.Sys
3S LHidKe (Logitech SetPoint HID Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidKE.Sys
3S LHidUsbK (Logitech SetPoint USB Receiver Device Driver) - C:\WINDOWS\system32\drivers\LHidUsbK.sys
3R LMouKE (Logitech SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys
3S LUsbKbd (Logitech SetPoint USB Keyboard Filter) - C:\WINDOWS\system32\drivers\LUsbKbd.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
1R PQNTDrv - C:\WINDOWS\system32\drivers\PQNTDRV.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys
3R SAMFILT - C:\WINDOWS\system32\drivers\samfilt.sys
1R SCDEmu - C:\WINDOWS\system32\drivers\scdemu.sys
3S SilverLink (Texas Instruments SilverLink (USB GraphLink) Cable) - C:\WINDOWS\system32\drivers\SilvrLnk.sys
3S sony_ssm.sys - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sony_ssm.sys (not found)
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S ssm_bus (SAMSUNG Mobile USB Device II 1.0 driver (WDM)) - C:\WINDOWS\system32\drivers\ssm_bus.sys
3S ssm_mdfl (SAMSUNG Mobile USB Modem II 1.0 Filter) - C:\WINDOWS\system32\drivers\ssm_mdfl.sys
3S ssm_mdm (SAMSUNG Mobile USB Modem II 1.0 Drivers) - C:\WINDOWS\system32\drivers\ssm_mdm.sys
1R StarOpen - C:\WINDOWS\system32\drivers\StarOpen.sys
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
2R tmpreflt - C:\WINDOWS\system32\drivers\tmpreflt.sys
2R tmxpflt - C:\WINDOWS\system32\drivers\tmxpflt.sys
3S usbbus (LGE Mobile Composite USB Device) - C:\WINDOWS\system32\drivers\lgusbbus.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3S UsbDiag (LGE Mobile USB Serial Port) - C:\WINDOWS\system32\drivers\lgusbdiag.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBModem (LGE Mobile USB Modem) - C:\WINDOWS\system32\drivers\lgusbmodem.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R vaxscsi - C:\WINDOWS\system32\drivers\vaxscsi.sys
2R vsapint - C:\WINDOWS\system32\drivers\vsapint.sys
3S wceusbsh (Windows CE USB Serial Host Driver) - C:\WINDOWS\system32\drivers\wceusbsh.sys
3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R ZD1211U(ZyDAS) (ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)) - C:\WINDOWS\system32\drivers\ZD1211U.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
3S iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
2R tavsvc (Trend Micro AntiVirus Protection Service) - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
2R tmproxy (Trend Micro Proxy Service) - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe
3S usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
2R Viewpoint Manager Service - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"


-- Scheduled Tasks --------------------------------------------------------------

2007-02-22 19:44:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-28 and 2007-02-28 ------------------------------

2007-02-28 23:34:29 0 d-------- C:\fixwareout<FIXWAR~1>
2007-02-28 00:29:49 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup<AU_BAC~1>
2007-02-28 00:26:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro<TRENDM~1>
2007-02-28 00:25:45 32528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-02-27 23:53:39 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
2007-02-27 23:28:19 102800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-27 23:26:27 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6<HOUSEC~1.6>
2007-02-22 19:46:53 0 d-------- C:\Program Files\iPod
2007-02-22 19:46:50 0 d-------- C:\Program Files\iTunes
2007-02-22 19:45:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-22 19:44:10 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-21 22:36:07 0 d-------- C:\Program Files\Cell Phone Manager<CELLPH~1>
2007-02-21 22:29:02 0 d-------- C:\Program Files\PhoneExplorer<PHONEE~1>
2007-02-18 11:54:09 0 d-------- C:\133a0580da48a28b541b80c9<133A05~1>
2007-02-17 13:33:53 0 d-------- C:\Program Files\PowerQuest<POWERQ~1>
2007-02-16 22:09:06 0 d-------- C:\Program Files\TallStick<TALLST~1>
2007-02-16 22:03:50 0 d-------- C:\ringtoneexport<RINGTO~1>
2007-02-16 21:42:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\ConvertTemp<CONVER~1>
2007-02-16 21:42:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\TransRender<TRANSR~1>
2007-02-16 21:42:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Temporary<TEMPOR~1>
2007-02-16 21:38:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Samsung
2007-02-16 21:10:59 174592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-02-16 21:10:34 5840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-02-16 21:10:34 5840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-02-16 21:10:34 94000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-02-16 21:10:34 8336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-02-16 21:10:34 6176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-02-16 21:10:34 6176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-02-16 21:10:34 58320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-02-16 21:10:16 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers<SAMSUN~1>
2007-02-16 21:10:03 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-02-16 21:09:47 0 d-------- C:\Program Files\Samsung
2007-02-16 15:16:48 286720 -----n--- C:\WINDOWS\Setup1.exe
2007-02-16 15:16:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-14 14:52:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Snapfish
2007-02-01 16:29:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1>
2007-02-01 16:25:32 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-02-01 15:09:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\FastStone<FASTST~1>
2007-02-01 15:08:37 0 d-------- C:\Program Files\Paint.NET
2007-02-01 1553 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-01-29 18:07:59 61440 --a------ C:\WINDOWS\diabswun.exe
2007-01-29 18:07:59 86528 --a------ C:\WINDOWS\bnetunin.exe
2007-01-29 18:07:59 0 d-------- C:\Diablo
2007-01-29 1754 0 d-------- C:\WINDOWS\.jagex_cache_32<JAGEX_~1>
2007-01-28 15:57:41 0 d-------- C:\Program Files\Radical Games<RADICA~1>


-- Find3M Report ----------------------------------------------------------------

2007-02-28 21:41:08 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-28 17:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2007-02-28 00:16:33 0 d-------- C:\Program Files\Common Files\Network Associates<NETWOR~1>
2007-02-28 00:16:31 0 d-------- C:\Program Files\Network Associates<NETWOR~1>
2007-02-18 11:55:52 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-02-16 22:05:05 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-16 21:34:09 0 d-------- C:\Program Files\Java
2007-02-16 17:30:10 0 d-------- C:\Program Files\Diablo II<DIABLO~1>
2007-02-15 14:53:26 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2007-02-14 16:19:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-14 16:18:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-14 16:13:08 0 d-------- C:\Program Files\Mafia
2007-02-14 10:35:46 0 d-------- C:\Program Files\Starcraft<STARCR~1>
2007-02-14 10:05:07 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft<MICROS~1>
2007-02-11 16:27:46 0 d-------- C:\Program Files\BitComet
2007-02-05 18:59:10 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-03 2054 0 d-------- C:\Program Files\CureROM
2007-02-03 1913 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-02 14:55:48 0 d-------- C:\Program Files\WarRock
2007-01-30 17:40:43 0 d-------- C:\Program Files\AIM95
2007-01-27 16:10:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-01-27 16:10:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-01-27 16:10:48 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-01-27 15:56:20 0 d-------- C:\Program Files\Creative
2007-01-25 19:07:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2007-01-25 19:07:36 0 d-------- C:\Program Files\AOD
2007-01-21 13:13:13 20480 --a------ C:\WINDOWS\system32\[email protected]@@k.DLL<[email protected]~1.DLL>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 11:05:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games<MICROS~2>
2007-01-11 18:36:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\SSH
2007-01-11 18:32:17 0 d-------- C:\Program Files\SSH Communications Security<SSHCOM~1>
2007-01-10 19:20:10 284240 --a------ C:\WINDOWS\system32\TmLsp.dll
2007-01-09 19:54:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\LG Electronics<LGELEC~1>
2007-01-09 19:54:16 0 d-------- C:\Program Files\LG Electronics<LGELEC~1>
2007-01-04 17:05:55 0 d-------- C:\Program Files\GALA-NET
2007-01-04 17:05:54 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-01-01 14:30:07 0 d-------- C:\Program Files\Eudemons Online<EUDEMO~1>
2007-01-01 12:50:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2006-12-30 00:35:35 2508 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2006-12-30 00:30:56 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2006-12-30 00:27:55 0 d-------- C:\Program Files\Common Files\L&H
2006-12-29 19:07:08 0 d-------- C:\Program Files\mp3DirectCut<MP3DIR~1>
2006-12-22 17:32:14 1024 --a------ C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
2006-12-12 22:33:31 0 --a------ C:\Documents and Settings\Administrator\Application Data\.googlewebacchosts<GOOGLE~1>
2006-12-09 16:23:42 1 --a------ C:\Documents and Settings\Administrator\Application Data\FileJoin.ini
2006-12-08 12:02:00 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>
2006-11-29 1318 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"ioloDelayModule"="C:\\Program Files\\iolo\\System Mechanic Professional 6\\delay.exe"
"Trend Micro AntiVirus 2007"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Check For Dope Wars Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Check For Dope Wars Updates.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Dopewars\\WiseUpdt.exe /C"
"item"="Check For Dope Wars Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1159411013\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SCDEmuApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search and Recover Disk Image Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DiskImageService"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\Search and Recover\\DiskImageService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="trickler_bic_dopewars_3013"
"hkey"="HKLM"
"command"="\"c:\\program files\\gatinst\\trickler_bic_dopewars_3013.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdqgp.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F28439F2-4996-41B8-8BD0-22789780DE81}"="NSIS Media Extension"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-02-28 at 23:55:33 -------------------------

REPORT:


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
https://www.virustotal.com/flash/index_en.html
Or https://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
ck101 is offline  
Sponsored Links
Advertisement
 
Old 02-28-2007, 09:42 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


Hi,

We have some registry entries to take care of. Due to the presence of these, it would be prudent to run additional tools.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

--------------------------------------------------------------------

Download the attached ck101.zip file to your desktop.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Double click on the ck101.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


--------------------------------------------------------------------

Download and run Blacklight

*Note that you must have local administrative privileges to run the program.

Click Scan.

BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you need to allow BlackLight to do this.

When it finishes, click Next. Click on Close

BlackLight beta would create a log file "fsbl-<date-and-time>.log". By default, the log file is in the same directory as the executable. Please post the log.

--------------------------------------------------------------------

Run a new scan with ComboScan.exe

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
Blacklight log
New ComboScan.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-01-2007, 08:46 PM   #5
Guest
 
Join Date: Feb 2007
Posts: 23
OS:


i get the following message when i run avg anti-spyware in safe mode:

"something bad happened in the application. error diagnostic file saved 'c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.err'"

so is it ok if i skip this step and download panda activescan and go on from there.
ck101 is offline  
Old 03-01-2007, 09:35 PM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


Yes, please continue.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-02-2007, 04:48 PM   #7
Guest
 
Join Date: Feb 2007
Posts: 23
OS:


where can i get comboscna.exe
and here is the results so far without running comboscan

backlight log
--------
03/02/07 19:37:36 [Info]: BlackLight Engine 1.0.55 initialized
03/02/07 19:37:36 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/02/07 19:37:36 [Note]: 7019 4
03/02/07 19:37:36 [Note]: 7005 0
03/02/07 19:37:39 [Note]: 7006 0
03/02/07 19:37:39 [Note]: 7011 408
03/02/07 19:37:39 [Note]: 7026 0
03/02/07 19:37:39 [Note]: 7026 0
03/02/07 19:37:47 [Note]: FSRAW library version 1.7.1021
03/02/07 19:40:18 [Info]: Hidden file: c:\WINDOWS\system32\kdqgp.exe
03/02/07 19:40:18 [Note]: 7002 32
03/02/07 19:40:18 [Note]: 7003 1
03/02/07 19:40:18 [Note]: 10002 1
03/02/07 19:41:04 [Note]: 2000 1012
03/02/07 19:41:04 [Note]: 2000 1012
03/02/07 19:42:14 [Note]: 7007 0
--------
panda report is attached with this post

i don't have AVG Anti-Spyware results b/c i wasn't able to run this program in safe mode.


Incident Status Location

Adware:adware/dopewars Not disinfected Windows Registry
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Virus:Trj/dmRandom.HF Disinfected C:\WINDOWS\system32\kdqgp.exe
Attached Files
File Type: txt report.txt (6.8 KB, 36 views)
ck101 is offline  
Old 03-02-2007, 05:10 PM   #8
Guest
 
Join Date: Feb 2007
Posts: 23
OS:


never mind
i downloaded comboscan and here are the results:

----------------
ComboScan v20070226.18 run by Administrator on 2007-03-02 at 19:56:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:56:37 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Ares\Ares.exe
c:\program files\windows media player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\comboscan.exe
C:\DOCUME~1\ADMINI~1\Desktop\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG Electronics\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - https://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - https://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: bw+0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- Files created between 2007-02-02 and 2007-03-02 ------------------------------

2007-03-02 19:34:51 67 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys<PFDNNT~1.SYS>
2007-03-02 19:34:51 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2007-03-02 18:57:33 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-02 18:57:31 0 d-------- C:\WINDOWS\LastGood
2007-03-01 23:11:16 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-01 23:09:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-03-01 23:04:53 0 d-------- C:\Program Files\Grisoft
2007-03-01 00:14:36 0 d-------- C:\info
2007-02-28 23:34:29 0 d-------- C:\fixwareout<FIXWAR~1>
2007-02-28 00:29:49 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup<AU_BAC~1>
2007-02-28 00:26:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro<TRENDM~1>
2007-02-28 00:25:45 32528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-02-27 23:53:39 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
2007-02-27 23:28:19 102800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-27 23:26:27 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6<HOUSEC~1.6>
2007-02-22 19:46:53 0 d-------- C:\Program Files\iPod
2007-02-22 19:46:50 0 d-------- C:\Program Files\iTunes
2007-02-22 19:45:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-22 19:44:10 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-21 22:36:07 0 d-------- C:\Program Files\Cell Phone Manager<CELLPH~1>
2007-02-21 22:29:02 0 d-------- C:\Program Files\PhoneExplorer<PHONEE~1>
2007-02-18 11:54:09 0 d-------- C:\133a0580da48a28b541b80c9<133A05~1>
2007-02-17 13:33:53 0 d-------- C:\Program Files\PowerQuest<POWERQ~1>
2007-02-16 22:09:06 0 d-------- C:\Program Files\TallStick<TALLST~1>
2007-02-16 22:03:50 0 d-------- C:\ringtoneexport<RINGTO~1>
2007-02-16 21:42:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\ConvertTemp<CONVER~1>
2007-02-16 21:42:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\TransRender<TRANSR~1>
2007-02-16 21:42:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Temporary<TEMPOR~1>
2007-02-16 21:38:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Samsung
2007-02-16 21:10:59 174592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-02-16 21:10:34 5840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-02-16 21:10:34 5840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-02-16 21:10:34 94000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-02-16 21:10:34 8336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-02-16 21:10:34 6176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-02-16 21:10:34 6176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-02-16 21:10:34 58320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-02-16 21:10:16 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers<SAMSUN~1>
2007-02-16 21:10:03 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-02-16 21:09:47 0 d-------- C:\Program Files\Samsung
2007-02-16 15:16:48 286720 -----n--- C:\WINDOWS\Setup1.exe
2007-02-16 15:16:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-14 14:52:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Snapfish


-- Find3M Report ----------------------------------------------------------------

2007-03-02 19:26:34 0 d-------- C:\Program Files\PowerISO
2007-03-02 19:26:22 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-02 19:24:29 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-03-02 19:18:42 0 d-------- C:\Program Files\Ares
2007-03-02 16:22:06 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-28 17:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2007-02-28 00:16:33 0 d-------- C:\Program Files\Common Files\Network Associates<NETWOR~1>
2007-02-28 00:16:31 0 d-------- C:\Program Files\Network Associates<NETWOR~1>
2007-02-18 12:12:00 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-02-18 11:55:52 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-02-16 22:05:05 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-16 21:34:09 0 d-------- C:\Program Files\Java
2007-02-16 17:30:10 0 d-------- C:\Program Files\Diablo II<DIABLO~1>
2007-02-15 14:53:26 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2007-02-14 16:19:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-14 16:18:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-14 16:13:08 0 d-------- C:\Program Files\Mafia
2007-02-14 10:35:46 0 d-------- C:\Program Files\Starcraft<STARCR~1>
2007-02-14 10:05:07 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft<MICROS~1>
2007-02-11 16:27:46 0 d-------- C:\Program Files\BitComet
2007-02-05 18:59:10 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-03 2054 0 d-------- C:\Program Files\CureROM
2007-02-02 14:55:48 0 d-------- C:\Program Files\WarRock
2007-02-01 16:25:32 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-02-01 15:09:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\FastStone<FASTST~1>
2007-02-01 15:08:57 0 d-------- C:\Program Files\Paint.NET
2007-01-30 17:40:43 0 d-------- C:\Program Files\AIM95
2007-01-29 18:07:59 61440 --a------ C:\WINDOWS\diabswun.exe
2007-01-29 18:07:59 86528 --a------ C:\WINDOWS\bnetunin.exe
2007-01-28 15:57:41 0 d-------- C:\Program Files\Radical Games<RADICA~1>
2007-01-27 16:10:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-01-27 16:10:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-01-27 16:10:48 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-01-27 15:56:20 0 d-------- C:\Program Files\Creative
2007-01-25 19:07:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2007-01-25 19:07:36 0 d-------- C:\Program Files\AOD
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 11:05:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games<MICROS~2>
2007-01-11 18:36:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\SSH
2007-01-11 18:32:17 0 d-------- C:\Program Files\SSH Communications Security<SSHCOM~1>
2007-01-10 19:20:10 284240 --a------ C:\WINDOWS\system32\TmLsp.dll
2007-01-09 19:54:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\LG Electronics<LGELEC~1>
2007-01-09 19:54:16 0 d-------- C:\Program Files\LG Electronics<LGELEC~1>
2007-01-04 17:05:55 0 d-------- C:\Program Files\GALA-NET
2007-01-04 17:05:54 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2006-12-30 00:35:35 2508 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2006-12-22 17:32:14 1024 --a------ C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
2006-12-12 22:33:31 0 --a------ C:\Documents and Settings\Administrator\Application Data\.googlewebacchosts<GOOGLE~1>
2006-12-09 16:23:42 1 --a------ C:\Documents and Settings\Administrator\Application Data\FileJoin.ini
2006-12-08 12:02:00 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"ioloDelayModule"="C:\\Program Files\\iolo\\System Mechanic Professional 6\\delay.exe"
"Trend Micro AntiVirus 2007"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Check For Dope Wars Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Check For Dope Wars Updates.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Dopewars\\WiseUpdt.exe /C"
"item"="Check For Dope Wars Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1159411013\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SCDEmuApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search and Recover Disk Image Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DiskImageService"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\Search and Recover\\DiskImageService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="trickler_bic_dopewars_3013"
"hkey"="HKLM"
"command"="\"c:\\program files\\gatinst\\trickler_bic_dopewars_3013.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdqgp.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-03-02 at 19:57:25 -------------------------
ck101 is offline  
Old 03-02-2007, 09:58 PM   #9
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


Hi,

Do another Blacklight scan.
For hidden entries found, choose for Blacklight to rename the following:

03/02/07 19:40:18 [Info]: Hidden file: c:\WINDOWS\system32\kdqgp.exe

The tool will ask if you want to reboot (restart) choose yes.

After you have rebooted run ComboScan again and post the ComboScan.txt here.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-03-2007, 11:55 AM   #10
Guest
 
Join Date: Feb 2007
Posts: 23
OS:


after running blacklight, it didn't find anything
here is the results from combo scan
________________
ComboScan v20070226.18 run by Administrator on 2007-03-03 at 14:53:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:54:01 PM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Administrator\Desktop\comboscan.exe
C:\DOCUME~1\ADMINI~1\Desktop\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG Electronics\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - https://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - https://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: bw+0 - {C81783E6-9541-48F9-BBE5-6AA749A62C03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- Files created between 2007-02-03 and 2007-03-03 ------------------------------

2007-03-02 18:57:33 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-01 23:11:16 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-01 23:09:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-03-01 23:04:53 0 d-------- C:\Program Files\Grisoft
2007-03-01 00:14:36 0 d-------- C:\info
2007-02-28 23:34:29 0 d-------- C:\fixwareout<FIXWAR~1>
2007-02-28 00:29:49 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup<AU_BAC~1>
2007-02-28 00:26:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro<TRENDM~1>
2007-02-28 00:25:45 32528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-02-27 23:53:39 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
2007-02-27 23:28:19 102800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-27 23:26:27 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6<HOUSEC~1.6>
2007-02-22 19:46:53 0 d-------- C:\Program Files\iPod
2007-02-22 19:46:50 0 d-------- C:\Program Files\iTunes
2007-02-22 19:45:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-22 19:44:10 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-21 22:36:07 0 d-------- C:\Program Files\Cell Phone Manager<CELLPH~1>
2007-02-21 22:29:02 0 d-------- C:\Program Files\PhoneExplorer<PHONEE~1>
2007-02-18 11:54:09 0 d-------- C:\133a0580da48a28b541b80c9<133A05~1>
2007-02-17 13:33:53 0 d-------- C:\Program Files\PowerQuest<POWERQ~1>
2007-02-16 22:09:06 0 d-------- C:\Program Files\TallStick<TALLST~1>
2007-02-16 22:03:50 0 d-------- C:\ringtoneexport<RINGTO~1>
2007-02-16 21:42:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\ConvertTemp<CONVER~1>
2007-02-16 21:42:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\TransRender<TRANSR~1>
2007-02-16 21:42:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Temporary<TEMPOR~1>
2007-02-16 21:38:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Samsung
2007-02-16 21:10:59 174592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-02-16 21:10:34 5840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-02-16 21:10:34 5840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-02-16 21:10:34 94000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-02-16 21:10:34 8336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-02-16 21:10:34 6176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-02-16 21:10:34 6176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-02-16 21:10:34 58320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-02-16 21:10:16 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers<SAMSUN~1>
2007-02-16 21:10:03 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-02-16 21:09:47 0 d-------- C:\Program Files\Samsung
2007-02-16 15:16:48 286720 -----n--- C:\WINDOWS\Setup1.exe
2007-02-16 15:16:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-14 14:52:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Snapfish


-- Find3M Report ----------------------------------------------------------------

2007-03-02 22:50:21 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-02 19:26:34 0 d-------- C:\Program Files\PowerISO
2007-03-02 19:26:22 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-02 19:24:29 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-03-02 19:18:42 0 d-------- C:\Program Files\Ares
2007-02-28 17:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2007-02-28 00:16:33 0 d-------- C:\Program Files\Common Files\Network Associates<NETWOR~1>
2007-02-28 00:16:31 0 d-------- C:\Program Files\Network Associates<NETWOR~1>
2007-02-18 12:12:00 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-02-18 11:55:52 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-02-16 22:05:05 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-16 21:34:09 0 d-------- C:\Program Files\Java
2007-02-16 17:30:10 0 d-------- C:\Program Files\Diablo II<DIABLO~1>
2007-02-15 14:53:26 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2007-02-14 16:19:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-14 16:18:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-14 16:13:08 0 d-------- C:\Program Files\Mafia
2007-02-14 10:35:46 0 d-------- C:\Program Files\Starcraft<STARCR~1>
2007-02-14 10:05:07 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft<MICROS~1>
2007-02-11 16:27:46 0 d-------- C:\Program Files\BitComet
2007-02-05 18:59:10 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-03 2054 0 d-------- C:\Program Files\CureROM
2007-02-02 14:55:48 0 d-------- C:\Program Files\WarRock
2007-02-01 16:25:32 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-02-01 15:09:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\FastStone<FASTST~1>
2007-02-01 15:08:57 0 d-------- C:\Program Files\Paint.NET
2007-01-30 17:40:43 0 d-------- C:\Program Files\AIM95
2007-01-29 18:07:59 61440 --a------ C:\WINDOWS\diabswun.exe
2007-01-29 18:07:59 86528 --a------ C:\WINDOWS\bnetunin.exe
2007-01-28 15:57:41 0 d-------- C:\Program Files\Radical Games<RADICA~1>
2007-01-27 16:10:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-01-27 16:10:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-01-27 16:10:48 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-01-27 15:56:20 0 d-------- C:\Program Files\Creative
2007-01-25 19:07:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2007-01-25 19:07:36 0 d-------- C:\Program Files\AOD
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 11:05:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games<MICROS~2>
2007-01-11 18:36:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\SSH
2007-01-11 18:32:17 0 d-------- C:\Program Files\SSH Communications Security<SSHCOM~1>
2007-01-10 19:20:10 284240 --a------ C:\WINDOWS\system32\TmLsp.dll
2007-01-09 19:54:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\LG Electronics<LGELEC~1>
2007-01-09 19:54:16 0 d-------- C:\Program Files\LG Electronics<LGELEC~1>
2007-01-04 17:05:55 0 d-------- C:\Program Files\GALA-NET
2007-01-04 17:05:54 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2006-12-30 00:35:35 2508 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2006-12-22 17:32:14 1024 --a------ C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
2006-12-12 22:33:31 0 --a------ C:\Documents and Settings\Administrator\Application Data\.googlewebacchosts<GOOGLE~1>
2006-12-09 16:23:42 1 --a------ C:\Documents and Settings\Administrator\Application Data\FileJoin.ini
2006-12-08 12:02:00 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"ioloDelayModule"="C:\\Program Files\\iolo\\System Mechanic Professional 6\\delay.exe"
"Trend Micro AntiVirus 2007"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Check For Dope Wars Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Check For Dope Wars Updates.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Dopewars\\WiseUpdt.exe /C"
"item"="Check For Dope Wars Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1159411013\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SCDEmuApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search and Recover Disk Image Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DiskImageService"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\Search and Recover\\DiskImageService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="trickler_bic_dopewars_3013"
"hkey"="HKLM"
"command"="\"c:\\program files\\gatinst\\trickler_bic_dopewars_3013.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdqgp.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-03-03 at 14:54:19 -------------------------
ck101 is offline  
Old 03-03-2007, 04:36 PM   #11
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


Hi,

It appears the main infection is gone, now we'll tidy up a bit and go after the remnants.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Upload this file c:\WINDOWS\diabswun.exe to https://virusscan.jotti.org and report back what it found.

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

If the site is too busy, upload it here https://www.virustotal.com/en/indexf.html

---------------------------------------------------------

Uninstall these outdated versions of Java as they are no longer needed. (Start->(Settings)->Control Panel->Add/Remove Programs)

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9


--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following orphaned entry:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Delete the following:

C:\WINDOWS\bnetunin.exe
C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup
C:\Program Files\Dopewars

--------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Try to run AVG A-S in Safe Mode. If it will not, then run it in Normal Mode using the settings I provided earlier, and post the results in your next reply.

--------------------------------------------------------------------

I'd like to use a different online scanner and see if it picks up anything else:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

----------------------------------------------------------

Please include the following in your next reply:

jottie results
AVG A-S results
Kaspersky results
How is your system behaving?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-04-2007, 05:48 PM   #12
Guest
 
Join Date: Feb 2007
Posts: 23
OS:


the comptuer seems to be good now. no more hidden window problems. THANX

results from jottie:
---
Service load: 0% 100%

File: diabswun.exe
Status: OK
MD5 15bda206bad89cb1cbe91f7c7c078d63
Packers detected: -

Scanner results
Scan taken on 04 Mar 2007 19:53:05 (GMT)
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
-----


result from avg
------
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:37:45 PM 3/4/2007

+ Scan result:



C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP111\A0033879.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP208\A0078507.exe -> Adware.DopeWars : Cleaned.
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP163\A0054918.exe -> Adware.Gator : Cleaned.
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP208\A0078510.exe -> Adware.Gator : Cleaned.
C:\WINDOWS\system32\kbdtdu2.dll -> Adware.VB : Cleaned.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkocpmpt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP210\A0081703.exe -> Trojan.DNSChanger.ik : Cleaned.


::Report end

-----------------------

result from kaspersky

--------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 04, 2007 8:47:03 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/03/2007
Kaspersky Anti-Virus database records: 275824
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 72693
Number of viruses found: 4
Number of infected objects: 8 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:17:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Azureus\ipfilter.cache Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\01 - The Firm - Intro Feat. The Firm - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\02 - The Firm - Firm Fiasco Feat. AZ _ Brown, Foxy _ Nas - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\03 - The Firm - Phone Tap Intro Feat. The Firm - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\04 - The Firm - Phone Tap Feat. AZ _ Dr. Dre _ Nas _ Nature - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\05 - The Firm - Executive Decision Feat. AZ _ Nas _ Nature - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\06 - The Firm - Firm Family Feat. Dr. Dre _ Nature - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\07 - The Firm - Firm All Stars Feat. Brown, Foxy _ Prettyboy - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\08 - The Firm - **** Somebody Else Intro Feat. The Firm - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\09 - The Firm - **** Somebody Else Feat. Brown, Foxy - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\10 - The Firm - Hardcore Feat. Brown, Foxy _ Nas - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\11 - The Firm - Untouchable Feat. Wizard - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\12 - The Firm - Five Minutes To Flush Intro Feat. The Firm - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\13 - The Firm - Five Minutes To Flush Feat. Nature - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\14 - The Firm - Desparados Intro Feat. The Firm - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\15 - The Firm - Desparados Feat. AZ _ Canibus _ Nature - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\16 - The Firm - Firm Biz Feat. AZ _ Dawn Robinson _ Foxy Brown _ Nas - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\17 - The Firm - I'm Leaving Feat. Nature _ Noriega - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\18 - The Firm - Throw Your Guns Feat. AZ _ Half-A-Mill - The Album.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\Sladinki007.net.url Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\Sladinki007_.txt Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\The Album\Sladinki007_rar.nfo Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A89C_1CF8_9C1C_C32C\dfsr.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A89C_1CF8_9C1C_C32C\fsr.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A89C_1CF8_9C1C_C32C\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A89C_1CF8_9C1C_C32C\tmp.edb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007030420070305\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\3940 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_488.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF184F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1863.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCBCA.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEF4.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF16.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\ALL FILES!!\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Documents and Settings\Administrator\My Documents\ALL FILES!!\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\Administrator\My Documents\ALL FILES!!\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-03-04.16-43-21.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\L0000004.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP111\A0033895.dll Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP111\A0033896.dll Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP111\A0033897.exe Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP111\A0033898.dll Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP111\A0033899.dll Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP208\A0078511.exe Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP208\A0080498.exe Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP209\A0080530.DLL Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP210\A0081693.exe Object is locked skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP214\A0082280.dll Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP214\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\1160782603.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\WINDOWS\system32\1160782603.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1160782603.exe/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1160782603.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{08105292-C37D-4914-92F1-0F47E0B3AA03}\RP214\change.log Object is locked skipped

Scan process completed.
ck101 is offline  
Old 03-04-2007, 07:35 PM   #13
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


Almost there.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

NSIS Media Extension

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folder if they still exist.

C:\WINDOWS\system32\ 1160782603.exe
C:\Program Files\Common Files\ NSIS


**If any of the above procedures resist uninstall or deletion, boot into Safe Mode and carry out the above instructions.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Post the ComboFix.txt in your next reply.

How is your system behaving now?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-05-2007, 07:30 PM   #14
Guest
 
Join Date: Feb 2007
Posts: 23
OS:


"Administrator" - 03-05-07 22:21:24 Service Pack 2
ComboFix 03-05-07.2_PreRelease - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-02-05 to 2007-03-05 ))))))))))))))))))))))))))))))))))


2007-03-04 22:29 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-03-04 16:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-03-01 23:11 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-01 23:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-03-01 00:14 <DIR> d-------- C:\info
2007-02-28 00:29 <DIR> d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-02-28 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trend Micro
2007-02-28 00:25 32,528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-02-27 23:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-02-27 23:28 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-27 23:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-02-22 19:46 <DIR> d-------- C:\Program Files\iTunes
2007-02-22 19:46 <DIR> d-------- C:\Program Files\iPod
2007-02-22 19:45 <DIR> d-------- C:\Program Files\QuickTime
2007-02-22 19:44 <DIR> d-------- C:\Program Files\Apple Software Update
2007-02-21 22:36 <DIR> d-------- C:\Program Files\Cell Phone Manager
2007-02-21 22:29 <DIR> d-------- C:\Program Files\PhoneExplorer
2007-02-18 11:54 <DIR> d-------- C:\133a0580da48a28b541b80c9
2007-02-17 13:33 <DIR> d-------- C:\Program Files\PowerQuest
2007-02-16 22:09 <DIR> d-------- C:\Program Files\TallStick
2007-02-16 22:03 <DIR> d-------- C:\ringtoneexport
2007-02-16 21:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\TransRender
2007-02-16 21:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Temporary
2007-02-16 21:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\ConvertTemp
2007-02-16 21:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Samsung
2007-02-16 21:10 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-02-16 21:10 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-02-16 21:10 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-02-16 21:10 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-02-16 21:10 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-02-16 21:10 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-02-16 21:10 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-02-16 21:10 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-02-16 21:10 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-02-16 21:10 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-02-16 21:09 <DIR> d-------- C:\Program Files\Samsung
2007-02-16 15:16 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-16 15:16 286,720 --------- C:\WINDOWS\Setup1.exe
2007-02-14 14:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Snapfish


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-05 20:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\azureus
2007-03-04 14:58 -------- d-------- C:\Program Files\java
2007-03-03 19:16 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\microsoft
2007-03-03 19:16 -------- d-------- C:\Program Files\microsoft activesync
2007-03-03 19:12 -------- d-------- C:\Program Files\ephpod
2007-03-02 19:26 -------- d-------- C:\Program Files\poweriso
2007-03-02 19:26 -------- d-------- C:\Program Files\msn messenger
2007-03-02 19:18 -------- d-------- C:\Program Files\ares
2007-02-28 00:16 -------- d-------- C:\Program Files\network associates
2007-02-28 00:16 -------- d-------- C:\Program Files\Common Files\network associates
2007-02-19 21:17 -------- d-------- C:\Documents and Settings\Administrator\Application Data\temporary
2007-02-18 12:12 -------- d-------- C:\Program Files\irfanview
2007-02-18 11:55 -------- d-------- C:\Program Files\windows media connect 2
2007-02-16 22:05 -------- d--h----- C:\Program Files\installshield installation information
2007-02-16 21:42 -------- d-------- C:\Documents and Settings\Administrator\Application Data\transrender
2007-02-16 21:42 -------- d-------- C:\Documents and Settings\Administrator\Application Data\converttemp
2007-02-16 21:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\samsung
2007-02-16 17:30 -------- d-------- C:\Program Files\diablo ii
2007-02-15 14:53 -------- d-------- C:\Program Files\world of warcraft
2007-02-14 16:19 -------- d-------- C:\Program Files\Common Files\adobe
2007-02-14 16:18 -------- d-------- C:\Documents and Settings\Administrator\Application Data\adobe
2007-02-14 16:13 -------- d-------- C:\Program Files\mafia
2007-02-14 14:52 -------- d-------- C:\Documents and Settings\Administrator\Application Data\snapfish
2007-02-14 10:35 -------- d-------- C:\Program Files\starcraft
2007-02-11 16:27 -------- d-------- C:\Program Files\bitcomet
2007-02-05 18:59 -------- d-------- C:\Program Files\viewpoint
2007-02-03 20:06 -------- d-------- C:\Program Files\curerom
2007-02-02 14:55 -------- d-------- C:\Program Files\warrock
2007-02-01 16:25 -------- d-------- C:\Program Files\Common Files\adobe systems shared
2007-02-01 15:09 -------- d-------- C:\Documents and Settings\Administrator\Application Data\faststone
2007-02-01 15:08 -------- d-------- C:\Program Files\paint.net
2007-01-30 17:40 -------- d-------- C:\Program Files\aim95
2007-01-29 18:07 61440 --a------ C:\WINDOWS\diabswun.exe
2007-01-28 15:57 -------- d-------- C:\Program Files\radical games
2007-01-27 16:10 21840 --a------ C:\WINDOWS\system32\sintfnt.dll
2007-01-27 16:10 17212 --a------ C:\WINDOWS\system32\sintf32.dll
2007-01-27 16:10 12067 --a------ C:\WINDOWS\system32\sintf16.dll
2007-01-27 15:56 -------- d-------- C:\Program Files\creative
2007-01-25 19:07 -------- d-------- C:\Program Files\aod
2007-01-25 19:07 -------- d-------- C:\Documents and Settings\Administrator\Application Data\aim
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 11:05 -------- d-------- C:\Documents and Settings\Administrator\Application Data\microsoft games
2007-01-11 18:36 -------- d-------- C:\Documents and Settings\Administrator\Application Data\ssh
2007-01-11 18:32 -------- d-------- C:\Program Files\ssh communications security
2007-01-10 19:20 284240 --a------ C:\WINDOWS\system32\tmlsp.dll
2007-01-09 19:54 -------- d-------- C:\Program Files\lg electronics
2007-01-09 19:54 -------- d-------- C:\Documents and Settings\Administrator\Application Data\lg electronics
2006-12-30 00:35 2508 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2006-12-22 17:32 1024 --a------ C:\Documents and Settings\Administrator\Application Data\wavcodec.wff
2006-12-12 22:33 0 --a------ C:\Documents and Settings\Administrator\Application Data\.googlewebacchosts
2006-12-09 16:23 1 --a------ C:\Documents and Settings\Administrator\Application Data\filejoin.ini
2006-12-08 12:02 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"ioloDelayModule"="C:\\Program Files\\iolo\\System Mechanic Professional 6\\delay.exe"
"Trend Micro AntiVirus 2007"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1159411013\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SCDEmuApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search and Recover Disk Image Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DiskImageService"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\Search and Recover\\DiskImageService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="trickler_bic_dopewars_3013"
"hkey"="HKLM"
"command"="\"c:\\program files\\gatinst\\trickler_bic_dopewars_3013.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdqgp.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

system running fine.
ck101 is offline  
Old 03-06-2007, 06:35 AM   #15
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


The wareout related entry is still there:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards

-------------------------------------------------------

Reboot your system and please run FixWareout again and post the resultant log here.

Run ComboFix.exe and post the ComboFix.txt here again as well.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-06-2007, 06:30 PM   #16
Guest
 
Join Date: Feb 2007
Posts: 23
OS:


combo fix results

----
"Administrator" - 07-03-06 21:26:43 Service Pack 2
ComboFix 07-03-05.2_PreRelease - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-02-06 to 2007-03-06 ))))))))))))))))))))))))))))))))))


2007-03-06 09:26 PM C:\<DIR> ComboFix
2007-03-05 10:23 PM C:\<DIR> qoobox
2007-03-04 10:29 PM C:\WINDOWS\127,034 bwUnin-8.1.1.50-8876480SL.exe
2007-03-04 04:55 PM C:\WINDOWS\system32\<DIR> Kaspersky Lab
2007-03-04 04:42 PM C:\1,073,270,784 hiberfil.sys
2007-03-02 06:58 PM C:\WINDOWS\system32\73,728 asuninst.exe
2007-03-01 12:14 AM C:\<DIR> info
2007-03-01 11:15 PM C:\Program Files\<DIR> CleanUp!
2007-03-01 11:11 PM C:\WINDOWS\system32\drivers\3,968 AvgAsCln.sys
2007-03-01 11:09 PM C:\DOCUME~1\ALLUSE~1\Application Data\<DIR> Avg7
2007-03-01 11:04 PM C:\Program Files\<DIR> Grisoft
2007-02-28 12:29 AM C:\WINDOWS\system32\drivers\<DIR> AU_Backup
2007-02-28 12:26 AM C:\DOCUME~1\ALLUSE~1\Application Data\<DIR> Trend Micro
2007-02-28 12:25 AM C:\WINDOWS\system32\drivers\32,528 tmpreflt.sys
2007-02-28 11:53 PM C:\<DIR> ComboScan
2007-02-28 11:34 PM C:\<DIR> fixwareout
2007-02-27 11:53 PM C:\Program Files\<DIR> Trend Micro
2007-02-27 11:28 PM C:\WINDOWS\system32\drivers\102,800 tmcomm.sys
2007-02-27 11:26 PM C:\DOCUME~1\ADMINI~1\<DIR> .housecall6.6
2007-02-22 07:46 PM C:\Program Files\<DIR> iTunes
2007-02-22 07:46 PM C:\Program Files\<DIR> iPod
2007-02-22 07:45 PM C:\Program Files\<DIR> QuickTime
2007-02-22 07:44 PM C:\Program Files\<DIR> Apple Software Update
2007-02-21 10:36 PM C:\Program Files\<DIR> Cell Phone Manager
2007-02-21 10:29 PM C:\Program Files\<DIR> PhoneExplorer
2007-02-18 11:56 AM C:\WINDOWS\system32\14,640 spmsg.dll
2007-02-18 11:54 AM C:\<DIR> 133a0580da48a28b541b80c9
2007-02-17 01:33 PM C:\Program Files\<DIR> PowerQuest
2007-02-16 10:09 PM C:\Program Files\<DIR> TallStick
2007-02-16 10:03 PM C:\<DIR> ringtoneexport
2007-02-16 09:42 PM C:\DOCUME~1\ADMINI~1\Application Data\<DIR> TransRender
2007-02-16 09:42 PM C:\DOCUME~1\ADMINI~1\Application Data\<DIR> Temporary
2007-02-16 09:42 PM C:\DOCUME~1\ADMINI~1\Application Data\<DIR> ConvertTemp
2007-02-16 09:38 PM C:\DOCUME~1\ADMINI~1\Application Data\<DIR> Samsung
2007-02-16 09:34 PM C:\WINDOWS\system32\53,346 javaw.exe
2007-02-16 09:34 PM C:\WINDOWS\system32\49,248 java.exe
2007-02-16 09:34 PM C:\WINDOWS\system32\127,078 javaws.exe
2007-02-16 09:10 PM C:\WINDOWS\system32\drivers\94,000 ssm_mdm.sys
2007-02-16 09:10 PM C:\WINDOWS\system32\drivers\8,336 ssm_mdfl.sys
2007-02-16 09:10 PM C:\WINDOWS\system32\drivers\6,176 ssm_cmnt.sys
2007-02-16 09:10 PM C:\WINDOWS\system32\drivers\6,176 ssm_cm.sys
2007-02-16 09:10 PM C:\WINDOWS\system32\drivers\58,320 ssm_bus.sys
2007-02-16 09:10 PM C:\WINDOWS\system32\drivers\5,840 ssm_whnt.sys
2007-02-16 09:10 PM C:\WINDOWS\system32\drivers\5,840 ssm_wh.sys
2007-02-16 09:10 PM C:\WINDOWS\system32\drivers\5,632 StarOpen.sys
2007-02-16 09:10 PM C:\WINDOWS\system32\174,592 framedyn.dll
2007-02-16 09:10 PM C:\WINDOWS\system32\<DIR> Samsung_USB_Drivers
2007-02-16 09:09 PM C:\Program Files\<DIR> Samsung
2007-02-16 03:16 PM C:\WINDOWS\73,216 ST6UNST.EXE
2007-02-16 03:16 PM C:\WINDOWS\286,720 Setup1.exe
2007-02-14 02:52 PM C:\DOCUME~1\ADMINI~1\Application Data\<DIR> Snapfish


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-24 05:45 PM 102800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"ioloDelayModule"="C:\\Program Files\\iolo\\System Mechanic Professional 6\\delay.exe"
"Trend Micro AntiVirus 2007"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1159411013\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SCDEmuApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search and Recover Disk Image Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DiskImageService"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\Search and Recover\\DiskImageService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="trickler_bic_dopewars_3013"
"hkey"="HKLM"
"command"="\"c:\\program files\\gatinst\\trickler_bic_dopewars_3013.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

-----
fixwareout results:
-----

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
https://www.virustotal.com/flash/index_en.html
Or https://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
ck101 is offline  
Old 03-07-2007, 07:39 AM   #17
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


Now I'm happy.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-07-2007, 05:02 PM   #18
Guest
 
Join Date: Feb 2007
Posts: 23
OS:


thanks alot
thanks for everything
ck101 is offline  
Old 03-07-2007, 07:33 PM   #19
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


You're welcome.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:04 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts