Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 36 Posts

·
Registered
Joined
·
18 Posts
Discussion Starter · #1 ·
Hello,
My fathers pc has a strange problem that displays a blue background over all of the desktop icons and start/task bar and has a message that sas "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer." As soon as the blue screen started Avg picked up the virus Downloader.Obfuskated and moved it to the virus vault. Also when you press Ctrl+alt+Del it say that task manager is disabled by the administrator. The OS is XP Home SP2. I tried to follow the 5 steps but it would not let me preform an online scan with Panda, SpywareBlaster Error says Setup is unable to create the directory Error 5:Access is denied and DSS had an Autolt Error: Line-1 Error in expression.

I did get HJT to work.... here is the log from that.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:50:03, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ioloDelayModule] "D:\Program Files\iolo\System Mechanic 6\delay.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Tim\LOCALS~1\Temp\{AEA118FD-518E-4129-88B1-9FE7FD958267}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [AVG7_CC] "D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphccugj0ena3] C:\WINDOWS\system32\lphccugj0ena3.exe
O4 - HKLM\..\Run: [SMshcaugj0ena3] C:\Program Files\shcaugj0ena3\shcaugj0ena3.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] "C:\Program Files\PCPitstop\Exterminate\Reminder.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140398050453
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140398937203
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-escape-ancient-japan/SpinTopGamesLauncher.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12076 bytes
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #3 · (Edited)
Hi and thank you for the reply. Here is the DSS scans.


Deckard's System Scanner v20071014.68
Run by Jack on 2008-06-09 18:44:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-06-09 23:44:52 UTC - RP1444 - Deckard's System Scanner Restore Point
19: 2008-06-06 20:58:57 UTC - RP1443 - Installed AVG 7.5
18: 2008-06-06 20:56:36 UTC - RP1442 - Removed AVG 7.5
17: 2008-06-06 13:41:06 UTC - RP1441 - Software Distribution Service 3.0
16: 2008-06-06 13:37:55 UTC - RP1440 - Deckard's System Scanner Restore Point


-- First Restore Point --
1: 2008-06-03 08:01:24 UTC - RP1425 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.48 GiB (less than 15%) free.


-- HijackThis (run as Jack.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:05, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\iTunesHelper.exe
C:\WINDOWS\system32\lphccugj0ena3.exe
C:\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Temp\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzrcv01.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\common files\microsoft shared\msinfo\msinfo32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\imapi.exe
C:\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Jack\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jack.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10B5E5C2-8901-4E3C-BF61-AC6E11039292} - C:\WINDOWS\SYSTEM32\wvULDVmM.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {C3638E2D-F89D-4DF8-A55B-C6606AD345B6} - C:\WINDOWS\system32\khfCstTK.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ioloDelayModule] "D:\Program Files\iolo\System Mechanic 6\delay.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Tim\LOCALS~1\Temp\{AEA118FD-518E-4129-88B1-9FE7FD958267}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphccugj0ena3] C:\WINDOWS\system32\lphccugj0ena3.exe
O4 - HKLM\..\Run: [SMshcaugj0ena3] C:\Program Files\shcaugj0ena3\shcaugj0ena3.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] "C:\Program Files\PCPitstop\Exterminate\Reminder.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140398050453
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140398937203
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-escape-ancient-japan/SpinTopGamesLauncher.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: wvULDVmM - wvULDVmM.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12524 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "D:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 qiV07 - c:\windows\system32\drivers\qiv07.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 WIBUKEY (WIBU-KEY Kernel Driver) - c:\windows\system32\drivers\wibukey.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System>

S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTKRNL (Bluetooth Bus Enumerator) - c:\windows\system32\drivers\btkrnl.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2400>
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GENERICDRV - c:\docume~1\tim\locals~1\temp\pft20.tmp\amifldrv.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys (file missing)
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 RivaTuner32 - d:\program files\rivatuner v2.0 final release\rivatuner32.sys
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 msupdate (Microsoft security update service) - c:\windows\system32\mssrv32.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1923C078004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1923C078004603
Service: NIC1394

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 18:40:42 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-04 18:00:00 406 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-29 11:39:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 18:40:04 2031832 --a------ C:\WINDOWS\system321lkdoiuekrewr.bin
2008-06-06 15:58:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-06 08:49:40 0 d-------- C:\Program Files\Trend Micro
2008-06-06 08:07:16 0 d-------- C:\Documents and Settings\Cheryl\Application Data\Macromedia
2008-06-05 21:52:20 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-05 21:51:00 0 d-------- C:\Program Files\Spyware Doctor
2008-06-05 21:51:00 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-05 21:19:57 0 d-------- C:\Documents and Settings\Jack\Application Data\AXPDefender
2008-06-05 21:18:14 12792 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-06-05 20:41:35 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-05 20:31:50 3916 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-05 20:20:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-06-05 20:14:00 0 d-------- C:\SmitfraudFix <SMITFR~1>
2008-06-05 19:41:54 1392671 --a------ C:\SmitfraudFix.exe
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-05 19:38:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-05 19:38:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-05 19:38:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-05 19:38:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-05 19:38:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-05 19:38:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-05 19:38:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-05 19:38:55 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-05 19:38:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-05 19:38:55 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-05 19:38:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-05 19:38:55 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-05 19:38:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-05 19:38:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-05 19:38:54 1019904 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-05 01:18:26 8 --a------ C:\WINDOWS\system32\44abf3f6
2008-06-04 21:04:52 0 d-------- C:\Documents and Settings\Jack\Application Data\Webroot
2008-06-04 20:12:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-04 20:06:53 0 d-------- C:\Documents and Settings\Tim\Application Data\Webroot
2008-06-04 18:53:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-04 18:52:52 0 d-------- C:\Webroot
2008-06-04 18:52:52 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot
2008-06-04 18:52:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-04 17:55:02 0 d-------- C:\New Folder (2)
2008-06-04 17:54:46 0 d-------- C:\New Folder
2008-06-04 16:15:29 164 --a------ C:\install.dat
2008-06-04 10:24:33 370959 --ahs---- C:\WINDOWS\system32\KTtsCfhk.ini2
2008-06-04 10:24:29 324352 --a------ C:\WINDOWS\system32\khfCstTK.dll
2008-06-04 10:07:07 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-04 10:07:07 30080 --a------ C:\WINDOWS\system32\drivers\qiV07.sys
2008-06-04 10:06:48 81920 --a------ C:\WINDOWS\xbqmfsed.exe
2008-06-04 10:06:47 163840 --a------ C:\WINDOWS\ersn.exe
2008-06-04 10:06:45 52736 --a------ C:\WINDOWS\system32\blphccugj0ena3.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-04 10:06:27 92160 --a------ C:\WINDOWS\system32\lphccugj0ena3.exe
2008-05-25 10:48:35 0 d-------- C:\Documents and Settings\Jack\Application Data\Big Fish Games
2008-05-24 12:49:40 0 d-------- C:\Documents and Settings\Tim\Application Data\Big Fish Games
2008-05-18 03:32:10 0 d-------- C:\WINDOWS\system32\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-05 21:52:20 0 d-------- C:\Program Files\Common Files
2008-06-05 21:19:04 0 d-------- C:\Program Files\Norton Security Scan
2008-06-05 20:41:34 0 d-------- C:\Program Files\PCPitstop
2008-06-05 20:40:53 0 d-------- C:\Documents and Settings\Jack\Application Data\Adobe
2008-06-04 20:59:02 0 d-------- C:\Program Files\Security Task Manager
2008-05-03 12:51:12 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-02 16:44:47 0 d-------- C:\Program Files\GameSpy Arcade


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10B5E5C2-8901-4E3C-BF61-AC6E11039292}]
C:\WINDOWS\SYSTEM32\wvULDVmM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3638E2D-F89D-4DF8-A55B-C6606AD345B6}]
06/04/2008 10:24 324352 --a------ C:\WINDOWS\system32\khfCstTK.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [08/20/2002 13:29]
"HostManager"="C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe" [05/09/2006 19:24]
"BluetoothAuthenticationAgent"="rundll32.exe" [08/04/2004 02:56 C:\WINDOWS\system32\rundll32.exe]
"ioloDelayModule"="D:\Program Files\iolo\System Mechanic 6\delay.exe" [06/08/2005 14:31]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 19:20]
"Zone Labs Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/24/2006 00:38]
"ISUSPM"="C:\Program Files\ISUSPM.exe" []
"LanzarL2007"="C:\DOCUME~1\Tim\LOCALS~1\Temp\{AEA118FD-518E-4129-88B1-9FE7FD958267}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 00:08]
"iTunesHelper"="D:\iTunesHelper.exe" [02/19/2008 13:10]
"QuickTime Task"="D:\Program Files\Quicktime\qttask.exe" [01/31/2008 23:13]
"lphccugj0ena3"="C:\WINDOWS\system32\lphccugj0ena3.exe" [06/04/2008 10:06]
"SMshcaugj0ena3"="C:\Program Files\shcaugj0ena3\shcaugj0ena3.exe" []
"PCPitstop Registration Reminder"="C:\Program Files\PCPitstop\Exterminate\Reminder.exe" [05/24/2007 12:21]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 15:14]
"SpySweeper"="C:\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 20:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 13:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{10B5E5C2-8901-4E3C-BF61-AC6E11039292}"= C:\WINDOWS\SYSTEM32\wvULDVmM.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/09/2008 18:37 15360 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvULDVmM]
wvULDVmM.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfCstTK

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qiV07.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\Jack\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VAIOMediaPlatform-VideoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-MusicServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-AppServer"=3 (0x3)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb



-- End of Deckard's System Scanner: finished at 2008-06-09 18:50:37 ------------


Edit to add extra.txt.
 

Attachments

·
TSF-Emeritus
Joined
·
15,384 Posts
Hi,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
a fresh HijackThis log
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #5 ·
Ok when setting up the recovery console it never said that the recovery console was installed properly. I downloaded the windowsxp file from microsoft and drag n dropped it on combofix.exe and a message popped up saying "Roughly 1/100 machines failed to make it through the disinfection process!! are you sure you want to do this?" Do i select Yes or did i mess up somewhere?
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #7 ·
Alright....here are the new logs.

ComboFix 08-06-09.7 - Jack 2008-06-09 19:59:59.1 - NTFSx86
Running from: C:\Documents and Settings\Jack\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jack\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jack\Application Data\AXPDefender
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\ersn.exe
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000028_.tmp.dll
C:\WINDOWS\system32\_000029_.tmp.dll
C:\WINDOWS\system32\_000030_.tmp.dll
C:\WINDOWS\system32\_000031_.tmp.dll
C:\WINDOWS\system32\_000033_.tmp.dll
C:\WINDOWS\system32\_000034_.tmp.dll
C:\WINDOWS\system32\_000035_.tmp.dll
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\drivers\qiV07.sys
C:\WINDOWS\system32\khfCstTK.dll
C:\WINDOWS\system32\KTtsCfhk.ini
C:\WINDOWS\system32\KTtsCfhk.ini2
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\xbqmfsed.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Legacy_QIV07
-------\Service_msupdate
-------\Service_NPF
-------\Service_qiV07


((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 20:11 . 0 C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-06-09 18:40 . 2008-06-09 18:40 2,031,832 --a------ C:\WINDOWS\system321lkdoiuekrewr.bin
2008-06-06 15:58 . 2008-06-06 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-06 08:49 . 2008-06-06 08:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 21:52 . 2008-06-05 21:53 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-05 21:52 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-05 21:52 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-05 21:52 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-05 21:52 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-05 21:52 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-05 21:51 . 2008-06-06 04:34 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-05 21:51 . 2008-06-05 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-05 20:41 . 2008-06-05 20:41 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-06-05 20:31 . 2008-06-05 20:31 3,916 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-05 20:20 . 2008-06-05 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-06-05 19:38 . 2003-12-02 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-05 19:38 . 2008-06-06 15:57 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 01:18 . 2008-06-05 01:18 8 --a------ C:\WINDOWS\system32\44abf3f6
2008-06-04 21:04 . 2008-06-04 21:04 <DIR> d-------- C:\Documents and Settings\Jack\Application Data\Webroot
2008-06-04 20:12 . 2008-06-04 20:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-04 20:06 . 2008-06-04 20:06 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\Webroot
2008-06-04 18:53 . 2008-06-04 18:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-04 18:53 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-04 18:53 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-04 18:53 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-04 18:53 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-04 18:52 . 2008-06-04 18:52 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Webroot
2008-06-04 18:52 . 2008-06-04 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-04 18:52 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-04 10:06 . 2008-06-04 10:06 92,160 --a------ C:\WINDOWS\system32\lphccugj0ena3.exe
2008-06-04 10:06 . 2008-06-09 20:09 90,838 --a------ C:\WINDOWS\system32\phccugj0ena3.bmp
2008-06-04 10:06 . 2008-06-09 20:10 52,736 --a------ C:\WINDOWS\system32\blphccugj0ena3.scr
2008-05-25 10:48 . 2008-05-25 10:48 <DIR> d-------- C:\Documents and Settings\Jack\Application Data\Big Fish Games
2008-05-24 12:49 . 2008-05-24 12:49 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\Big Fish Games
2008-05-18 03:32 . 2008-05-18 03:32 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 01:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 13:19 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-06-06 02:19 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-06 01:41 --------- d-----w C:\Program Files\PCPitstop
2008-06-06 00:36 1,392,671 ----a-w C:\SmitfraudFix.exe
2008-06-05 01:59 --------- d-----w C:\Program Files\Security Task Manager
2008-06-05 01:25 29,287 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_04_20_06_57_small.dmp.zip
2008-06-04 23:56 2,944,000 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-06-04 23:49 164 ----a-w C:\install.dat
2008-06-04 21:46 28,136 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_04_16_10_21_small.dmp.zip
2008-06-04 08:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 08:16 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-31 02:20 --------- d-----w C:\Documents and Settings\Tim\Application Data\LimeWire
2008-05-11 22:58 --------- d-----w C:\Documents and Settings\Jason\Application Data\Apple Computer
2008-05-02 21:44 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 23:06 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-02-05 22:20 22,328 ----a-w C:\Documents and Settings\Tim\Application Data\PnkBstrK.sys
2007-02-24 23:02 25,600 ----a-w C:\Documents and Settings\Tim\usbsermptxp.sys
2007-02-24 23:02 22,768 ----a-w C:\Documents and Settings\Tim\usbsermpt.sys
2006-05-08 21:09 24,192 ----a-w C:\Documents and Settings\Jason\usbsermptxp.sys
2006-05-08 21:09 22,768 ----a-w C:\Documents and Settings\Jason\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 13:29 40960]
"HostManager"="C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]
"ioloDelayModule"="D:\Program Files\iolo\System Mechanic 6\delay.exe" [2005-06-08 14:31 96256]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"Zone Labs Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38 968696]
"ISUSPM"="C:\Program Files\ISUSPM.exe" [ ]
"LanzarL2007"="C:\DOCUME~1\Tim\LOCALS~1\Temp\{AEA118FD-518E-4129-88B1-9FE7FD958267}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" [ ]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"iTunesHelper"="D:\iTunesHelper.exe" [2008-02-19 13:10 267048]
"QuickTime Task"="D:\Program Files\Quicktime\qttask.exe" [2008-01-31 23:13 385024]
"lphccugj0ena3"="C:\WINDOWS\system32\lphccugj0ena3.exe" [2008-06-04 10:06 92160]
"SMshcaugj0ena3"="C:\Program Files\shcaugj0ena3\shcaugj0ena3.exe" [ ]
"PCPitstop Registration Reminder"="C:\Program Files\PCPitstop\Exterminate\Reminder.exe" [2007-05-24 12:21 991232]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"SpySweeper"="C:\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvULDVmM]
wvULDVmM.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\Jack\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VAIOMediaPlatform-VideoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-MusicServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-AppServer"=3 (0x3)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Yahoo\\Messenger\\YPager.exe"=
"D:\\Program Files\\Yahoo\\Messenger\\YServer.exe"=
"D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1143855146\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1143855146\\ee\\aim6.exe"=
"D:\\Program Files\\Itunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27491:TCP"= 27491:TCP:BitComet 27491 TCP
"27491:UDP"= 27491:UDP:BitComet 27491 UDP
"59565:TCP"= 59565:TCP:BitComet 59565 TCP
"59565:UDP"= 59565:UDP:BitComet 59565 UDP
"59659:TCP"= 59659:TCP:BitComet 59659 TCP
"59659:UDP"= 59659:UDP:BitComet 59659 UDP
"56659:TCP"= 56659:TCP:BitComet 56659 TCP
"56659:UDP"= 56659:UDP:BitComet 56659 UDP


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 16:39:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 01:13:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 20:10:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-06-09 20:20:04 - machine was rebooted [Jack]
ComboFix-quarantined-files.txt 2008-06-10 01:19:54

Pre-Run: 430,034,944 bytes free
Post-Run: 299,761,664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

227 --- E O F --- 2008-06-09 23:49:48



Deckard's System Scanner v20071014.68
Run by Jack on 2008-06-09 20:22:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.31 GiB (less than 15%) free.


-- HijackThis (run as Jack.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:30, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
D:\iTunesHelper.exe
C:\WINDOWS\system32\lphccugj0ena3.exe
C:\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jack\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jack.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ioloDelayModule] "D:\Program Files\iolo\System Mechanic 6\delay.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Tim\LOCALS~1\Temp\{AEA118FD-518E-4129-88B1-9FE7FD958267}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphccugj0ena3] C:\WINDOWS\system32\lphccugj0ena3.exe
O4 - HKLM\..\Run: [SMshcaugj0ena3] C:\Program Files\shcaugj0ena3\shcaugj0ena3.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] "C:\Program Files\PCPitstop\Exterminate\Reminder.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140398050453
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140398937203
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-escape-ancient-japan/SpinTopGamesLauncher.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: wvULDVmM - wvULDVmM.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11553 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 19:59:42 0 d-------- C:\cmdcons
2008-06-09 19:45:26 68096 --a------ C:\WINDOWS\zip.exe
2008-06-09 19:45:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-09 19:45:26 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 19:45:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-09 19:45:26 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-09 19:45:26 98816 --a------ C:\WINDOWS\sed.exe
2008-06-09 19:45:26 80412 --a------ C:\WINDOWS\grep.exe
2008-06-09 19:45:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-09 18:40:04 2031832 --a------ C:\WINDOWS\system321lkdoiuekrewr.bin
2008-06-06 15:58:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-06 08:49:40 0 d-------- C:\Program Files\Trend Micro
2008-06-06 08:07:16 0 d-------- C:\Documents and Settings\Cheryl\Application Data\Macromedia
2008-06-05 21:52:20 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-05 21:51:00 0 d-------- C:\Program Files\Spyware Doctor
2008-06-05 21:51:00 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-05 20:41:35 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-05 20:31:50 3916 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-05 20:20:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-06-05 20:14:00 0 d-------- C:\SmitfraudFix <SMITFR~1>
2008-06-05 19:41:54 1392671 --a------ C:\SmitfraudFix.exe
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-05 19:38:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-05 19:38:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-05 19:38:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-05 19:38:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-05 19:38:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-05 19:38:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-05 19:38:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-05 19:38:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-05 19:38:55 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-05 19:38:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-05 19:38:55 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-05 19:38:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-05 19:38:55 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-05 19:38:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-05 19:38:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-05 19:38:54 1019904 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-05 01:18:26 8 --a------ C:\WINDOWS\system32\44abf3f6
2008-06-04 21:04:52 0 d-------- C:\Documents and Settings\Jack\Application Data\Webroot
2008-06-04 20:12:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-04 20:06:53 0 d-------- C:\Documents and Settings\Tim\Application Data\Webroot
2008-06-04 18:53:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-04 18:52:52 0 d-------- C:\Webroot
2008-06-04 18:52:52 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot
2008-06-04 18:52:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-04 17:55:02 0 d-------- C:\New Folder (2)
2008-06-04 17:54:46 0 d-------- C:\New Folder
2008-06-04 16:15:29 164 --a------ C:\install.dat
2008-06-04 10:06:45 52736 --a------ C:\WINDOWS\system32\blphccugj0ena3.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-04 10:06:27 92160 --a------ C:\WINDOWS\system32\lphccugj0ena3.exe
2008-05-25 10:48:35 0 d-------- C:\Documents and Settings\Jack\Application Data\Big Fish Games
2008-05-24 12:49:40 0 d-------- C:\Documents and Settings\Tim\Application Data\Big Fish Games
2008-05-18 03:32:10 0 d-------- C:\WINDOWS\system32\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-05 21:52:20 0 d-------- C:\Program Files\Common Files
2008-06-05 21:19:04 0 d-------- C:\Program Files\Norton Security Scan
2008-06-05 20:41:34 0 d-------- C:\Program Files\PCPitstop
2008-06-05 20:40:53 0 d-------- C:\Documents and Settings\Jack\Application Data\Adobe
2008-06-04 20:59:02 0 d-------- C:\Program Files\Security Task Manager
2008-05-03 12:51:12 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-02 16:44:47 0 d-------- C:\Program Files\GameSpy Arcade


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [08/20/2002 13:29]
"HostManager"="C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe" [05/09/2006 19:24]
"BluetoothAuthenticationAgent"="rundll32.exe" [08/04/2004 02:56 C:\WINDOWS\system32\rundll32.exe]
"ioloDelayModule"="D:\Program Files\iolo\System Mechanic 6\delay.exe" [06/08/2005 14:31]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59]
"Zone Labs Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/24/2006 00:38]
"ISUSPM"="C:\Program Files\ISUSPM.exe" []
"LanzarL2007"="C:\DOCUME~1\Tim\LOCALS~1\Temp\{AEA118FD-518E-4129-88B1-9FE7FD958267}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 00:08]
"iTunesHelper"="D:\iTunesHelper.exe" [02/19/2008 13:10]
"QuickTime Task"="D:\Program Files\Quicktime\qttask.exe" [01/31/2008 23:13]
"lphccugj0ena3"="C:\WINDOWS\system32\lphccugj0ena3.exe" [06/04/2008 10:06]
"SMshcaugj0ena3"="C:\Program Files\shcaugj0ena3\shcaugj0ena3.exe" []
"PCPitstop Registration Reminder"="C:\Program Files\PCPitstop\Exterminate\Reminder.exe" [05/24/2007 12:21]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 15:14]
"SpySweeper"="C:\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 20:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 13:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvULDVmM]
wvULDVmM.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\Jack\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VAIOMediaPlatform-VideoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-MusicServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-AppServer"=3 (0x3)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb



-- End of Deckard's System Scanner: finished at 2008-06-09 20:23:57 ------------
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Hi,

System Drive C: has 0.31 GiB (less than 15%) free.
Your hard drive is full. You can free up some space by uninstalling some of the programs that you no longer need or use, and/or transferring your image and music files to other media.

I see that you are using LimeWire , which is a p2p file sharing program. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove it from your system via Add/Remove Programs in Control Panel.

=============================

Please disable Windows Defender, Spyware Doctor and Spy Sweeper during the next fix. Once your log is clean you can re-enable them.

To disable SpySweeper:
Open Spysweeper and click on Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notification".

To disable Spyware Doctor:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor

To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Use Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender

=====================================

Scan with HijackThis and put a checkmark against the following entries:

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Tim\LOCALS~1\Temp\{AEA118FD-518E-4129-88B1-9FE7FD958267}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [lphccugj0ena3] C:\WINDOWS\system32\lphccugj0ena3.exe
O4 - HKLM\..\Run: [SMshcaugj0ena3] C:\Program Files\shcaugj0ena3\shcaugj0ena3.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] "C:\Program Files\PCPitstop\Exterminate\Reminder.exe"
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzrcv01.exe
O20 - Winlogon Notify: wvULDVmM - wvULDVmM.dll (file missing)


The following activeX controls( Downloaded Program Files)will reinstall when(and if) you revisit that website,
UNLESS you know they are from a safe source, check to remove.

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140398937203
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/l...jolauncher.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/fr...esLauncher.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/...l/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iw...amesplayer.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab


Close all browsers and windows other than HijackThis and click on "fix checked".

======================================

  • Open notepad (Start>All programs>accessories>notepad )
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
(It must be notepad, not wordpad, or it won't work):

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/256874-blue-screen-says-warning-spyware-detected-your-computer.html

File::
C:\SmitfraudFix.exe
C:\install.dat

Folder::
C:\Program Files\shcaugj0ena3

Collect::
C:\WINDOWS\system32\drivers\mchInjDrv.sys
C:\WINDOWS\system321lkdoiuekrewr.bin
C:\WINDOWS\system32\44abf3f6
C:\WINDOWS\system32\lphccugj0ena3.exe
C:\WINDOWS\system32\phccugj0ena3.bmp
C:\WINDOWS\system32\blphccugj0ena3.scr
Save this as CFScript.txt



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
6. ComboFix may need to reboot to finish its work. Let it.

If CF-Submit.htm is detected, ComboFix will generate this message box:



Clicking OK will cause the machine's browser to load CF-Submit.htm



Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"

================================================

  • Click Start > Run type "%userprofile%\desktop\dss.exe" /config click OK
  • This will bring up a pop up box.
    • Uncheck Main log.
    • Check Extra log
      • check the 5 boxes beneath it.
  • Hit the Scan button.
  • When the scan finishes the Extra.txt file will be minimised in Taskbar at the bottom of your screen.
  • Post it back here please.

================================================

Post the following reports/logs into your next reply:
  • C:\Combofix.txt
  • Extra.txt
  • A new HijackThis log (run after ComboFix has finished its work.)
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #10 ·
Ok...here are the new logs.

ComboFix 08-06-09.7 - Jack 2008-06-09 22:22:24.2 - NTFSx86
Running from: C:\Documents and Settings\Jack\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jack\Desktop\CFScript.txt

FILE ::
C:\install.dat
C:\SmitfraudFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.dat
C:\WINDOWS\system32\44abf3f6
C:\WINDOWS\system32\phccugj0ena3.bmp
C:\WINDOWS\system321lkdoiuekrewr.bin

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 21:48 . 2008-06-09 21:48 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\Webroot
2008-06-09 21:46 . 2008-06-09 21:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-09 21:46 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-09 21:46 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-09 21:46 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-09 21:46 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-09 21:45 . 2008-06-09 21:45 <DIR> d-------- C:\Documents and Settings\Jack\Application Data\Webroot
2008-06-09 21:45 . 2008-06-09 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-09 21:45 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-06 15:58 . 2008-06-06 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-06 08:49 . 2008-06-06 08:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-06 08:33 . 2008-06-06 08:33 <DIR> d-------- C:\Deckard
2008-06-05 21:52 . 2008-06-09 21:19 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-05 21:52 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-05 20:31 . 2008-06-05 20:31 3,916 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-05 19:38 . 2003-12-02 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-05 19:38 . 2008-06-06 15:57 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-04 17:55 . 2008-06-04 17:55 <DIR> d-------- C:\New Folder (2)
2008-06-04 17:54 . 2008-06-04 17:54 <DIR> d-------- C:\New Folder
2008-05-25 10:48 . 2008-05-25 10:48 <DIR> d-------- C:\Documents and Settings\Jack\Application Data\Big Fish Games
2008-05-24 12:49 . 2008-05-24 12:49 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\Big Fish Games
2008-05-18 03:32 . 2008-05-18 03:32 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-10 02:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 02:17 --------- d-----w C:\Program Files\PCPitstop
2008-06-06 02:19 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-05 01:25 29,287 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_04_20_06_57_small.dmp.zip
2008-06-04 23:56 2,944,000 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-06-04 21:46 28,136 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_04_16_10_21_small.dmp.zip
2008-06-04 08:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 08:16 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-31 02:20 --------- d-----w C:\Documents and Settings\Tim\Application Data\LimeWire
2008-05-11 22:58 --------- d-----w C:\Documents and Settings\Jason\Application Data\Apple Computer
2008-05-02 21:44 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 23:06 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-02-05 22:20 22,328 ----a-w C:\Documents and Settings\Tim\Application Data\PnkBstrK.sys
2007-02-24 23:02 25,600 ----a-w C:\Documents and Settings\Tim\usbsermptxp.sys
2007-02-24 23:02 22,768 ----a-w C:\Documents and Settings\Tim\usbsermpt.sys
2006-05-08 21:09 24,192 ----a-w C:\Documents and Settings\Jason\usbsermptxp.sys
2006-05-08 21:09 22,768 ----a-w C:\Documents and Settings\Jason\usbsermpt.sys
.

((((((((((((((((((((((((((((( [email protected]_20.18.38.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 01:09:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 02:57:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-09 08:12:37 175,464 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-10 02:57:22 177,056 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 13:29 40960]
"HostManager"="C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]
"ioloDelayModule"="D:\Program Files\iolo\System Mechanic 6\delay.exe" [2005-06-08 14:31 96256]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"Zone Labs Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38 968696]
"ISUSPM"="C:\Program Files\ISUSPM.exe" [ ]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"iTunesHelper"="D:\iTunesHelper.exe" [2008-02-19 13:10 267048]
"QuickTime Task"="D:\Program Files\Quicktime\qttask.exe" [2008-01-31 23:13 385024]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\Jack\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VAIOMediaPlatform-VideoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-MusicServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-AppServer"=3 (0x3)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Yahoo\\Messenger\\YPager.exe"=
"D:\\Program Files\\Yahoo\\Messenger\\YServer.exe"=
"D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1143855146\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1143855146\\ee\\aim6.exe"=
"D:\\Program Files\\Itunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27491:TCP"= 27491:TCP:BitComet 27491 TCP
"27491:UDP"= 27491:UDP:BitComet 27491 UDP
"59565:TCP"= 59565:TCP:BitComet 59565 TCP
"59565:UDP"= 59565:UDP:BitComet 59565 UDP
"59659:TCP"= 59659:TCP:BitComet 59659 TCP
"59659:UDP"= 59659:UDP:BitComet 59659 UDP
"56659:TCP"= 56659:TCP:BitComet 56659 TCP
"56659:UDP"= 56659:UDP:BitComet 56659 UDP

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 16:39:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 03:00:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 22:24:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-09 22:26:25
ComboFix-quarantined-files.txt 2008-06-10 03:26:20
ComboFix2.txt 2008-06-10 01:20:12

Pre-Run: 2,212,761,600 bytes free
Post-Run: 2,222,272,512 bytes free

164 --- E O F --- 2008-06-09 23:49:48



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:28, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe
D:\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1143855146\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ioloDelayModule] "D:\Program Files\iolo\System Mechanic 6\delay.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\Quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140398050453
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6541 bytes



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1023.36 MiB / 610.57 MiB
Pagefile Memory (total/avail): 2462.16 MiB / 2090.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1986.56 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 25.75 GiB total, 2.09 GiB free.
D: is Fixed (NTFS) - 117.3 GiB total, 50.45 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 6.01 GiB
\PARTITION1 (bootable) - Installable File System - 25.75 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 117.3 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.) Disabled
AV: Spy Sweeper with AntiVirus v5.5.7.124 (Webroot Software Inc) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"D:\\Program Files\\Xfire\\Xfire.exe"="D:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\Yahoo\\Messenger\\YPager.exe"="D:\\Program Files\\Yahoo\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1143855146\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1143855146\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1143855146\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1143855146\\ee\\aim6.exe:*:Enabled:AIM"
"D:\\Program Files\\Itunes\\iTunes.exe"="D:\\Program Files\\Itunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jack\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VALUED-B4B48255
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jack
LOGONSERVER=\\VALUED-B4B48255
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRAM FILES\INTEL\DMIX;C:\PROGRAM FILES\COMMON FILES\ADOBE\AGL;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC;D:\Program Files\Quicktime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jack\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jack\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=VALUED-B4B48255
USERNAME=Jack
USERPROFILE=C:\Documents and Settings\Jack
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tim (admin)
Jack (admin)
Cheryl (admin)
Jason (admin)
chris (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> D:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "D:\Program Files\7-Zip\Uninstall.exe"
Abacast Client --> C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
AC3Filter (remove only) --> D:\Program Files\DivX\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
Audacity 1.2.4 --> "D:\Program Files\Audacity\unins000.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BrainBooster (remove only) --> C:\Program Files\BrainBooster\uninstall.exe
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Click to DVD 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
DivX Converter --> D:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.6 --> D:\Program Files\Download Manager\uninst.exe
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Excel 2000 Session 2 --> C:\WINDOWS\lkunins2.exe -uSplash.ini
Family Tree Maker 6.0 --> C:\WINDOWS\IsUninst.exe -fD:\FTW\Uninst.isu
Futuremark Measurement Services Client --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Griffin iFill --> "C:\Program Files\iFill\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Connections --> MsiExec.exe /I{205C26CB-6D52-458C-A87F-1EE77F9625C6}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iolo technologies' System Mechanic 6 --> "D:\Program Files\iolo\System Mechanic 6\unins000.exe"
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire PRO 4.12.3 --> "D:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Motorola PST --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}\Setup.exe" -l0x9 anything
Movie DVD Maker 1.7.2 --> "C:\Program Files\Movie DVD Maker\unins000.exe"
MProtector --> "C:\Program Files\shcaugj0ena3\uninstall.exe"
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
Need for Speed™ Carbon --> D:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
OfficeFX --> MsiExec.exe /I{B0DF3B29-A391-47BE-B6E0-A128459E9C72}
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
OpenMG Secure Module 3.3.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}\Setup.exe" -l0x9 UNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pdf995 (installed by TaxCut) --> C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut) --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\setup.exe"
PowerISO --> "D:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services --> C:\WINDOWS\system32\pbsvc[1].exe -u
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Rainy Screensaver 2.2.10 --> D:\Program Files\Rainy Screensaver\Uninstall.exe C:\WINDOWS\system32\RainySs.scr /uninstall
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RivaTuner v2.0 Final Release --> "D:\Program Files\RivaTuner v2.0 Final Release\uninstall.exe"
Roll --> C:\WINDOWS\UniFish3.exe D:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Snap 'n Burn --> "C:\Program Files\Snap Burn\Uninstall.exe" "C:\Program Files\Snap Burn\install.log"
Sonic & Knuckles Collection Documentation --> C:\WINDOWS\IsUninst.exe -fg:\Uninst.isu
SonicStage 1.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Download Taxi 1.4.0.0 --> "D:\Program Files\Sony\Download Taxi\unins000.exe"
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spy Sweeper --> "D:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TaxCut Deluxe 2005 --> D:\PROGRA~1\TaxCut05\Program\removetc.exe
TaxCut Premium + State 2007 --> MsiExec.exe /X{663E217E-FC26-4249-9E8E-F190CD63E737}
TaxCut Premium 2006 --> D:\PROGRA~1\TaxCut06\Program\removetc.exe
TeamSpeak 2 RC2 --> D:\Teamspeak2_RC2\unins000.exe
Tune Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEB3F8BD-5709-460A-9162-80B3247D62DE}\Setup.exe" -l0x9 -removeonly
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9
VAIO Media Redistribution 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}\setup.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtual Earth 3D (Beta) --> MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989}
Wal-Mart Digital Photo Manager --> MsiExec.exe /X{5ABB5D02-BBAA-41D4-BDED-A52DB89A2D2F}
Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
WIBU-KEY Setup (WIBU-KEY Remove) --> C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Xfire (remove only) --> "D:\Program Files\Xfire\uninst.exe"
Yahoo! Messenger --> D:\PROGRA~1\Yahoo\MESSEN~1\UNWISE.EXE D:\PROGRA~1\Yahoo\MESSEN~1\INSTALL.LOG
ZoneAlarm --> D:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type14654 / Error
Event Submitted/Written: 06/09/2008 10:11:26 PM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%VALUED-B4B4825527 Real-Time Protection checkpoint has encountered an error and failed to start.

User: VALUED-B4B48255\Jack

Checkpoint ID: 23

Error Code: 0x80070005

Error description: Access is denied.

Event Record #/Type14653 / Warning
Event Submitted/Written: 06/09/2008 09:58:48 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type14652 / Warning
Event Submitted/Written: 06/09/2008 09:58:47 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type14647 / Warning
Event Submitted/Written: 06/09/2008 09:56:13 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type14646 / Warning
Event Submitted/Written: 06/09/2008 09:50:39 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type73559 / Error
Event Submitted/Written: 06/09/2008 09:58:36 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC Tools Security Service service failed to start due to the following error:
%%2

Event Record #/Type73558 / Error
Event Submitted/Written: 06/09/2008 09:58:36 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC Tools Auxiliary Service service failed to start due to the following error:
%%2

Event Record #/Type73531 / Error
Event Submitted/Written: 06/09/2008 09:49:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC Tools Security Service service failed to start due to the following error:
%%2

Event Record #/Type73530 / Error
Event Submitted/Written: 06/09/2008 09:49:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC Tools Auxiliary Service service failed to start due to the following error:
%%2

Event Record #/Type73498 / Error
Event Submitted/Written: 06/09/2008 09:35:27 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC Tools Security Service service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-06-09 22:31:04 ------------
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop in txt format.

Copy and paste that information from Kapersky in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans for no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Or use Firefox with IE-Tab plugin

=================================

Please re-enable your antivirus and the firewall if you haven't already.

=================================

Please post the Kaspersky report and let me know how the computer is running.
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #12 ·
Sorry i havent responded in awhile....had to go out of town. The computer is running alot better but i did notice that under the display properties the tabs for Desktop and Screen Saver are no longer there. As soon as i make it to my parents house ill have the log for the online scan.
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #14 ·
I am not able to run Kaspersky. On one user account i says that i need Java 1.5 or later but Java has the latest updates so i completely uninstalled java...rebooted and installed it again and rebooted but i get the same problem. Also on all other accounts at the bottom of IE7 it says Done, but with errors on page and nothing is displayed.
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Let's try it again, but a little differently this time. Remove any present Kaspersky online scan via Add or Remove Programs in Control Panel first.

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif


Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Remember to re-enable the security programs that you've disabled when you're done.
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #16 ·
Alright i went to add/remove and didnt find anything pertaining to Kaspersky. Went to the link provided and it had two activex that i clicked install to and they both gave me a message saying "Windows has blocked this software because it can't verify the publisher" and then it says that i need Java Version 1.5 or higher. At no time am i able to click the accept button even when i change the zoom setting to 75%.
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Let's try another one then.

Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html



Under SCANNING OPTIONS, use the following Settings:
  • Action options - Report only
  • Second option - Report only

Once finished, click on the Details button to view the results.
To the upper right of the results you will see an option saying "Click here to export the scan results"
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.

Post the log of the scan results in your next reply.
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #18 · (Edited)
During the BitDefender scan Internet Explorrer had two errors and BitDefender stopped scanning. Error one: Internet Explorer has encountered a problem with an add-on and needs to close. Add-on Name: oscan82.ocx. Error two: Internet Explorer has encountered a problem and needs to close. Error signature. AppName:iexplore.exe AppVer:7.0.6000.16674 ModName: oscan82.ocx ModVer:1.0.0.1 Offset: 000299f1


The Error messages are still up I didnt close anything but the scan has stopped and i cannot click "Click here to export the scan report". I did manage to copy down what Bitdefender has found so far:

C:\documents and settings\Tim\Application Data\Sun\Java\Deployment|cache\Javapi\v1.0\jar\jvmimpro.jar-3ad601a5-6f171856.zip=>vmain.class Infected with:Exploit.Java.Gimsh.b
C:\documents and settings\Tim\Application Data\Sun\Java\Deployment|cache\Javapi\v1.0\jar\jvmimpro.jar-5efd1945-62f1140a.zip=>vmain.class Infected with:Exploit.Java.Gimsh.B
C:\documents and settings\Tim\Application Data\Sun\Java\Deployment|cache\Javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-1c9dcb33.zip=>vmain.class Infected with:Exploit.Java.Gimsh.B
C:\documents and settings\Tim\Application Data\Sun\Java\Deployment|cache\Javapi\v1.0\jar\jvmimpro.jar-7b3f2a8f-57b7944.zip=>vmain.class Infected with:Exploit.Java.Gimsh.B
C:\QooBox\Quarantine\C\Windows\system32\drivers\qiv07.sys.zip=>qiV07.sys Infected with: Trojan.Dropper.Cutwail.D
C:\QooBox\Quarantine\catchme2008-06-09_200524.90.zip=>mssrv32.exe Infected with: Trojan.AVKiller.AW



Is this just a stubborn virus/malware or something else??
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Hi,

The error is caused by a vulnerability in Bitdefender apparently.

http://kb.bitdefender.com/KB410-en--ActiveX-vulnerability.html

It's not the complete report so I cannot yet say anything but, the ones you've noted are in the Java cache and the quarantine folder of Combofix.

You can go ahead and clean the Java cache, but we'll deal with the ones in the Combofix quarantine later when we are sure the system is clean:

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Under Temporary Internet Files, click the Settings button.
Click the Delete Files... button below. Make sure next are checked:
Applications and Applets
Trace and Log Files

Click OK on Delete Temporary Files Window.

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

===========================

I am not able to run Kaspersky. On one user account i says that i need Java 1.5 or later but Java has the latest updates so i completely uninstalled java...rebooted and installed it again and rebooted but i get the same problem.
I have no problem downloading and running Kaspersky with (JRE) 6 Update 6, using IE7. Try again after you remove the old Java and install the latest following these instructions. If you still have problems, let me know and we'll try something else.

If the older versions of Java are still present, they would pose vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

===========================

Do you know anything about these folders:

C:\New Folder (2)

C:\New Folder
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #20 ·
I removed everything in add/remove with JRE. Followed the install directions and Kaspersky is still saying that i need to install Java 1.5 or later. C:\newfolder and newfolder2 had music files that my brother had and i moved all the files to the D:\ drive and forgot to delete the folders.
 
1 - 20 of 36 Posts
Status
Not open for further replies.
Top