Post by: NuCK on November 11, 2008, 05:22:40 AM
My PC has been running slow lately so i decided to update Ad aware and Spybot S&D. I haven't updated them in a long time, so i was required to download new versions. Something in my PC is stopping me from installing it though. At 98% an uninstall window pops up and it just hangs. Both Spybot S&D and Ad aware is behaving in almost similar ways. Here's my hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715 (http://\"http://go.microsoft.com/fwlink/?linkid=7715\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HID Button Manager v1.59.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = ,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11040 bytes
Thanks so much questolo.
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on November 11, 2008, 01:00:42 PM
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Temporarily disable McAfee so it won't interfere with the next step
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post that log from ComboFix along with a fresh HijackThis log
Post by: NuCK on November 12, 2008, 03:37:12 AM
This version of combofix actually makes windows ask me to reactivate. Problem is at the reactivation window it stalls. Everything is fine in safe mode though, so i had no choice but to use system restore. Have tried it twice. Can I use earlier versions of combofix? Didn't have that problem then. Or is the virus the problem here?
Thanks!
Post by: guestolo on November 12, 2008, 09:09:52 AM
Your probably using an illegal version of XP
Skip ComboFix for now
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- [color=\"#2E8B57\"]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM[/color].
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Post that log from MBAM
In addition:
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
- Double click on RSIT.exe to launch program.
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
If your having problems posting these logs
Upload the text files
Post by: NuCK on November 14, 2008, 06:12:05 AM
Here's the log for MBAM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
11/14/2008 6:52:22 PM
mbam-log-2008-11-14 (18-52-22).txt
Scan type: Quick Scan
Objects scanned: 55580
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\tavo1.dll (Rootkit.Agent) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kava (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tava (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\kavo0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\kavo1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kavo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\ewatr.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tavo0.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tavo1.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tavo.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
Post by: NuCK on November 14, 2008, 06:13:26 AM
Run by EDITOR at 2008-11-14 19:02:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (55%) free of 50 GB
Total RAM: 2047 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02, on 11/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\EDITOR\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\EDITOR.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HID Button Manager v1.59.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = ,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10888 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-12-15 325184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-10-07 131072]
"nTrayFw"=C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [2004-10-05 266240]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-09-22 57344]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-03-29 1245184]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-12-18 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-24 98304]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-12-22 222080]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
HID Button Manager v1.59.lnk - C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2005-12-29 5376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-21 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2006-09-28 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe"="C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Backup\Fumbling\Games\Virtual Cops2\PROJECT\PPJ2DD.EXE"="D:\Backup\Fumbling\Games\Virtual Cops2\PROJECT\PPJ2DD.EXE:*:Enabled:PPJ2DD"
"D:\Backup\Big Mojo\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"="D:\Backup\Big Mojo\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe:*:Enabled:FreeFTP.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6d130f-5d29-11dd-84fb-001346938e16}]
shell\AutoRun\command - G:\b.cmd
shell\explore\command - G:\b.cmd
shell\open\command - G:\b.cmd
======List of files/folders created in the last 1 months======
2008-11-14 19:02:28 ----D---- C:\rsit
2008-11-14 18:39:31 ----RA---- C:\WINDOWS\system32\antiwpa.dll
2008-11-13 12:25:34 ----SHD---- C:\RECYCLER
2008-11-13 11:54:35 ----D---- C:\Documents and Settings\EDITOR\Application Data\Malwarebytes
2008-11-13 11:54:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-13 11:54:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-12 16:23:20 ----SHD---- C:\RECYCLER(3)
2008-11-12 16:20:23 ----D---- C:\WINDOWS\temp
2008-11-12 16:20:23 ----A---- C:\ComboFix.txt
2008-11-12 15:25:14 ----D---- C:\RECYCLER(2)
2008-11-11 15:20:34 ----D---- C:\WINDOWS\CSC
2008-11-11 15:07:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-07 13:26:54 ----RSH---- C:\fphj6j31.bat
2008-11-01 12:08:38 ----RSH---- C:\6.bat
2008-10-31 11:13:29 ----RSH---- C:\prjydpe.cmd
2008-10-25 22:26:35 ----RSH---- C:\b.cmd
2008-10-17 17:58:07 ----D---- C:\Documents and Settings\EDITOR\Application Data\Nokia Multimedia Player
======List of files/folders modified in the last 1 months======
2008-11-14 19:02:26 ----D---- C:\WINDOWS\Prefetch
2008-11-14 18:55:23 ----D---- C:\WINDOWS
2008-11-14 18:54:50 ----D---- C:\avenger
2008-11-14 18:53:49 ----D---- C:\WINDOWS\system32\drivers
2008-11-14 18:53:49 ----D---- C:\WINDOWS\system32
2008-11-14 18:53:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-14 18:17:38 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-13 12:50:19 ----A---- C:\WINDOWS\setuplog.txt
2008-11-13 12:26:20 ----D---- C:\WINDOWS\system32\config
2008-11-13 12:26:04 ----D---- C:\WINDOWS\system32\wbem
2008-11-13 12:26:04 ----D---- C:\WINDOWS\Registration
2008-11-13 12:25:52 ----D---- C:\Program Files\SpywareBlaster
2008-11-13 12:25:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 12:25:50 ----SHD---- C:\WINDOWS\Installer
2008-11-13 12:25:34 ----D---- C:\WINDOWS\ERDNT
2008-11-13 11:54:29 ----RD---- C:\Program Files
2008-11-12 16:20:12 ----D---- C:\QooBox
2008-11-12 16:19:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-12 16:17:18 ----A---- C:\WINDOWS\system.ini
2008-11-12 16:13:15 ----D---- C:\WINDOWS\AppPatch
2008-11-12 16:13:15 ----D---- C:\Program Files\Common Files
2008-11-11 18:05:37 ----D---- C:\Config.Msi
2008-11-11 18:05:36 ----D---- C:\Program Files\Lavasoft
2008-10-31 12:26:23 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2008-10-30 15:58:27 ----A---- C:\WINDOWS\win.ini
2008-10-30 11:57:10 ----D---- C:\Documents and Settings\EDITOR\Application Data\LimeWire
2008-10-16 18:12:40 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-06 3968]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-04-25 89088]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R2 Slp1kdr;SmartLock Pro(1K); C:\WINDOWS\System32\Drivers\SLP1KDR.SYS [2001-02-14 6325]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-21 1334784]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 az8jvkks;az8jvkks; C:\WINDOWS\system32\drivers\az8jvkks.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FXDRV;FXDRV; \??\E:\Fxdrv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2006-11-14 67345]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 nvax;Service for NVIDIA® nForce(tm) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-09-10 52224]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280]
S3 nvnforce;Service for NVIDIA® nForce(tm) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-09-10 412032]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RT73;802.11b/g Wireless LAN USB 2.0 Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 app_filter;app_filter; C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-10-05 126976]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-21 376832]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2006-09-28 204800]
R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-10 20543]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-10-05 110653]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-09-21 516096]
S2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-10-05 53313]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
-----------------EOF-----------------
Post by: guestolo on November 14, 2008, 08:53:06 AM
Can you post it also
A copy of it should be placed in the following location
C:\rsit folder
After you post it, we just have a bit more cleaning to do
Post by: NuCK on November 15, 2008, 12:12:58 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />info.txt logfile of random's system information tool 1.04 2008-11-14 19:02:41
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AirPlus G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{62288F64-6017-4154-A27C-BA26FECF723A}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitComet 0.80-->C:\Program Files\BitComet\uninst.exe
CoffeeCup Free FTP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66899F2-C58D-4CEC-9FA8-867883FFB707}\Setup.exe" -l0x9
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Fuji Xerox DocuWorks Viewer Light 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{815C444F-85D9-4661-8A64-CC2B9D46676B}\setup.exe" -l0x9 UNINSTALL
HID Button Manager v1.59-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70C23A2D-11F9-4558-AD73-54BFA6F7E75A}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.16.2-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MYOB Accounting v14-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3E40E83B-40C4-49FF-BA12-2D6F43810F83}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NewTek LightWave 3D [8]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62BBFDA0-306C-4022-8E40-021C073CB3AF}\Setup.exe" -l0x9
NewTek LightWave 8.2 Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0521C43-17E9-41EE-8412-D6AE77F69AFD}\setup.exe" -l0x9 -removeonly
NewTek LightWave 8.3 Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A67D1306-BAB0-4D1C-9DA7-355A32343A4C}\setup.exe" -l0x9 -removeonly
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Nokia_PC_Suite_rel_6_86_9_4_APAC.exe
Nokia PC Suite-->MsiExec.exe /I{5AFEABF5-7411-4C29-9FA9-71ABE880662D}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PC Connectivity Solution-->MsiExec.exe /I{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Sentinel System Driver-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SmartFTP Client-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Sony Ericsson PC Suite 1.20.224-->MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.0-->"C:\Program Files\SpywareBlaster\unins000.exe"
StuffIt Standard-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Xerox Support Centre-->C:\Program Files\Xerox\Support Centre\supportuninstall.exe
=====HijackThis Backups=====
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_09) -
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\EDITOR\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
======Security center information======
AV: McAfee VirusScan
FW: NVIDIA Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEFAULT_CA_NR"=CA6
-----------------EOF-----------------
Post by: guestolo on November 15, 2008, 12:38:41 AM
download Flash_Disinfector (http://\"http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe\") and save it to your desktop
- Double on Flash_Disinfector.exe to run it. If you receive a prompt, please allow it.
- You will be prompted to plug in your flash drive. Plug it in. If you have more than one, plug them in
- Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
- When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
- Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Please download [color=\"#4169E1\"]ATF Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\")[/url] save it to your desktop
Double-click ATF-Cleaner.exe to run the program
Click Select All
Click: Empty Selected
Click Exit at the Main menu to close the ATF Cleaner program.
Note: Your system may take a bit longer to load and some folders may take a bit longer to open after running ATF-Cleaner
We have cleared Prefetch, things will speed up after this folder is repopulated
Download > [color=\"red\"]OTMoveIt3[/color] (http://\"http://oldtimer.geekstogo.com/OTMoveIt3.exe\") <[/url] by OldTimer.
- Save it to your desktop.
- Double-click OTMoveIt3.exe to run it.
- Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000FF\"]:Processes
explorer.exe
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6d130f-5d29-11dd-84fb-001346938e16}]
:Files
C:\fphj6j31.bat
C:\6.bat
C:\prjydpe.cmd
C:\b.cmd
G:\b.cmd
:Commands
[Start Explorer][/color]
====================================================== - Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
When you run Malwarebyte's Anti-Malware, is wasn't updated
Can you open the program please, Check for Updates first, let it prompt you that updates were successful
Then run another Quick Scan
I need to see the following
1. Post back the new log from MBAM
2. Post the log from OTMoveit3
3. Run RSIT.exe again, this time I only need to see the new log from [color=\"#2E8B57\"]log.txt[/color]
In addition
go to this link
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste the following bold line to the space next to 'Upload a File'
Or Browse to the file
C:\WINDOWS\system32\drivers\az8jvkks.sys
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page
Post by: NuCK on November 15, 2008, 03:40:14 AM
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
11/15/2008 4:34:14 PM
mbam-log-2008-11-15 (16-34-14).txt
Scan type: Quick Scan
Objects scanned: 54128
Time elapsed: 2 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Post by: NuCK on November 15, 2008, 03:41:41 AM
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6d130f-5d29-11dd-84fb-001346938e16}\\ deleted successfully.
========== FILES ==========
C:\fphj6j31.bat moved successfully.
C:\6.bat moved successfully.
C:\prjydpe.cmd moved successfully.
C:\b.cmd moved successfully.
File/Folder G:\b.cmd not found.
========== COMMANDS ==========
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_163047
Post by: NuCK on November 15, 2008, 03:44:25 AM
Run by EDITOR at 2008-11-15 16:38:06
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (54%) free of 50 GB
Total RAM: 2047 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38, on 11/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\EDITOR\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\EDITOR.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HID Button Manager v1.59.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = ,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11345 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-12-15 325184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-10-07 131072]
"nTrayFw"=C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [2004-10-05 266240]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-09-22 57344]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-03-29 1245184]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-12-18 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-24 98304]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-12-22 222080]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
HID Button Manager v1.59.lnk - C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2005-12-29 5376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-21 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2006-09-28 73728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe"="C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Backup\Fumbling\Games\Virtual Cops2\PROJECT\PPJ2DD.EXE"="D:\Backup\Fumbling\Games\Virtual Cops2\PROJECT\PPJ2DD.EXE:*:Enabled:PPJ2DD"
"D:\Backup\Big Mojo\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"="D:\Backup\Big Mojo\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe:*:Enabled:FreeFTP.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2008-11-15 16:30:47 ----D---- C:\_OTMoveIt
2008-11-14 20:18:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-14 19:02:28 ----D---- C:\rsit
2008-11-14 18:39:31 ----RA---- C:\WINDOWS\system32\antiwpa.dll
2008-11-13 12:25:34 ----SHD---- C:\RECYCLER
2008-11-13 11:54:35 ----D---- C:\Documents and Settings\EDITOR\Application Data\Malwarebytes
2008-11-13 11:54:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-13 11:54:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-12 16:23:20 ----SHD---- C:\RECYCLER(3)
2008-11-12 16:20:23 ----D---- C:\WINDOWS\temp
2008-11-12 16:20:23 ----A---- C:\ComboFix.txt
2008-11-12 15:25:14 ----D---- C:\RECYCLER(2)
2008-11-11 15:20:34 ----D---- C:\WINDOWS\CSC
2008-11-11 15:07:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-17 17:58:07 ----D---- C:\Documents and Settings\EDITOR\Application Data\Nokia Multimedia Player
======List of files/folders modified in the last 1 months======
2008-11-15 16:31:39 ----D---- C:\WINDOWS\Prefetch
2008-11-14 20:19:33 ----SHD---- C:\WINDOWS\Installer
2008-11-14 20:19:33 ----D---- C:\WINDOWS
2008-11-14 20:19:33 ----D---- C:\Config.Msi
2008-11-14 20:19:03 ----D---- C:\Program Files\Lavasoft
2008-11-14 20:19:02 ----D---- C:\Documents and Settings\EDITOR\Application Data\Lavasoft
2008-11-14 20:19:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-14 20:18:32 ----D---- C:\WINDOWS\system32\drivers
2008-11-14 20:18:32 ----D---- C:\WINDOWS\system32
2008-11-14 20:18:08 ----D---- C:\Program Files\Common Files
2008-11-14 19:58:40 ----D---- C:\Program Files\SpywareBlaster
2008-11-14 19:44:40 ----D---- C:\Downloads
2008-11-14 19:29:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-14 19:27:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 19:22:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-14 18:54:50 ----D---- C:\avenger
2008-11-14 18:17:38 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-13 12:50:19 ----A---- C:\WINDOWS\setuplog.txt
2008-11-13 12:26:20 ----D---- C:\WINDOWS\system32\config
2008-11-13 12:26:04 ----D---- C:\WINDOWS\system32\wbem
2008-11-13 12:26:04 ----D---- C:\WINDOWS\Registration
2008-11-13 12:25:34 ----D---- C:\WINDOWS\ERDNT
2008-11-13 11:54:29 ----RD---- C:\Program Files
2008-11-12 16:20:12 ----D---- C:\QooBox
2008-11-12 16:19:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-12 16:17:18 ----A---- C:\WINDOWS\system.ini
2008-11-12 16:13:15 ----D---- C:\WINDOWS\AppPatch
2008-10-31 12:26:23 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2008-10-30 15:58:27 ----A---- C:\WINDOWS\win.ini
2008-10-30 11:57:10 ----D---- C:\Documents and Settings\EDITOR\Application Data\LimeWire
2008-10-16 18:12:40 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-06 3968]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-04-25 89088]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R2 Slp1kdr;SmartLock Pro(1K); C:\WINDOWS\System32\Drivers\SLP1KDR.SYS [2001-02-14 6325]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-21 1334784]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 alycp74j;alycp74j; C:\WINDOWS\system32\drivers\alycp74j.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FXDRV;FXDRV; \??\E:\Fxdrv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2006-11-14 67345]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 nvax;Service for NVIDIA® nForce(tm) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-09-10 52224]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280]
S3 nvnforce;Service for NVIDIA® nForce(tm) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-09-10 412032]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RT73;802.11b/g Wireless LAN USB 2.0 Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 app_filter;app_filter; C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-10-05 126976]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-21 376832]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2006-09-28 204800]
R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-10 20543]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-10-05 110653]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-09-21 516096]
S2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-10-05 53313]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
-----------------EOF-----------------
Post by: NuCK on November 15, 2008, 03:46:09 AM
Post by: guestolo on November 15, 2008, 11:11:01 AM
C:\WINDOWS\system32\drivers\alycp74j.sys
Again, malwarebytes Anti-malware was not updated
Database version: 1306
Are you having trouble updating it?
As of this time, the database version is 1400
Also, can you do the following
Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color] (http://\"ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe\")
(F-Secure Blacklight)
Double click to run fsbl.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log
BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
Post that log also please
In addition, I want a double check with this rootkit scanner also
Download GMER.zip from here:
http://www.gmer.net/files.php (http://\"http://www.gmer.net/files.php\")
Unzip it to the Desktop.
Open the program - you should see the Rootkit / Malware tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Post by: NuCK on November 19, 2008, 12:48:22 AM
11/19/08 13:35:37 [Info]: BlackLight Engine 2.2.1092 initialized
11/19/08 13:35:37 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/19/08 13:35:37 [Note]: 7019 4
11/19/08 13:35:37 [Note]: 7005 0
11/19/08 13:35:40 [Note]: 7006 0
11/19/08 13:35:40 [Note]: 7011 872
11/19/08 13:35:40 [Note]: 7035 0
11/19/08 13:35:40 [Note]: 7026 0
11/19/08 13:35:40 [Note]: 7026 0
11/19/08 13:35:42 [Note]: FSRAW library version 1.7.1024
11/19/08 13:38:42 [Note]: 2000 1012
11/19/08 13:38:42 [Note]: 2000 1012
11/19/08 13:38:42 [Note]: 2000 1012
11/19/08 13:38:42 [Note]: 2000 1012
11/19/08 13:39:30 [Note]: 7007 0
Post by: NuCK on November 19, 2008, 12:52:44 AM
Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2
11/19/2008 1:46:29 PM
mbam-log-2008-11-19 (13-46-29).txt
Scan type: Quick Scan
Objects scanned: 64620
Time elapsed: 6 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Post by: NuCK on November 19, 2008, 01:13:20 AM
Rootkit scan 2008-11-19 14:06:58
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT spbl.sys ZwCreateKey [0xBA6AA0E0]
SSDT spbl.sys ZwEnumerateKey [0xBA6C7CA2]
SSDT spbl.sys ZwEnumerateValueKey [0xBA6C8030]
SSDT spbl.sys ZwOpenKey [0xBA6AA0C0]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xAE77A8AC]
SSDT spbl.sys ZwQueryKey [0xBA6C8108]
SSDT spbl.sys ZwQueryValueKey [0xBA6C7F88]
SSDT spbl.sys ZwSetValueKey [0xBA6C819A]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xAE77A812]
INT 0x62 ? 8A815BF8
INT 0x63 ? 8A815BF8
INT 0x73 ? 8A815BF8
INT 0x82 ? 8A815BF8
INT 0xA4 ? 8A51EBF8
INT 0xB4 ? 8A51EBF8
---- Kernel code sections - GMER 1.0.14 ----
? spbl.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9E3C62C 5 Bytes JMP 8A51E1D8
.text a7s23h4r.SYS B8E0D384 1 Byte [ 20 ]
.text a7s23h4r.SYS B8E0D386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text a7s23h4r.SYS B8E0D3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text a7s23h4r.SYS B8E0D3C4 3 Bytes [ 00, 00, 00 ]
.text a7s23h4r.SYS B8E0D3C9 1 Byte [ 00 ]
.text ...
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[788] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00F63E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[872] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00F73E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe[1172] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01DF3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[1192] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00823E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\SOUNDMAN.EXE[1356] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00DE3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text ...
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3136] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 0122D640 C:\Program Files\McAfee\SiteAdvisor\saPlugin.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3136] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3136] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01EA3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\system32\Ati2evxx.exe[3308] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00C43E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[3340] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01503E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[3492] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01013E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3556] ws2_32.dll!connect 71AB406A 5 Bytes JMP 05303E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text ...
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AB046] spbl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AB142] spbl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AB0C4] spbl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AB7CE] spbl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AB6A4] spbl.sys
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!KfAcquireSpinLock] 6C000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!READ_PORT_UCHAR] 56000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!KeGetCurrentIrql] F4000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!KfRaiseIrql] EA000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!KfLowerIrql] 65000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!HalGetInterruptVector] 7A000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!HalTranslateBusAddress] AE000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!KeStallExecutionProcessor] 08000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!KfReleaseSpinLock] BA000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 78000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!READ_PORT_USHORT] 25000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 2E000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[HAL.dll!WRITE_PORT_UCHAR] 1C000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[WMILIB.SYS!WmiSystemControl] B4000000
IAT \SystemRoot\System32\Drivers\a7s23h4r.SYS[WMILIB.SYS!WmiCompleteRequest] C6000000
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B6D7A] spbl.sys
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\winlogon.exe[676] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtLockProductActivationKeys] [0500073E] C:\WINDOWS\system32\antiwpa.dll
IAT C:\WINDOWS\system32\winlogon.exe[676] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!GetSystemMetrics] [05000756] C:\WINDOWS\system32\antiwpa.dll
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A8141F8
AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
Device \Driver\usbohci \Device\USBPDO-0 8A5BF1F8
Device \Driver\PCI_PNP9632 \Device\00000051 spbl.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8161F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8161F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8161F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8161F8
Device \Driver\usbehci \Device\USBPDO-1 8A5BB1F8
AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7A91F8
Device \Driver\Cdrom \Device\CdRom0 8A4791F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7A91F8
Device \Driver\Cdrom \Device\CdRom1 8A4791F8
Device \Driver\nvatabus \Device\00000074 8A8151F8
Device \Driver\sptd \Device\925474632 spbl.sys
Device \Driver\nvatabus \Device\00000076 8A8151F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89B1F1F8
Device \Driver\NetBT \Device\NetbiosSmb 89B1F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DF641EA-F711-443F-B73C-A1C73FE09E1F} 89B1F1F8
Device \Driver\usbohci \Device\USBFDO-0 8A5BF1F8
Device \Driver\usbehci \Device\USBFDO-1 8A5BB1F8
Device \Driver\nvatabus \Device\NvAta0 8A8151F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895251F8
Device \Driver\nvatabus \Device\NvAta1 8A8151F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 895251F8
Device \Driver\nvatabus \Device\NvAta2 8A8151F8
Device \Driver\Ftdisk \Device\FtControl 8A7A91F8
Device \Driver\a7s23h4r \Device\Scsi\a7s23h4r1Port3Path0Target0Lun0 8A4561F8
Device \Driver\a7s23h4r \Device\Scsi\a7s23h4r1 8A4561F8
Device \FileSystem\Cdfs \Cdfs 8A41D500
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x8F 0xEC 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x43 0xE9 0xF6 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x57 0x72 0x6C 0xF1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x8F 0xEC 0x18 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x43 0xE9 0xF6 0x5B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x57 0x72 0x6C 0xF1 ...
---- EOF - GMER 1.0.14 ----
Post by: guestolo on November 19, 2008, 08:25:51 AM
Code: [Select]
? spbl.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9E3C62C 5 Bytes JMP 8A51E1D8
.text a7s23h4r.SYS B8E0D384 1 Byte [ 20 ]
.text a7s23h4r.SYS B8E0D386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text a7s23h4r.SYS B8E0D3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text a7s23h4r.SYS B8E0D3C4 3 Bytes [ 00, 00, 00 ]
.text a7s23h4r.SYS B8E0D3C9 1 Byte [ 00 ]Oh, I see what's going on now, I believe the file spbl.sys and the a7s23h4r.SYS
belong to the emulation software Alcohol 120%
It changes names on startup, I don't think it's anything to be concerned about
How are things running now?
Looking at your previous logs however, you had a rootkit
I wouldn't take any chances and ensure to change any online passwords
Eg... Email, banking, gaming
Post by: NuCK on December 12, 2008, 11:55:33 PM
Sorry i've been out of the country for a while. My system seems to be running fine now! Thanks man. BTW what's a rootkit? keylogger?
Post by: guestolo on December 13, 2008, 12:22:44 PM
Keylogger (http://\"http://en.wikipedia.org/wiki/Keylogger\")
Do you still have OTMoveit?
Post by: NuCK on December 15, 2008, 02:31:34 AM
Post by: guestolo on December 15, 2008, 02:05:39 PM
Don't redownload any yet, just enquiring
Post by: NuCK on December 15, 2008, 11:41:17 PM
And from the logs of OTmoveIT it says g:/ file not found right? I found out the g:/ that was infected wasn't my thumb, but my nokia phone plugged to my usb cable. I plugged my phone in last night and spybot resident popped up prompting me to allow change to add KAVO.EXE to registry. I denied it but it pops up everytime i move files from my phone.
Scans with Malwarebytes, Adaware shows nothing. Spybot found - Win32.Rungbu.a . Cleaned it but i believe its still lurking around somewhere. I used Flash disenfectant with my phone plugged in too but it still happens when i move files to-from my phone.
Sigh...it's back.
Post by: NuCK on December 16, 2008, 12:11:53 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03, on 12/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HID Button Manager v1.59.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = ,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11317 bytes
Post by: guestolo on December 16, 2008, 12:23:24 AM
Did you update it first?
Can you check for updates with Malwarebytes
If asked to reboot, do so, then go back and check for updates
Do that first, then come back here and let me know when it's totally updated, don't run a scan yet
Post by: NuCK on December 16, 2008, 03:35:43 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on December 16, 2008, 03:49:09 AM
Spybot's TeaTimer may interfere
Can you do the following
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot
After you disabled Teatimer, download ResetTeaTimer.bat
http://downloads.subratam.org/ResetTeaTimer.bat (http://\"http://downloads.subratam.org/ResetTeaTimer.bat\")
to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.
Next: Open Malwarebytes Anti-Malware
Under the Scanner tab>>Select "Perform Full Scan"
Put a tick next to the letter that represents your Phone>>I assume G:
Then click "Start Scan"
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Post by: NuCK on December 16, 2008, 04:48:05 AM
Malwarebytes' Anti-Malware 1.31
Database version: 1506
Windows 5.1.2600 Service Pack 2
12/16/2008 5:33:27 PM
mbam-log-2008-12-16 (17-33-27).txt
Scan type: Full Scan (G:\|)
Objects scanned: 52524
Time elapsed: 12 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\kavo0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\kavo1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kavo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kamsoft.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tavo0.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tavo.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
Post by: guestolo on December 16, 2008, 11:55:26 AM
In position to tranfer files, I assume that's the only way that MBAM can scan the drive
Can you do the following, with the phone on
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
- Double click on RSIT.exe to launch program.
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
NOTE: You may get an error message posting back log.txt
If you do, can you upload it please
Use the Browse... and UPLOAD buttons on the bottom right of a reply box
A copy of log.txt can be found in the following folder
C:\rsit
Post by: NuCK on December 16, 2008, 11:19:09 PM
Post by: NuCK on December 16, 2008, 11:27:08 PM
Run by EDITOR at 2008-12-17 12:18:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (50%) free of 50 GB
Total RAM: 2047 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\EDITOR\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\EDITOR.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HID Button Manager v1.59.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = ,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11234 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-12-15 325184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-10-07 131072]
"nTrayFw"=C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [2004-10-05 266240]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-09-22 57344]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-03-29 1245184]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-12-18 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-24 98304]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-12-22 222080]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
HID Button Manager v1.59.lnk - C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2005-12-29 5376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-21 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2006-09-28 73728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe"="C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Backup\Fumbling\Games\Virtual Cops2\PROJECT\PPJ2DD.EXE"="D:\Backup\Fumbling\Games\Virtual Cops2\PROJECT\PPJ2DD.EXE:*:Enabled:PPJ2DD"
"D:\Backup\Big Mojo\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"="D:\Backup\Big Mojo\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe:*:Enabled:FreeFTP.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44dfa174-bf4e-11dd-856b-001346938e16}]
shell\AutoRun\command - G:\abk.bat
shell\explore\command - G:\abk.bat
shell\open\command - G:\abk.bat
======List of files/folders created in the last 1 months======
2008-12-15 13:30:55 ----RSH---- C:\iok.exe
2008-12-02 17:49:46 ----A---- C:\WINDOWS\iun503.exe
2008-12-02 17:41:26 ----D---- C:\Program Files\Celebrity Mahjong
2008-12-02 17:40:33 ----D---- C:\Documents and Settings\EDITOR\Application Data\WinRAR
2008-12-02 17:38:11 ----D---- C:\Program Files\WinRAR
2008-12-01 19:42:00 ----RSH---- C:\WINDOWS\system32\gasretyw1.dll
2008-12-01 19:41:16 ----N---- C:\WINDOWS\system32\gasretyw0.dll
2008-11-29 11:58:59 ----D---- C:\My Media
2008-11-29 11:57:45 ----D---- C:\Program Files\YouTube Audio Capture
2008-11-29 11:56:54 ----N---- C:\WINDOWS\Setup1.exe
2008-11-29 11:56:53 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-11-18 11:04:26 ----HD---- C:\WINDOWS\PIF
======List of files/folders modified in the last 1 months======
2008-12-17 12:18:23 ----D---- C:\WINDOWS\Prefetch
2008-12-17 11:53:38 ----D---- C:\WINDOWS\temp
2008-12-17 11:53:11 ----D---- C:\WINDOWS
2008-12-17 02:11:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 17:35:03 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 17:35:03 ----D---- C:\WINDOWS\system32
2008-12-16 16:27:47 ----D---- C:\Downloads
2008-12-15 15:30:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-15 11:48:37 ----D---- C:\Documents and Settings\EDITOR\Application Data\Nokia
2008-12-09 19:12:45 ----D---- C:\Documents and Settings\EDITOR\Application Data\LimeWire
2008-12-02 18:46:44 ----A---- C:\WINDOWS\system.ini
2008-12-02 18:46:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 17:41:26 ----RD---- C:\Program Files
2008-12-01 12:56:18 ----SD---- C:\Documents and Settings\EDITOR\Application Data\Microsoft
2008-11-27 13:31:32 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2008-11-21 20:01:00 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-19 13:54:29 ----A---- C:\WINDOWS\gmer.ini
2008-11-19 13:54:28 ----A---- C:\WINDOWS\gmer.dll
2008-11-19 13:37:32 ----A---- C:\WINDOWS\gmer.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-06 3968]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-04-25 89088]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R2 Slp1kdr;SmartLock Pro(1K); C:\WINDOWS\System32\Drivers\SLP1KDR.SYS [2001-02-14 6325]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-21 1334784]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 aqoi8wjr;aqoi8wjr; C:\WINDOWS\system32\drivers\aqoi8wjr.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FXDRV;FXDRV; \??\E:\Fxdrv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-19 85969]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 nvax;Service for NVIDIA® nForce(tm) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-09-10 52224]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280]
S3 nvnforce;Service for NVIDIA® nForce(tm) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-09-10 412032]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RT73;802.11b/g Wireless LAN USB 2.0 Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 app_filter;app_filter; C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-10-05 126976]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-21 376832]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2006-09-28 204800]
R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-10 20543]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-10-05 110653]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-09-21 516096]
S2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-10-05 53313]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-14 19:02:41
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AirPlus G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{62288F64-6017-4154-A27C-BA26FECF723A}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitComet 0.80-->C:\Program Files\BitComet\uninst.exe
CoffeeCup Free FTP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66899F2-C58D-4CEC-9FA8-867883FFB707}\Setup.exe" -l0x9
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Fuji Xerox DocuWorks Viewer Light 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{815C444F-85D9-4661-8A64-CC2B9D46676B}\setup.exe" -l0x9 UNINSTALL
HID Button Manager v1.59-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70C23A2D-11F9-4558-AD73-54BFA6F7E75A}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.16.2-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MYOB Accounting v14-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3E40E83B-40C4-49FF-BA12-2D6F43810F83}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NewTek LightWave 3D [8]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62BBFDA0-306C-4022-8E40-021C073CB3AF}\Setup.exe" -l0x9
NewTek LightWave 8.2 Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0521C43-17E9-41EE-8412-D6AE77F69AFD}\setup.exe" -l0x9 -removeonly
NewTek LightWave 8.3 Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A67D1306-BAB0-4D1C-9DA7-355A32343A4C}\setup.exe" -l0x9 -removeonly
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Nokia_PC_Suite_rel_6_86_9_4_APAC.exe
Nokia PC Suite-->MsiExec.exe /I{5AFEABF5-7411-4C29-9FA9-71ABE880662D}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PC Connectivity Solution-->MsiExec.exe /I{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Sentinel System Driver-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SmartFTP Client-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Sony Ericsson PC Suite 1.20.224-->MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.0-->"C:\Program Files\SpywareBlaster\unins000.exe"
StuffIt Standard-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Xerox Support Centre-->C:\Program Files\Xerox\Support Centre\supportuninstall.exe
=====HijackThis Backups=====
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_09) -
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\EDITOR\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
======Security center information======
AV: McAfee VirusScan
FW: NVIDIA Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEFAULT_CA_NR"=CA6
-----------------EOF-----------------
Post by: guestolo on December 17, 2008, 01:22:29 PM
Download > [color=\"red\"]OTMoveIt3[/color] (http://\"http://oldtimer.geekstogo.com/OTMoveIt3.exe\") <[/url] by OldTimer.
- Save it to your desktop.
- Double-click OTMoveIt3.exe to run it.
- Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000FF\"]
:Processes
explorer.exe
:Services
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\
{44dfa174-bf4e-11dd-856b-001346938e16}]
:Files
G:\abk.bat
C:\iok.exe
C:\WINDOWS\system32\gasretyw1.dll
C:\WINDOWS\system32\gasretyw0.dll
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
[/color]
====================================================== - Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
If prompted on startup to Run OTMoveit again, allow it please
A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
Post that log and let me know how things are running please
Post by: NuCK on December 17, 2008, 11:03:36 PM
1. It kills explorer
2. It says can't kill service - aqoi8wjr
3. The Reg part - This is the last message displayed
I can't remember the exact message, but that's roughly how it is.
Post by: guestolo on December 17, 2008, 11:07:41 PM
When you post back, with the OTMoveit log, can you also run RSIT.exe again and post the new log that opens
Post by: NuCK on December 17, 2008, 11:19:23 PM
Post by: guestolo on December 17, 2008, 11:50:23 PM
Post by: NuCK on December 17, 2008, 11:52:30 PM
Run by EDITOR at 2008-12-18 12:45:55
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (50%) free of 50 GB
Total RAM: 2047 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\EDITOR\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\EDITOR.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HID Button Manager v1.59.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = ,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11201 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-12-15 325184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-10-07 131072]
"nTrayFw"=C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [2004-10-05 266240]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-09-22 57344]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-03-29 1245184]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-12-18 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-24 98304]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-12-22 222080]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
HID Button Manager v1.59.lnk - C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2005-12-29 5376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-21 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2006-09-28 73728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe"="C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Backup\Fumbling\Games\Virtual Cops2\PROJECT\PPJ2DD.EXE"="D:\Backup\Fumbling\Games\Virtual Cops2\PROJECT\PPJ2DD.EXE:*:Enabled:PPJ2DD"
"D:\Backup\Big Mojo\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"="D:\Backup\Big Mojo\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe:*:Enabled:FreeFTP.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2008-12-15 13:30:55 ----RSH---- C:\iok.exe
2008-12-02 17:49:46 ----A---- C:\WINDOWS\iun503.exe
2008-12-02 17:41:26 ----D---- C:\Program Files\Celebrity Mahjong
2008-12-02 17:40:33 ----D---- C:\Documents and Settings\EDITOR\Application Data\WinRAR
2008-12-02 17:38:11 ----D---- C:\Program Files\WinRAR
2008-12-01 19:42:00 ----RSH---- C:\WINDOWS\system32\gasretyw1.dll
2008-12-01 19:41:16 ----N---- C:\WINDOWS\system32\gasretyw0.dll
2008-11-29 11:58:59 ----D---- C:\My Media
2008-11-29 11:57:45 ----D---- C:\Program Files\YouTube Audio Capture
2008-11-29 11:56:54 ----N---- C:\WINDOWS\Setup1.exe
2008-11-29 11:56:53 ----A---- C:\WINDOWS\ST6UNST.EXE
======List of files/folders modified in the last 1 months======
2008-12-18 12:10:36 ----D---- C:\WINDOWS\temp
2008-12-18 11:53:40 ----D---- C:\WINDOWS\Prefetch
2008-12-18 11:53:35 ----D---- C:\WINDOWS
2008-12-18 11:51:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 17:35:03 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 17:35:03 ----D---- C:\WINDOWS\system32
2008-12-16 16:27:47 ----D---- C:\Downloads
2008-12-15 15:30:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-15 11:48:37 ----D---- C:\Documents and Settings\EDITOR\Application Data\Nokia
2008-12-09 19:12:45 ----D---- C:\Documents and Settings\EDITOR\Application Data\LimeWire
2008-12-02 18:46:44 ----A---- C:\WINDOWS\system.ini
2008-12-02 18:46:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 17:41:26 ----RD---- C:\Program Files
2008-12-01 12:56:18 ----SD---- C:\Documents and Settings\EDITOR\Application Data\Microsoft
2008-11-27 13:31:32 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2008-11-21 20:01:00 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-19 13:54:29 ----A---- C:\WINDOWS\gmer.ini
2008-11-19 13:54:28 ----A---- C:\WINDOWS\gmer.dll
2008-11-19 13:37:32 ----A---- C:\WINDOWS\gmer.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-06 3968]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-04-25 89088]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R2 Slp1kdr;SmartLock Pro(1K); C:\WINDOWS\System32\Drivers\SLP1KDR.SYS [2001-02-14 6325]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-21 1334784]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 ar00v3k9;ar00v3k9; C:\WINDOWS\system32\drivers\ar00v3k9.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FXDRV;FXDRV; \??\E:\Fxdrv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-19 85969]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 nvax;Service for NVIDIA® nForce(tm) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-09-10 52224]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280]
S3 nvnforce;Service for NVIDIA® nForce(tm) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-09-10 412032]
S3 RT73;802.11b/g Wireless LAN USB 2.0 Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 app_filter;app_filter; C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-10-05 126976]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-21 376832]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2006-09-28 204800]
R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-10 20543]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-10-05 110653]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-09-21 516096]
S2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-10-05 53313]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
-----------------EOF-----------------
Post by: guestolo on December 18, 2008, 12:00:38 AM
Try this one more time please
With OTMoveit3, run this script
[color=\"#0000FF\"]:Processes
:Services
:Reg
:Files
G:\abk.bat
C:\iok.exe
C:\WINDOWS\system32\gasretyw1.dll
C:\WINDOWS\system32\gasretyw0.dll
:Commands
[EmptyTemp]
[Reboot][/color]
Post by: NuCK on December 18, 2008, 12:11:49 AM
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder G:\abk.bat not found.
C:\iok.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gasretyw1.dll
C:\WINDOWS\system32\gasretyw1.dll NOT unregistered.
C:\WINDOWS\system32\gasretyw1.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gasretyw0.dll
C:\WINDOWS\system32\gasretyw0.dll NOT unregistered.
C:\WINDOWS\system32\gasretyw0.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\EDITOR\LOCALS~1\Temp\Perflib_Perfdata_124c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\EDITOR\LOCALS~1\Temp\Perflib_Perfdata_e0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF1B3B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF3AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF6A56.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF6A64.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF78F1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DFBA81.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\sqlite_9QE4haTcJmtwWDE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_hhTmymqW1XCkxJr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_ho6flOAKyWgiZ2q scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12182008_125859
Files moved on Reboot...
File C:\DOCUME~1\EDITOR\LOCALS~1\Temp\Perflib_Perfdata_124c.dat not found!
File C:\DOCUME~1\EDITOR\LOCALS~1\Temp\Perflib_Perfdata_e0.dat not found!
C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF1B3B.tmp moved successfully.
File C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF3AE.tmp not found!
File C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF6A56.tmp not found!
File C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF6A64.tmp not found!
C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DF78F1.tmp moved successfully.
File C:\DOCUME~1\EDITOR\LOCALS~1\Temp\~DFBA81.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\sqlite_9QE4haTcJmtwWDE moved successfully.
C:\WINDOWS\temp\sqlite_hhTmymqW1XCkxJr moved successfully.
C:\WINDOWS\temp\sqlite_ho6flOAKyWgiZ2q moved successfully.
Post by: guestolo on December 18, 2008, 12:16:15 AM
Do you have a card reader for your PC?
Can you ensure that file is gone from the Phone card
Edit>>Forgot to add, it may have hidden attributes
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Post by: NuCK on December 18, 2008, 12:43:53 AM
Post by: NuCK on December 18, 2008, 12:48:17 AM
6.bat
6.cmd
ewatr.cmd
fphj6j31.bat
iok.exe
prjydpe.cmd
Post by: guestolo on December 18, 2008, 12:56:49 AM
6.bat
6.cmd
ewatr.cmd
fphj6j31.bat
iok.exe
prjydpe.cmd
and iok.exe on phone
Open Malwarebytes, check for updates
Then under the scanner tab, Ensure Full Scan is ticked
Click SCAN
Select All drives except for CD/DVD roms
Post the log after you have removed anything it finds
Post by: NuCK on December 19, 2008, 02:01:33 AM
here's the log for G:\
Malwarebytes' Anti-Malware 1.31
Database version: 1506
Windows 5.1.2600 Service Pack 2
12/19/2008 12:05:42 PM
mbam-log-2008-12-19 (12-05-42).txt
Scan type: Full Scan (G:\|)
Objects scanned: 52235
Time elapsed: 12 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
here's C:\ and D:\
Malwarebytes' Anti-Malware 1.31
Database version: 1506
Windows 5.1.2600 Service Pack 2
12/19/2008 1:52:45 PM
mbam-log-2008-12-19 (13-52-45).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 157566
Time elapsed: 1 hour(s), 34 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Post by: guestolo on December 19, 2008, 02:06:03 AM
Can you post one final Hijackthis log, just for a double check
P.S. You should of checked for updates with Malwarebytes
It was a bit outdated
Post by: NuCK on December 19, 2008, 02:30:00 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21, on 12/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\INITIO\HID Button Manager v1.59\inihid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HID Button Manager v1.59.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = ,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF641EA-F711-443F-B73C-A1C73FE09E1F}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11128 bytes
Post by: guestolo on December 19, 2008, 04:45:52 AM
What's McAfee's doing?
Is it outdated?
Can you run one more log for me please
Download and save to your desktop
[color=\"#FF0000\"]OTScanIt2[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe\")[/url]
by OldTimer
Double click on it to Run it and then Extract it to a folder on desktop
Open that newly created folder and double click on OTScanIt2.exe
Then click on [color=\"#0000FF\"]Run Scan [/color]
When done, it will produce a log
Can you post the contents of that log back here please
A copy of it can also be found it the OTScanIt2 folder on desktop
Post by: NuCK on December 22, 2008, 01:13:06 AM
OTScanIt2 by OldTimer - Version 1.0.4.0 Folder = C:\Documents and Settings\EDITOR\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 60.77% Memory free
3.86 Gb Paging File | 3.04 Gb Available in Paging File | 78.73% Paging File free
Paging file location(s): C:\pagefile.sys 2060 4096;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 24.65 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
Drive D: | 184.05 Gb Total Space | 96.77 Gb Free Space | 52.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ELLIE
Current User Name: EDITOR
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
airgcfg.exe -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> [2005/03/29 11:41:10 | 01,245,184 | ---- | M] (D-Link)
apache.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2004/08/10 05:04:08 | 00,020,543 | ---- | M] (Apache Software Foundation)
apache.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2004/08/10 05:04:08 | 00,020,543 | ---- | M] (Apache Software Foundation)
application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> [2005/10/26 17:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/09/21 22:53:06 | 00,376,832 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/09/21 22:53:06 | 00,376,832 | ---- | M] (ATI Technologies Inc.)
bitcomet.exe -> %ProgramFiles%\BitComet\BitComet.exe -> [2006/12/15 16:05:10 | 04,954,176 | ---- | M] (www.BitComet.com)
capabilitymanager.exe -> %CommonProgramFiles%\Teleca Shared\CapabilityManager.exe -> [2005/06/08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB)
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> [2005/09/22 00:55:04 | 00,057,344 | ---- | M] (ATI Technologies Inc.)
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> [2005/09/22 00:55:04 | 00,057,344 | ---- | M] (ATI Technologies Inc.)
epmworker.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> [2006/03/16 09:43:28 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB)
generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> [2005/08/10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions)
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> [2006/09/28 22:13:20 | 00,204,800 | ---- | M] (Anti-Malware Development a.s.)
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/04 20:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/04 20:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/04 20:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/04 20:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
inihid.exe -> %ProgramFiles%\INITIO\HID Button Manager v1.59\inihid.exe -> [2005/11/28 15:04:02 | 00,196,608 | ---- | M] ()
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2004/12/18 00:19:58 | 00,327,680 | ---- | M] (Apple Computer, Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2004/12/18 00:20:14 | 00,278,528 | ---- | M] (Apple Computer, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2005/09/22 18:29:08 | 00,303,104 | ---- | M] (McAfee, Inc)
mcdetect.exe -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/09/08 08:50:32 | 00,198,944 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [2005/08/10 11:22:02 | 00,221,184 | ---- | M] (McAfee Inc.)
mctskshd.exe -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc)
mcvsescn.exe -> %ProgramFiles%\McAfee.com\VSO\McVSEscn.exe -> [2005/07/08 18:16:16 | 00,483,328 | ---- | M] (McAfee, Inc.)
mcvsftsn.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsftsn.exe -> [2005/07/01 20:43:00 | 00,299,008 | ---- | M] (McAfee, Inc.)
mcvsshld.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> [2005/08/10 12:49:20 | 00,163,840 | ---- | M] (McAfee, Inc.)
mpapi3s.exe -> %CommonProgramFiles%\Nokia\MPAPI\MPAPI3s.exe -> [2008/03/19 15:24:20 | 00,474,624 | ---- | M] (Nokia Corporation)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
nclirsrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclIrSrv.exe -> [2008/01/04 13:36:10 | 00,089,088 | ---- | M] ()
nclrssrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclRSSrv.exe -> [2008/02/22 09:11:02 | 00,120,320 | ---- | M] ()
nclusbsrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [2008/04/29 10:03:58 | 00,130,560 | ---- | M] ()
nsvcappflt.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe -> [2004/10/05 17:05:34 | 00,126,976 | ---- | M] ()
nsvcip.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -> [2004/10/05 17:04:24 | 00,110,653 | ---- | M] ()
ntrayfw.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe -> [2004/10/05 17:04:34 | 00,266,240 | ---- | M] (NVIDIA Corporation)
oasclnt.exe -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe -> [2005/08/11 22:02:44 | 00,053,248 | ---- | M] (McAfee, Inc.)
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> [2003/05/08 12:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/21 18:43:24 | 00,477,184 | ---- | M] (OldTimer Tools)
pcsuite.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe -> [2008/04/16 12:53:46 | 01,079,808 | ---- | M] (Nokia)
pcsync2.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> [2008/03/26 18:41:50 | 01,232,896 | ---- | M] (Time Information Services Ltd.)
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.)
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> [2008/04/29 10:04:58 | 00,572,928 | ---- | M] (Nokia.)
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> [2005/11/11 14:07:40 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.)
starwindserviceae.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2007/05/29 00:57:54 | 00,275,968 | ---- | M] (Rocket Division Software)
usnsvc.exe -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2004/08/04 20:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2004/08/04 20:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> [2004/12/16 17:49:14 | 00,049,152 | ---- | M] (Alpha Networks Inc.)
[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2006/05/05 19:00:54 | 00,072,704 | ---- | M] (Adobe Systems)
(ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> [2004/10/22 13:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.)
(app_filter) app_filter [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe -> [2004/10/05 17:05:34 | 00,126,976 | ---- | M] ()
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2005/09/21 22:53:06 | 00,376,832 | ---- | M] (ATI Technologies Inc.)
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2005/09/21 21:15:00 | 00,516,096 | ---- | M] ()
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> [2006/09/28 22:13:20 | 00,204,800 | ---- | M] (Anti-Malware Development a.s.)
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2004/08/10 05:04:08 | 00,020,543 | ---- | M] (Apache Software Foundation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004/08/04 20:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(Imapi Helper) Imapi Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alex Feinman\ISO Recorder\ImapiHelper.exe -> [2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman)
(iPodService) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2004/12/18 00:19:58 | 00,327,680 | ---- | M] (Apple Computer, Inc.)
(Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\irmon.dll -> [2004/08/04 08:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/09/08 08:50:32 | 00,198,944 | ---- | M] ()
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc)
(McShield) McAfee.com McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [2005/08/10 11:22:02 | 00,221,184 | ---- | M] (McAfee Inc.)
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc)
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc)
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -> [2004/10/05 17:04:24 | 00,110,653 | ---- | M] ()
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Stopped] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -> [2004/10/05 17:03:50 | 00,053,313 | ---- | M] ()
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/29 00:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> [2008/04/29 10:04:58 | 00,572,928 | ---- | M] (Nokia.)
(StarWindServiceAE) StarWind AE Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2007/05/29 00:57:54 | 00,275,968 | ---- | M] (Rocket Division Software)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\A3AB.sys -> [2005/03/22 03:17:34 | 00,450,400 | ---- | M] (D-Link Corporation)
(A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\A3AB.sys -> [2005/03/22 03:17:34 | 00,450,400 | ---- | M] (D-Link Corporation)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2005/11/22 14:44:22 | 03,804,416 | R--- | M] (Realtek Semiconductor Corp.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2005/11/22 14:44:22 | 03,804,416 | R--- | M] (Realtek Semiconductor Corp.)
(ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\system32\ANIO.sys -> [2004/07/27 11:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.)
(ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\system32\ANIO.sys -> [2004/07/27 11:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2005/09/21 22:59:12 | 01,334,784 | ---- | M] (ATI Technologies Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2005/09/21 22:59:12 | 01,334,784 | ---- | M] (ATI Technologies Inc.)
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [2006/09/28 22:13:34 | 00,004,096 | ---- | M] ()
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [2006/09/28 22:13:34 | 00,004,096 | ---- | M] ()
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> [2006/09/06 00:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.)
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> [2006/09/06 00:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.)
(FsVga) FsVga [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fsvga.sys -> [2004/08/04 20:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation)
(FsVga) FsVga [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fsvga.sys -> [2004/08/04 20:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2004/09/14 14:38:26 | 00,013,872 | ---- | M] (GEAR Software Inc.)
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2004/09/14 14:38:26 | 00,013,872 | ---- | M] (GEAR Software Inc.)
(gmer) gmer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gmer.sys -> [2008/11/19 13:54:28 | 00,085,969 | ---- | M] (GMER)
(gmer) gmer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gmer.sys -> [2008/11/19 13:54:28 | 00,085,969 | ---- | M] (GMER)
(irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\irsir.sys -> [2001/08/17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation)
(irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\irsir.sys -> [2001/08/17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation)
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> [2005/08/10 11:22:10 | 00,114,464 | ---- | M] (McAfee Inc.)
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> [2005/08/10 11:22:10 | 00,114,464 | ---- | M] (McAfee Inc.)
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ccdcmb.sys -> [2007/11/29 10:39:42 | 00,016,896 | ---- | M] (Nokia)
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ccdcmb.sys -> [2007/11/29 10:39:42 | 00,016,896 | ---- | M] (Nokia)
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ccdcmbo.sys -> [2007/11/29 10:39:40 | 00,019,328 | ---- | M] (Nokia)
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ccdcmbo.sys -> [2007/11/29 10:39:40 | 00,019,328 | ---- | M] (Nokia)
(nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> [2004/09/02 15:24:38 | 00,082,816 | R--- | M] (NVIDIA Corporation)
(nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> [2004/09/02 15:24:38 | 00,082,816 | R--- | M] (NVIDIA Corporation)
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nvax.sys -> [2004/09/10 12:58:52 | 00,052,224 | R--- | M] (NVIDIA Corporation)
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nvax.sys -> [2004/09/10 12:58:52 | 00,052,224 | R--- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2004/10/05 16:38:12 | 00,033,280 | R--- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2004/10/05 16:38:12 | 00,033,280 | R--- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2004/10/05 16:38:16 | 00,012,928 | R--- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2004/10/05 16:38:16 | 00,012,928 | R--- | M] (NVIDIA Corporation)
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nvapu.sys -> [2004/09/10 13:02:12 | 00,412,032 | R--- | M] (NVIDIA Corporation)
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nvapu.sys -> [2004/09/10 13:02:12 | 00,412,032 | R--- | M] (NVIDIA Corporation)
(NVTCP) NVIDIA TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NVTCP.SYS -> [2006/04/25 11:16:32 | 00,089,088 | ---- | M] (NVIDIA Corporation)
(NVTCP) NVIDIA TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NVTCP.SYS -> [2006/04/25 11:16:32 | 00,089,088 | ---- | M] (NVIDIA Corporation)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pccsmcfd.sys -> [2007/09/17 15:53:26 | 00,021,632 | ---- | M] (Nokia)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pccsmcfd.sys -> [2007/09/17 15:53:26 | 00,021,632 | ---- | M] (Nokia)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2005/12/05 13:12:26 | 00,020,640 | ---- | M] (Sonic Solutions)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2005/12/05 13:12:26 | 00,020,640 | ---- | M] (Sonic Solutions)
(SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27bus.sys -> [2006/04/28 23:24:42 | 00,061,600 | R--- | M] (MCCI)
(SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27bus.sys -> [2006/04/28 23:24:42 | 00,061,600 | R--- | M] (MCCI)
(SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mdfl.sys -> [2006/04/28 23:25:40 | 00,009,360 | R--- | M] (MCCI)
(SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mdfl.sys -> [2006/04/28 23:25:40 | 00,009,360 | R--- | M] (MCCI)
(SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mdm.sys -> [2006/04/28 23:25:44 | 00,097,184 | R--- | M] (MCCI)
(SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mdm.sys -> [2006/04/28 23:25:44 | 00,097,184 | R--- | M] (MCCI)
(SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mgmt.sys -> [2006/04/28 23:26:46 | 00,088,688 | R--- | M] (MCCI)
(SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mgmt.sys -> [2006/04/28 23:26:46 | 00,088,688 | R--- | M] (MCCI)
(se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se27nd5.sys -> [2006/04/28 23:24:06 | 00,018,704 | R--- | M] (MCCI)
(se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se27nd5.sys -> [2006/04/28 23:24:06 | 00,018,704 | R--- | M] (MCCI)
(SE27obex) Sony Ericsson Device 039 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27obex.sys -> [2006/04/28 23:27:48 | 00,086,560 | R--- | M] (MCCI)
(SE27obex) Sony Ericsson Device 039 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27obex.sys -> [2006/04/28 23:27:48 | 00,086,560 | R--- | M] (MCCI)
(se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se27unic.sys -> [2006/04/28 23:24:00 | 00,090,800 | R--- | M] (MCCI)
(se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se27unic.sys -> [2006/04/28 23:24:00 | 00,090,800 | R--- | M] (MCCI)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2004/08/04 20:00:00 | 00,027,440 | ---- | M] ()
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2004/08/04 20:00:00 | 00,027,440 | ---- | M] ()
(Sentinel) Sentinel [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\sentinel.sys -> [2001/06/22 05:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.)
(Sentinel) Sentinel [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\sentinel.sys -> [2001/06/22 05:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.)
(Slp1kdr) SmartLock Pro(1K) [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\SLP1KDR.SYS -> [2001/02/14 03:17:04 | 00,006,325 | ---- | M] ()
(Slp1kdr) SmartLock Pro(1K) [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\SLP1KDR.SYS -> [2001/02/14 03:17:04 | 00,006,325 | ---- | M] ()
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [2007/12/27 17:14:14 | 00,715,248 | ---- | M] ()
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [2007/12/27 17:14:14 | 00,715,248 | ---- | M] ()
(upperdev) upperdev [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser_lowerflt.sys -> [2007/11/29 10:39:42 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(upperdev) upperdev [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser_lowerflt.sys -> [2007/11/29 10:39:42 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(usbser) Nokia USB Serial Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser.sys -> [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation)
(usbser) Nokia USB Serial Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser.sys -> [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation)
(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser_lowerfltj.sys -> [2007/11/29 10:39:52 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser_lowerfltj.sys -> [2007/11/29 10:39:52 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(Wdf01000) Wdf01000 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wdf01000.sys -> [2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation)
(Wdf01000) Wdf01000 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wdf01000.sys -> [2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 20:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 20:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< HOSTS File > (289210 bytes and 10012 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2004/12/14 01:56:50 | 00,063,136 | ---- | M] (Adobe Systems Incorporated)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO.dll [BitComet Helper] -> [2006/12/15 16:05:08 | 00,325,184 | ---- | M] (BitComet)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/09/04 11:43:36 | 00,121,632 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/09/04 11:43:36 | 00,121,632 | ---- | M] ()
"{BA52B914-B692-46c4-B683-905236F6F655}" [HKLM] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [McAfee VirusScan] -> [2005/07/01 20:44:30 | 00,114,688 | ---- | M] (McAfee, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ANIWZCS2Service" -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe [C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe] -> [2004/12/16 17:49:14 | 00,049,152 | ---- | M] (Alpha Networks Inc.)
"ATICCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime] -> [2005/09/22 00:55:04 | 00,057,344 | ---- | M] (ATI Technologies Inc.)
"D-Link AirPlus G" -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe [C:\Program Files\D-Link\AirPlus G\AirGCFG.exe] -> [2005/03/29 11:41:10 | 01,245,184 | ---- | M] (D-Link)
"IMJPMIG8.1" -> %SystemRoot%\ime\IMJP8_1\imjpmig.exe ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/04 20:00:00 | 00,208,952 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe [C:\Program Files\iTunes\iTunesHelper.exe] -> [2004/12/18 00:20:14 | 00,278,528 | ---- | M] (Apple Computer, Inc.)
"MCAgentExe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [c:\PROGRA~1\mcafee.com\agent\mcagent.exe] -> [2005/09/22 18:29:08 | 00,303,104 | ---- | M] (McAfee, Inc)
"MCUpdateExe" -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe [c:\PROGRA~1\mcafee.com\agent\mcupdate.exe] -> [2006/01/11 12:05:42 | 00,212,992 | ---- | M] (McAfee, Inc)
"NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"nTrayFw" -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe] -> [2004/10/05 17:04:34 | 00,266,240 | ---- | M] (NVIDIA Corporation)
"NVMixerTray" -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NvMixerTray.exe ["C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"] -> [2004/10/07 17:53:06 | 00,131,072 | ---- | M] (NVIDIA Corporation)
"OASClnt" -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe [C:\Program Files\McAfee.com\VSO\oasclnt.exe] -> [2005/08/11 22:02:44 | 00,053,248 | ---- | M] (McAfee, Inc.)
"OpwareSE2" -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe ["C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"] -> [2003/05/08 12:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.)
"PHIME2002A" -> %SystemRoot%\system32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/04 20:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> File not found
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/05/24 10:19:50 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"RemoteControl" -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.)
"Sony Ericsson PC Suite" -> ["C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions] -> File not found
"SoundMan" -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2005/11/11 14:07:40 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"VirusScan Online" -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe [C:\Program Files\McAfee.com\VSO\mcvsshld.exe] -> [2005/08/10 12:49:20 | 00,163,840 | ---- | M] (McAfee, Inc.)
"VSOCheckTask" -> %ProgramFiles%\McAfee.com\VSO\mcmnhdlr.exe ["C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask] -> [2005/07/08 18:18:22 | 00,151,552 | ---- | M] (McAfee, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AlcoholAutomount" -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AxCmd.exe ["C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount] -> [2007/12/22 15:20:59 | 00,222,080 | ---- | M] (Alcohol Soft Development Team)
"msnmsgr" -> %ProgramFiles%\MSN Messenger\msnmsgr.exe ["C:\Program Files\MSN Messenger\msnmsgr.exe" /background] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"Nokia.PCSync" -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog] -> [2008/03/26 18:41:50 | 01,232,896 | ---- | M] (Time Information Services Ltd.)
"PC Suite Tray" -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray] -> [2008/04/16 12:53:46 | 01,079,808 | ---- | M] (Nokia)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> [2005/09/22 00:55:04 | 00,057,344 | ---- | M] (ATI Technologies Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Free WebSite Tools.lnk -> %ProgramFiles%\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe -> [2003/08/07 14:20:10 | 00,372,224 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\HID Button Manager v1.59.lnk -> %ProgramFiles%\INITIO\HID Button Manager v1.59\inihid.exe -> [2005/11/28 15:04:02 | 00,196,608 | ---- | M] ()
< EDITOR Startup Folder > -> C:\Documents and Settings\EDITOR\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [255] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"HideLegacyLogonScripts" -> [0] -> File not found
\\"HideLogoffScripts" -> [0] -> File not found
\\"RunLogonScriptSync" -> [1] -> File not found
\\"RunStartupScriptSync" -> [0] -> File not found
\\"HideStartupScripts" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [36] -> File not found
\\"NoDriveAutoRun" -> [FF FF FF FF [binary data]] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"HideLegacyLogonScripts" -> [0] -> File not found
\\"HideLogoffScripts" -> [0] -> File not found
\\"RunLogonScriptSync" -> [1] -> File not found
\\"RunStartupScriptSync" -> [0] -> File not found
\\"HideStartupScripts" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm] -> [2006/12/15 16:05:10 | 04,954,176 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm] -> [2006/12/15 16:05:10 | 04,954,176 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm] -> [2006/12/15 16:05:10 | 04,954,176 | ---- | M] (www.BitComet.com)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2005/05/27 13:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/15 10:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 10:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5225 domain(s) found. ->
51 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7713 domain(s) found. ->
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[McAfee.com Operating System Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1DF641EA-F711-443F-B73C-A1C73FE09E1F} -> 202.188.0.133,202.188.1.5 (D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)) ->
{2F66B63E-27B3-46E1-A81D-8A2F51E0B4E7} -> (Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)) ->
{55D4B9DF-5025-46B6-9D4F-C732561EF122} -> () ->
{A6ECEDB9-E1AA-47B4-AFE1-E2B1DF089D74} -> (1394 Net Adapter) ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
Antiwpa -> %SystemRoot%\system32\antiwpa.dll -> [2005/12/29 19:26:48 | 00,005,376 | R--- | M] ()
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2005/09/21 22:54:10 | 00,046,080 | ---- | M] (ATI Technologies Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> [2006/09/28 22:13:28 | 00,073,728 | ---- | M] (Anti-Malware Development a.s.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 20:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 20:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe" -> C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe [C:\Documents and Settings\EDITOR\My Documents\Stupid Clips\WoW BC\WOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/11/01 13:58:06 | 00,741,386 | ---- | M] (Blizzard Entertainment)
"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" -> C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> [2004/08/10 05:04:08 | 00,020,543 | ---- | M] (Apache Software Foundation)
"C:\Program Files\BitComet\BitComet.exe" -> C:\Program Files\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> [2006/12/15 16:05:10 | 04,954,176 | ---- | M] (www.BitComet.com)
"C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe" -> C&#
Post by: NuCK on December 22, 2008, 01:16:48 AM
Post by: guestolo on December 22, 2008, 01:46:46 AM
That doesn't help having outdated AntiVirus software, we should remove it and get you some free AntiVirus if that is what you prefer
I have a couple suggestions
Take a look at either
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
OR
Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html\")
You only need one
Let me know which one your prefer, download and save the installer to desktop, but DO NOT install it yet
Come back here and let me know which you decided on
Post by: NuCK on December 22, 2008, 04:55:31 AM
Post by: guestolo on December 22, 2008, 12:14:37 PM
Download and save the installer for Avira to desktop, from the following link
http://www.free-av.com/en/download/1/downl..._antivirus.html (http://\"http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html\")
Don't install it yet
Next, download and save to desktop [color=\"#FF0000\"]MCPR.exe[/color] (http://\"http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe\")
It's a McAfee removal tool
Access your Add and Remove programs
Remove McAfee Security Center, you should be prompted on what products you want removed at this point, tick entries and continue with the uninstallation
Reboot afterwards:
Back in Windows
Run MCPR.exe you downloaded earlier, follow on screen instructions, reboot if required
Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time
NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it
A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"
Quarantine or delete everything it finds
When the scan is finished
Reboot the computer
Back in Windows
Can you post all the following back please:
1. Post a fresh hijackthis log
2. Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"