1
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: August 01, 2007, 10:57:10 AM »
Thanks that helped a lot! Still can't believe I had all that crap on my computer. xD
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 31, 2007, 08:28:11 PM »
I accidentally did it twice and forgot to save the results of the first one. xD
3
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 31, 2007, 11:20:46 AM »
File/Folder C:\WINDOWS\system32\dsupl.exe not found.
File/Folder C:\Program Files\Free KGB Key Logger not found.
Created on 07/31/2007 12:04:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:10 PM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\OTMoveIt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6558 bytes
File/Folder C:\Program Files\Free KGB Key Logger not found.
Created on 07/31/2007 12:04:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:10 PM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\OTMoveIt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6558 bytes
4
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 30, 2007, 09:21:06 PM »
I didn't install that free kgb keylogger.
ComboFix 07-07-31 - "HP_Administrator" 2007-07-30 21:19:25.1 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\autorun.inf
C:\BFU
C:\BFU\alcanshorty.bfu
C:\BFU\BFU.exe
C:\bintheredunthat
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))
2007-07-30 01:41 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SystemRequirementsLab
2007-07-29 23:45 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-28 15:34 <DIR> d-------- C:\Program Files\DivX
2007-07-28 00:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-27 21:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 11:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-14 15:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-14 15:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-12 23:38 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-07-11 18:25 <DIR> d-------- C:\Program Files\Free Download Manager
2007-07-09 15:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-07 21:24 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-07 21:17 <DIR> d-------- C:\NVIDIA
2007-06-21 14:47 <DIR> d-------- C:\Program Files\eMule
2007-06-21 10:49 45,568 --a------ C:\WINDOWS\system32\dsupl.exe
2007-06-21 01:08 2,472 --a------ C:\clean.bat
2007-06-21 00:19 <DIR> d-------- C:\Program Files\Error Expert
2007-06-20 22:52 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
2007-06-18 22:30 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
2007-06-18 22:30 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
2007-06-17 12:26 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 12:10 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-17 12:10 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-17 12:10 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-17 12:10 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-17 12:10 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-17 12:10 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-17 12:10 <DIR> dr-h----- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SecuROM
2007-06-17 12:00 <DIR> d-------- C:\Program Files\Ubisoft
2007-06-17 11:38 686,840 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 11:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-06-13 23:03 <DIR> d-------- C:\Program Files\Globe7
2007-06-13 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-13 00:25 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus
2007-06-13 00:24 <DIR> d-------- C:\Program Files\Azureus
2007-06-12 23:57 <DIR> d-------- C:\Program Files\style bind
2007-06-09 19:09 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-09 19:09 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-09 19:09 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-09 19:09 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-09 19:09 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-09 19:09 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-09 19:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 17:25 --------- d-------- C:\Program Files\WarRock
2007-07-30 11:52 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Xfire
2007-07-28 15:34 4576 --a------ C:\WINDOWS\mozver.dat
2007-07-27 17:35 --------- d---s---- C:\Program Files\Xfire
2007-07-27 13:45 --------- d--hs---- C:\Program Files\Free KGB Key Logger
2007-07-27 13:45 --------- d-------- C:\Program Files\music_now
2007-07-12 23:51 --------- d-------- C:\Program Files\LimeWire
2007-07-12 23:39 --------- d-------- C:\Program Files\America's Army
2007-07-12 21:38 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-07-07 21:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 01:32 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\style bind
2007-06-21 00:10 --------- d-------- C:\Program Files\Share_Accelerator_MM
2007-06-18 17:44 --------- d-------- C:\Program Files\Viewpoint
2007-06-18 17:44 --------- d-------- C:\Program Files\AIM6
2007-06-13 11:25 --------- d-------- C:\Program Files\Common Files\stardock
2007-06-13 00:42 --------- d-------- C:\Program Files\BitTorrent
2007-06-13 00:03 --------- d-------- C:\Program Files\BitDownload
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-19 20:26 0 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2006-12-13 22:32:22 80 --sh--r C:\WINDOWS\system32\4090D52FA0.dll
2006-11-22 03:04:32 88 --sh--r C:\WINDOWS\system32\A02FD59040.sys
2006-11-22 03:04:32 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 00:54 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 15:15 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-29 11:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-10 21:07:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 14:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys
S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S4 AFSEGTGF Windows Service;AFSEGTGF Windows Service;C:\WINDOWS\system32\dsjch.exe -service
*Newly Created Service* - PNKBSTRK
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 21:21:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-30 21:22:18
C:\ComboFix-quarantined-files.txt ... 2007-07-30 21:22
C:\ComboFix2.txt ... 2007-07-30 11:53
C:\ComboFix3.txt ... 2007-07-27 21:59
--- E O F ---
File: dsupl.exe Status: [color=\"red\"]INFECTED/MALWARE[/color] MD5: 30adac128c2c3491e48ee019435ddb53 Packers detected: - Bit9 reports: File not found
Scan taken on 31 Jul 2007 02:35:14 (GMT) A-Squared Found nothing AntiVir Found TR/Genetik.FH ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Generic5.LAK BitDefender Found Trojan.Dloader.BKV ClamAV Found Trojan.Downloader-11698 CPsecure Found nothing Dr.Web Found DLOADER.Trojan (probable variant) F-Prot Antivirus Found Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus F-Secure Anti-Virus Found Trojan.Win32.Small.mw Fortinet Found W32/GENETIK.DH!tr Kaspersky Anti-Virus Found Trojan.Win32.Small.mw NOD32 Found probably a variant of Win32/Genetik (probable variant) Norman Virus Control Found W32/Malware.YJJ Panda Antivirus Found Generic Rising Antivirus Found nothing Sophos Antivirus Found Mal/Behav-010 VirusBuster Found nothing VBA32 Found nothing
File: 4090D52FA0.dll Status: [color=\"#00bb00\"]OK[/color] MD5: 55831523fc98753fa7f47581a2bbe16a Packers detected: - Bit9 reports: File not found
Scan taken on 31 Jul 2007 02:39:42 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing
File: A02FD59040.sys Status: [color=\"#00bb00\"]OK[/color] MD5: 25e6d10d08f9b655d7a79afee7632278 Packers detected: - Bit9 reports: File not found
Scan taken on 31 Jul 2007 02:42:57 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing
EDIT: Okay it's better.
ComboFix 07-07-31 - "HP_Administrator" 2007-07-30 21:19:25.1 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\autorun.inf
C:\BFU
C:\BFU\alcanshorty.bfu
C:\BFU\BFU.exe
C:\bintheredunthat
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))
2007-07-30 01:41 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SystemRequirementsLab
2007-07-29 23:45 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-28 15:34 <DIR> d-------- C:\Program Files\DivX
2007-07-28 00:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-27 21:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 11:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-14 15:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-14 15:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-12 23:38 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-07-11 18:25 <DIR> d-------- C:\Program Files\Free Download Manager
2007-07-09 15:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-07 21:24 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-07 21:17 <DIR> d-------- C:\NVIDIA
2007-06-21 14:47 <DIR> d-------- C:\Program Files\eMule
2007-06-21 10:49 45,568 --a------ C:\WINDOWS\system32\dsupl.exe
2007-06-21 01:08 2,472 --a------ C:\clean.bat
2007-06-21 00:19 <DIR> d-------- C:\Program Files\Error Expert
2007-06-20 22:52 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
2007-06-18 22:30 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
2007-06-18 22:30 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
2007-06-17 12:26 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 12:10 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-17 12:10 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-17 12:10 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-17 12:10 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-17 12:10 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-17 12:10 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-17 12:10 <DIR> dr-h----- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SecuROM
2007-06-17 12:00 <DIR> d-------- C:\Program Files\Ubisoft
2007-06-17 11:38 686,840 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 11:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-06-13 23:03 <DIR> d-------- C:\Program Files\Globe7
2007-06-13 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-13 00:25 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus
2007-06-13 00:24 <DIR> d-------- C:\Program Files\Azureus
2007-06-12 23:57 <DIR> d-------- C:\Program Files\style bind
2007-06-09 19:09 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-09 19:09 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-09 19:09 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-09 19:09 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-09 19:09 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-09 19:09 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-09 19:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 17:25 --------- d-------- C:\Program Files\WarRock
2007-07-30 11:52 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Xfire
2007-07-28 15:34 4576 --a------ C:\WINDOWS\mozver.dat
2007-07-27 17:35 --------- d---s---- C:\Program Files\Xfire
2007-07-27 13:45 --------- d--hs---- C:\Program Files\Free KGB Key Logger
2007-07-27 13:45 --------- d-------- C:\Program Files\music_now
2007-07-12 23:51 --------- d-------- C:\Program Files\LimeWire
2007-07-12 23:39 --------- d-------- C:\Program Files\America's Army
2007-07-12 21:38 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-07-07 21:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 01:32 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\style bind
2007-06-21 00:10 --------- d-------- C:\Program Files\Share_Accelerator_MM
2007-06-18 17:44 --------- d-------- C:\Program Files\Viewpoint
2007-06-18 17:44 --------- d-------- C:\Program Files\AIM6
2007-06-13 11:25 --------- d-------- C:\Program Files\Common Files\stardock
2007-06-13 00:42 --------- d-------- C:\Program Files\BitTorrent
2007-06-13 00:03 --------- d-------- C:\Program Files\BitDownload
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-19 20:26 0 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2006-12-13 22:32:22 80 --sh--r C:\WINDOWS\system32\4090D52FA0.dll
2006-11-22 03:04:32 88 --sh--r C:\WINDOWS\system32\A02FD59040.sys
2006-11-22 03:04:32 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 00:54 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 15:15 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-29 11:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-10 21:07:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 14:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys
S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S4 AFSEGTGF Windows Service;AFSEGTGF Windows Service;C:\WINDOWS\system32\dsjch.exe -service
*Newly Created Service* - PNKBSTRK
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 21:21:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-30 21:22:18
C:\ComboFix-quarantined-files.txt ... 2007-07-30 21:22
C:\ComboFix2.txt ... 2007-07-30 11:53
C:\ComboFix3.txt ... 2007-07-27 21:59
--- E O F ---
File: dsupl.exe Status: [color=\"red\"]INFECTED/MALWARE[/color] MD5: 30adac128c2c3491e48ee019435ddb53 Packers detected: - Bit9 reports: File not found
Scan taken on 31 Jul 2007 02:35:14 (GMT) A-Squared Found nothing AntiVir Found TR/Genetik.FH ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Generic5.LAK BitDefender Found Trojan.Dloader.BKV ClamAV Found Trojan.Downloader-11698 CPsecure Found nothing Dr.Web Found DLOADER.Trojan (probable variant) F-Prot Antivirus Found Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus F-Secure Anti-Virus Found Trojan.Win32.Small.mw Fortinet Found W32/GENETIK.DH!tr Kaspersky Anti-Virus Found Trojan.Win32.Small.mw NOD32 Found probably a variant of Win32/Genetik (probable variant) Norman Virus Control Found W32/Malware.YJJ Panda Antivirus Found Generic Rising Antivirus Found nothing Sophos Antivirus Found Mal/Behav-010 VirusBuster Found nothing VBA32 Found nothing
File: 4090D52FA0.dll Status: [color=\"#00bb00\"]OK[/color] MD5: 55831523fc98753fa7f47581a2bbe16a Packers detected: - Bit9 reports: File not found
Scan taken on 31 Jul 2007 02:39:42 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing
File: A02FD59040.sys Status: [color=\"#00bb00\"]OK[/color] MD5: 25e6d10d08f9b655d7a79afee7632278 Packers detected: - Bit9 reports: File not found
Scan taken on 31 Jul 2007 02:42:57 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing
EDIT: Okay it's better.
5
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 30, 2007, 10:56:21 AM »
Things work GREAT! My Firefox doesn't explode on me anymore and I don't have anymore pop-ups or anything! Thanks again for helping me so much! 
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'
\' />
"HP_Administrator" - 2007-07-30 11:07:24 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\xhayksms.dll
C:\WINDOWS\system32\smskyahx.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))
2007-07-30 01:41 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SystemRequirementsLab
2007-07-29 23:45 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-29 23:40 <DIR> drahs---- C:\autorun.inf
2007-07-28 15:34 <DIR> d-------- C:\Program Files\DivX
2007-07-28 00:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-27 21:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 21:44 <DIR> d-------- C:\bintheredunthat
2007-07-27 21:17 <DIR> d-------- C:\BFU
2007-07-15 11:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-14 15:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-14 15:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-12 23:38 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-07-11 18:25 <DIR> d-------- C:\Program Files\Free Download Manager
2007-07-09 15:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-07 21:24 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-07 21:17 <DIR> d-------- C:\NVIDIA
2007-06-21 14:47 <DIR> d-------- C:\Program Files\eMule
2007-06-21 10:49 45,568 --a------ C:\WINDOWS\system32\dsupl.exe
2007-06-21 01:08 2,472 --a------ C:\clean.bat
2007-06-21 00:19 <DIR> d-------- C:\Program Files\Error Expert
2007-06-20 22:52 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
2007-06-18 22:30 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
2007-06-18 22:30 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
2007-06-17 12:26 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 12:10 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-17 12:10 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-17 12:10 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-17 12:10 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-17 12:10 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-17 12:10 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-17 12:10 <DIR> dr-h----- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SecuROM
2007-06-17 12:00 <DIR> d-------- C:\Program Files\Ubisoft
2007-06-17 11:42 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-17 11:38 686,840 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 11:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-06-13 23:03 <DIR> d-------- C:\Program Files\Globe7
2007-06-13 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-13 00:25 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus
2007-06-13 00:24 <DIR> d-------- C:\Program Files\Azureus
2007-06-12 23:57 <DIR> d-------- C:\Program Files\style bind
2007-06-09 19:09 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-09 19:09 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-09 19:09 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-09 19:09 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-09 19:09 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-09 19:09 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-09 19:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-08 17:56 1,859,254 ---hs---- C:\WINDOWS\system32\mpqss.ini2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 15:49:09 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Xfire
2007-07-28 19:34:26 4,576 ----a-w C:\WINDOWS\mozver.dat
2007-07-27 21:54:34 -------- d-----w C:\Program Files\WarRock
2007-07-27 21:35:14 -------- d-s---w C:\Program Files\Xfire
2007-07-27 17:45:40 -------- d-sh--w C:\Program Files\Free KGB Key Logger
2007-07-27 17:45:13 -------- d-----w C:\Program Files\music_now
2007-07-13 03:51:08 -------- d-----w C:\Program Files\LimeWire
2007-07-13 03:39:03 -------- d-----w C:\Program Files\America's Army
2007-07-13 01:38:28 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-07-08 01:24:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 05:32:13 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\style bind
2007-06-21 04:10:49 -------- d-----w C:\Program Files\Share_Accelerator_MM
2007-06-18 21:44:30 -------- d-----w C:\Program Files\AIM6
2007-06-18 21:44:28 -------- d-----w C:\Program Files\Viewpoint
2007-06-13 15:25:17 -------- d-----w C:\Program Files\Common Files\stardock
2007-06-13 04:42:42 -------- d-----w C:\Program Files\BitTorrent
2007-06-13 04:03:14 -------- d-----w C:\Program Files\BitDownload
2007-06-11 00:46:35 1,848,069 --sh--w C:\WINDOWS\system32\mpqss.bak1
2007-06-10 00:46:25 1,849,579 --sha-w C:\WINDOWS\system32\mpqss.bak2
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-11-20 00:26:12 0 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2006-12-13 22:32:22 80 --sh--r C:\WINDOWS\system32\4090D52FA0.dll
2006-11-22 03:04:32 88 --sh--r C:\WINDOWS\system32\A02FD59040.sys
2006-11-22 03:04:32 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 00:54 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 15:15 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 15:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-29 11:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-10 21:07:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 14:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 usbstor;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys
S2 AFSEGTGF Windows Service;AFSEGTGF Windows Service;C:\WINDOWS\system32\dsjch.exe -service
S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd56ec3-0bf3-11dc-8a35-0c0c0c0c0c01}]
Auto\command- F:\tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9666843c-22cb-11dc-8a66-0c0c0c0c0c01}]
Auto\command- tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98983a3a-5630-11db-87a0-001731c64165}]
Auto\command- tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7B566F8A-624C-2570-0B75-A27CDC7119CF}
C:\WINDOWS\NtmsData\klswd.exe s
Contents of the 'Scheduled Tasks' folder
2007-07-30 07:00:00 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 11:52:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-30 11:53:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-30 11:53
C:\ComboFix2.txt ... 2007-07-27 21:59
--- E O F ---
\' />"HP_Administrator" - 2007-07-30 11:07:24 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\xhayksms.dll
C:\WINDOWS\system32\smskyahx.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))
2007-07-30 01:41 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SystemRequirementsLab
2007-07-29 23:45 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-29 23:40 <DIR> drahs---- C:\autorun.inf
2007-07-28 15:34 <DIR> d-------- C:\Program Files\DivX
2007-07-28 00:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-27 21:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 21:44 <DIR> d-------- C:\bintheredunthat
2007-07-27 21:17 <DIR> d-------- C:\BFU
2007-07-15 11:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-14 15:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-14 15:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-12 23:38 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-07-11 18:25 <DIR> d-------- C:\Program Files\Free Download Manager
2007-07-09 15:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-07 21:24 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-07 21:17 <DIR> d-------- C:\NVIDIA
2007-06-21 14:47 <DIR> d-------- C:\Program Files\eMule
2007-06-21 10:49 45,568 --a------ C:\WINDOWS\system32\dsupl.exe
2007-06-21 01:08 2,472 --a------ C:\clean.bat
2007-06-21 00:19 <DIR> d-------- C:\Program Files\Error Expert
2007-06-20 22:52 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
2007-06-18 22:30 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
2007-06-18 22:30 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
2007-06-17 12:26 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 12:10 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-17 12:10 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-17 12:10 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-17 12:10 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-17 12:10 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-17 12:10 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-17 12:10 <DIR> dr-h----- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SecuROM
2007-06-17 12:00 <DIR> d-------- C:\Program Files\Ubisoft
2007-06-17 11:42 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-17 11:38 686,840 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 11:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-06-13 23:03 <DIR> d-------- C:\Program Files\Globe7
2007-06-13 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-13 00:25 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus
2007-06-13 00:24 <DIR> d-------- C:\Program Files\Azureus
2007-06-12 23:57 <DIR> d-------- C:\Program Files\style bind
2007-06-09 19:09 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-09 19:09 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-09 19:09 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-09 19:09 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-09 19:09 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-09 19:09 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-09 19:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-08 17:56 1,859,254 ---hs---- C:\WINDOWS\system32\mpqss.ini2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 15:49:09 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Xfire
2007-07-28 19:34:26 4,576 ----a-w C:\WINDOWS\mozver.dat
2007-07-27 21:54:34 -------- d-----w C:\Program Files\WarRock
2007-07-27 21:35:14 -------- d-s---w C:\Program Files\Xfire
2007-07-27 17:45:40 -------- d-sh--w C:\Program Files\Free KGB Key Logger
2007-07-27 17:45:13 -------- d-----w C:\Program Files\music_now
2007-07-13 03:51:08 -------- d-----w C:\Program Files\LimeWire
2007-07-13 03:39:03 -------- d-----w C:\Program Files\America's Army
2007-07-13 01:38:28 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-07-08 01:24:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 05:32:13 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\style bind
2007-06-21 04:10:49 -------- d-----w C:\Program Files\Share_Accelerator_MM
2007-06-18 21:44:30 -------- d-----w C:\Program Files\AIM6
2007-06-18 21:44:28 -------- d-----w C:\Program Files\Viewpoint
2007-06-13 15:25:17 -------- d-----w C:\Program Files\Common Files\stardock
2007-06-13 04:42:42 -------- d-----w C:\Program Files\BitTorrent
2007-06-13 04:03:14 -------- d-----w C:\Program Files\BitDownload
2007-06-11 00:46:35 1,848,069 --sh--w C:\WINDOWS\system32\mpqss.bak1
2007-06-10 00:46:25 1,849,579 --sha-w C:\WINDOWS\system32\mpqss.bak2
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-11-20 00:26:12 0 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2006-12-13 22:32:22 80 --sh--r C:\WINDOWS\system32\4090D52FA0.dll
2006-11-22 03:04:32 88 --sh--r C:\WINDOWS\system32\A02FD59040.sys
2006-11-22 03:04:32 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 00:54 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 15:15 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 15:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-29 11:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-10 21:07:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 14:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 usbstor;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys
S2 AFSEGTGF Windows Service;AFSEGTGF Windows Service;C:\WINDOWS\system32\dsjch.exe -service
S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd56ec3-0bf3-11dc-8a35-0c0c0c0c0c01}]
Auto\command- F:\tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9666843c-22cb-11dc-8a66-0c0c0c0c0c01}]
Auto\command- tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98983a3a-5630-11db-87a0-001731c64165}]
Auto\command- tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7B566F8A-624C-2570-0B75-A27CDC7119CF}
C:\WINDOWS\NtmsData\klswd.exe s
Contents of the 'Scheduled Tasks' folder
2007-07-30 07:00:00 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 11:52:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-30 11:53:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-30 11:53
C:\ComboFix2.txt ... 2007-07-27 21:59
--- E O F ---
6
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 30, 2007, 12:49:45 AM »AVZ Antiviral Toolkit log; AVZ version is 4.25
Scanning started at 7/30/2007 12:10:33 AM
Database loaded: 119334 signatures, 2 NN profile(s), 55 microprograms of healing, signature database released 29.07.2007 12:41
Heuristic microprograms loaded : 370
Digital signatures of system files loaded: 61046
Heuristic analyzer mode: Maximum heuristics level
Healing mode: disabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
1. Searching for rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section: .text
Analysis: ntdll.dll, export table found in section: .text
Analysis: user32.dll, export table found in section: .text
Analysis: advapi32.dll, export table found in section: .text
Analysis: ws2_32.dll, export table found in section: .text
Analysis: wininet.dll, export table found in section: .text
Analysis: rasapi32.dll, export table found in section: .text
Analysis: urlmon.dll, export table found in section: .text
Analysis: netapi32.dll, export table found in section: .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=0846E0)
Kernel ntkrnlpa.exe found in the memory at the address 804D7000
SDT = 8055B6E0
KiST = 80503940 (284)
Function NtCreateKey (29) intercepted (80622104->F72F80D0), hook C:\WINDOWS\system32\Drivers\sptd.sys
Function NtEnumerateKey (47) intercepted (80622944->F72FDFB2), hook C:\WINDOWS\system32\Drivers\sptd.sys
Function NtEnumerateValueKey (49) intercepted (80622BAE->F72FE340), hook C:\WINDOWS\system32\Drivers\sptd.sys
Function NtOpenKey (77) intercepted (8062349A->F72F80B0), hook C:\WINDOWS\system32\Drivers\sptd.sys
Function NtOpenProcess (7A) intercepted (805C9CFE->F7B7D8AC), hook C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Function NtQueryKey (A0) intercepted (806237BE->F72FE418), hook C:\WINDOWS\system32\Drivers\sptd.sys
Function NtQueryValueKey (B1) intercepted (806201BE->F72FE298), hook C:\WINDOWS\system32\Drivers\sptd.sys
Function NtSetValueKey (F7) intercepted (806207C4->F72FE4AA), hook C:\WINDOWS\system32\Drivers\sptd.sys
Function NtTerminateProcess (101) intercepted (805D1226->F7B7D812), hook C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Functions checked: 284, intercepted: 9, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
The extended monitoring driver (AVZPM) is not installed, examination is not performed
2. Scanning memory
Number of processes found: 46
Analyzer - the process under analysis is 1372 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer - the process under analysis is 1420 C:\Program Files\Alwil Software\Avast4\ashServ.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing?
Analyzer - the process under analysis is 260 C:\Program Files\QuickTime\qttask.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer - the process under analysis is 288 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer - the process under analysis is 364 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer - the process under analysis is 380 C:\Program Files\AIM6\aim6.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing?
Analyzer - the process under analysis is 540 C:\Program Files\AIM6\aolsoftware.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing?
Analyzer - the process under analysis is 552 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing?
Analyzer - the process under analysis is 1236 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[ES]:Application has no visible windows
Analyzer - the process under analysis is 2088 C:\WINDOWS\system32\PnkBstrA.exe
[ES]:Contains network functionality
[ES]:Capable of sending mail ?!
[ES]:Application has no visible windows
[ES]:Located in system folder
Analyzer - the process under analysis is 2580 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[ES]:Contains network functionality
[ES]:Capable of sending mail ?!
[ES]:Listens TCP ports !
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing?
Analyzer - the process under analysis is 2800 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[ES]:Contains network functionality
[ES]:Listens TCP ports !
[ES]:Listens HTTP ports !
[ES]:Application has no visible windows
Analyzer - the process under analysis is 3836 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Number of modules loaded: 410
Memory checking - complete
3. Scanning disks
Direct reading C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\pq8eml4n.default\cert8.db
Direct reading C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\pq8eml4n.default\history.dat
Direct reading C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\pq8eml4n.default\key3.db
Direct reading C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\pq8eml4n.default\urlclassifier2.sqlite
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-77b36199/{ZIP}/BaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-77b36199/{ZIP}/VaaaaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-77b36199/{ZIP}/Baaaaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\1ce941ce-677f182c/{ZIP}/BaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\1ce941ce-677f182c/{ZIP}/VaaaaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\1ce941ce-677f182c/{ZIP}/Baaaaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\254ab48e-4babaa3e/{ZIP}/BaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\254ab48e-4babaa3e/{ZIP}/VaaaaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\254ab48e-4babaa3e/{ZIP}/Baaaaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\2a68265a-787715d0/{ZIP}/BaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\2a68265a-787715d0/{ZIP}/VaaaaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\2a68265a-787715d0/{ZIP}/Baaaaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\5ef5f5a-23dd0c56/{ZIP}/BaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\5ef5f5a-23dd0c56/{ZIP}/VaaaaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\5ef5f5a-23dd0c56/{ZIP}/Baaaaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\3f27a9-3fd00faf/{ZIP}/BaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\3f27a9-3fd00faf/{ZIP}/VaaaaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\3f27a9-3fd00faf/{ZIP}/Baaaaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-20bbb7fd.zip/{ZIP}/BaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-20bbb7fd.zip/{ZIP}/VaaaaaaaBaa.class >>>>> Trojan.Java.ClassLoader.ao
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-20bbb7fd.zip/{ZIP}/Baaaaa.class >>>>> Trojan.Java.ClassLoader.ao
Direct reading C:\Documents and Settings\HP_Administrator\Cookies\index.dat
Direct reading C:\Documents and Settings\HP_Administrator\Desktop\armyops280_win(1).exe
Direct reading C:\Documents and Settings\HP_Administrator\Desktop\armyops280_win.exe
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\AOL OCP\AIM\Storage\data\asianvietsweetie\localStorage\common.cls
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\pq8eml4n.default\Cache\_CACHE_001_
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\pq8eml4n.default\Cache\_CACHE_002_
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\pq8eml4n.default\Cache\_CACHE_003_
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007072320070730\index.dat
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007072920070730\index.dat
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007073020070731\index.dat
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hpodvd09.log
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~WRC0000.tmp
Direct reading C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\M5OJEFMZ\adserver[1].php Cannot open file "C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\M5OJEFMZ\adserver[1].php". The process cannot access the file because it is being used by another process
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\M5OJEFMZ\adserver[2].php Cannot open file "C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\M5OJEFMZ\adserver[2].php". The process cannot access the file because it is being used by another process
Direct reading C:\Documents and Settings\HP_Administrator\My Documents\1984..doc
Direct reading C:\Documents and Settings\HP_Administrator\My Documents\Azureus Downloads\AA281FullInstaller_BitTorrent.exe
Direct reading C:\Documents and Settings\HP_Administrator\My Documents\Azureus Downloads\Grand Theft Auto - San Andreas.iso
Direct reading C:\Documents and Settings\HP_Administrator\NTUSER.DAT
C:\Documents and Settings\HP_Administrator\Shared\E-40 ft. T-Pain- U and Dat .mp3 - Extension masking is detected(danger level 5%)
C:\Documents and Settings\HP_Administrator\Shared\young joc I_Know_U_See_It__Clean_ .mp3 - Extension masking is detected(danger level 5%)
C:\Documents and Settings\HP_Administrator\Shared\Yung Joc - (New Joc City) - 08 - I Know You See It .mp3 - Extension masking is detected(danger level 5%)
C:\Documents and Settings\HP_Administrator\Shared\Yung Joc - I Know You See It (Dirty) .mp3 - Extension masking is detected(danger level 5%)
Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat
Direct reading C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Direct reading C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
Direct reading C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT
Direct reading C:\Documents and Settings\NetworkService\Cookies\index.dat
Direct reading C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Direct reading C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
Direct reading C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT
C:\hp\KBD\runHSC.exe >>> suspicion for AdvWare.Win32.VirtualBouncer.c ( 0044105C 00304E19 000EF470 00000000 16384)
C:\hp\recovery\wizard\fscommand\AppRecoveryLink.exe >>> suspicion for DoS.Win32.Opdos ( 00410AA2 00304E19 000F152C 001F1E7E 28672)
C:\hp\recovery\wizard\fscommand\CreatorLink.exe >>> suspicion for DoS.Win32.Opdos ( 00410AA2 00304E19 000F152C 001F1E7E 28672)
C:\hp\recovery\wizard\fscommand\RecordnowLink.exe >>> suspicion for DoS.Win32.Opdos ( 00410AA2 00304E19 000F152C 001F1E7E 28672)
C:\hp\recovery\wizard\fscommand\RestoreLink.exe >>> suspicion for DoS.Win32.Opdos ( 00410AA2 00304E19 000F152C 001F1E7E 28672)
C:\hp\recovery\wizard\fscommand\RTCDLink.exe >>> suspicion for DoS.Win32.Opdos ( 00410AA2 00304E19 000F152C 001F1E7E 28672)
C:\hp\recovery\wizard\fscommand\RunLink.exe >>> suspicion for DoS.Win32.Opdos ( 00410AA2 00304E19 000F152C 001F1E7E 28672)
C:\hp\recovery\wizard\fscommand\SysRecoveryLink.exe >>> suspicion for DoS.Win32.Opdos ( 00410AA2 00304E19 000F152C 001F1E7E 28672)
C:\hp\recovery\wizard\fscommand\WizardLink.exe >>> suspicion for DoS.Win32.Opdos ( 00410AA2 00304E19 000F152C 001F1E7E 28672)
Direct reading C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db
Direct reading C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt
C:\Program Files\Diner Dash 2\ReflexiveArcade\Application.dat Invalid file - not a PKZip file
C:\Program Files\Diner Dash 2\ReflexiveArcade\Arcade.dat Invalid file - not a PKZip file
C:\QooBox\Quarantine\C\WINDOWS\system32\abjfliew.dll.vir >>> suspicion for AdvWare.Win32.Virtumonde.kg ( 0B99DBC7 01B1A046 0029D636 0023A4D6 131124)
C:\QooBox\Quarantine\C\WINDOWS\system32\cuepmxrp.dll.vir >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\QooBox\Quarantine\C\WINDOWS\system32\ennaqmha.dll.vir >>> suspicion for AdvWare.Win32.Virtumonde.kb ( 0B3135E1 015E435F 0027AE21 00250DA2 50745)
C:\QooBox\Quarantine\C\WINDOWS\system32\fhbfsrps.dll.vir >>> suspicion for AdvWare.Win32.BHO.v ( 0B634177 064B4968 0024BD1E 00280BC9 124436)
C:\QooBox\Quarantine\C\WINDOWS\system32\fuvtrnxh.dll.vir >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\QooBox\Quarantine\C\WINDOWS\system32\gdqnokdh.dll.vir >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\QooBox\Quarantine\C\WINDOWS\system32\gsnaadty.dll.vir >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B362F6C 01B7C443 0023F233 0023CD05 131124)
C:\QooBox\Quarantine\C\WINDOWS\system32\ijimgiwo.dll.vir >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B362F6C 01B7C443 0023F233 0023CD05 131124)
C:\QooBox\Quarantine\C\WINDOWS\system32\jatvfawe.dll.vir >>> suspicion for AdvWare.Win32.Virtumonde.ir ( 0D461F06 01A2B9DE 0029E2BB 00280214 49204)
C:\QooBox\Quarantine\C\WINDOWS\system32\javkiuvo.dll.vir >>> suspicion for Trojan.Win32.BHO.o ( 0C110628 005E5E84 0023A0B2 0025270C 55316)
C:\QooBox\Quarantine\C\WINDOWS\system32\jcoojhid.dll.vir >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\QooBox\Quarantine\C\WINDOWS\system32\mqmctvsk.dll.vir >>> suspicion for AdvWare.Win32.BHO.v ( 0BBC8AB8 0400D4A1 00248BCC 0028C2C4 125460)
C:\QooBox\Quarantine\C\WINDOWS\system32\mtgcpaav.dll.vir >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\QooBox\Quarantine\C\WINDOWS\system32\sfmtkiin.dll.vir >>> suspicion for Trojan.Win32.BHO.g ( 0AF37A9C 0175643C 0027A1EF 00255ECC 49204)
C:\QooBox\Quarantine\C\WINDOWS\system32\tsgbdqeq.dll.vir >>> suspicion for AdvWare.Win32.BHO.v ( 0B634177 064B4968 0024BD1E 00280BC9 124436)
C:\QooBox\Quarantine\C\WINDOWS\system32\viavejlq.dll.vir >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\QooBox\Quarantine\C\WINDOWS\system32\wlyluqvo.dll.vir >>> suspicion for AdvWare.Win32.BHO.v ( 0B9D9EDF 03ABBA0A 00286896 00280E64 125460)
C:\QooBox\Quarantine\C\WINDOWS\system32\wqovnypm.dll.vir >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B527BB8 01EFFACC 0024909E 002685D6 132660)
C:\QooBox\Quarantine\C\WINDOWS\system32\xyxkgvky.dll.vir >>> suspicion for Trojan.Win32.BHO.g ( 0B52CEDA 01568055 00263EE0 0023AF63 49204)
C:\QooBox\Quarantine\catchme2007-07-27_215729.57.zip/{ZIP}/core.sys >>> suspicion for Rootkit.Win32.Agent.eq ( 09467360 06A5F7CD 0025D115 00226578 72320)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP176\A0066604.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
Direct reading C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP180\A0076844.exe
Direct reading C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP181\A0076847.exe
Direct reading C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP181\A0076899.exe
Direct reading C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP181\A0079906.exe
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP184\A0083913.dll >>> suspicion for AdvWare.Win32.Virtumonde.hb ( 0B98AB21 01F6F305 0025B262 00256691 132660)
Direct reading C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP188\A0096215.exe
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP189\A0101316.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP189\A0101317.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP191\A0106353.dll >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B1B4526 01D07FDC 002689E8 0028E1FF 132660)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP196\A0111639.dll >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B527BB8 01EFFACC 0024909E 002685D6 132660)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0117856.dll >>> suspicion for AdvWare.Win32.Virtumonde.kg ( 0B99DBC7 01B1A046 0029D636 0023A4D6 131124)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131360.scr >>>>> AdvWare.Win32.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131371.DLL >>>>> AdvWare.Win32.ToolBar.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131372.DLL >>>>> AdvWare.Win32.MyWebSearch.af
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131374.DLL >>>>> AdvWare.Win32.MyWebSearch.au
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131375.SCR >>>>> AdvWare.Win32.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131376.DLL >>>>> AdvWare.Win32.MyWebSearch.au
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131377.DLL >>>>> AdvWare.Win32.ToolBar.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131378.EXE >>>>> AdvWare.Win32.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131379.DLL >>>>> AdvWare.Win32.MyWebSearch.an
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131380.DLL >>>>> AdvWare.Win32.MyWebSearch.aq
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131381.DLL >>>>> AdvWare.Win32.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131384.DLL >>>>> AdvWare.Win32.IWon.a
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP214\A0131388.DLL >>>>> AdvWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP215\A0132324.DLL >>> suspicion for AdvWare.Win32.MyWebSearch.as ( 0075D21B 00000000 00212D13 0023D2AA 57344)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP215\A0132329.EXE >>>>> AdvWare.Win32.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP215\A0132330.DLL >>>>> AdvWare.Win32.MyWebSearch
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134644.dll >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134646.dll >>> suspicion for AdvWare.Win32.Virtumonde.kb ( 0B3135E1 015E435F 0027AE21 00250DA2 50745)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134647.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134649.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134653.dll >>> suspicion for AdvWare.Win32.Virtumonde.ir ( 0D461F06 01A2B9DE 0029E2BB 00280214 49204)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134654.dll >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134659.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134661.dll >>> suspicion for Trojan.Win32.BHO.g ( 0AF37A9C 0175643C 0027A1EF 00255ECC 49204)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134666.dll >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134668.dll >>> suspicion for AdvWare.Win32.BHO.v ( 0B9D9EDF 03ABBA0A 00286896 00280E64 125460)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134669.dll >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B527BB8 01EFFACC 0024909E 002685D6 132660)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP223\A0134670.dll >>> suspicion for Trojan.Win32.BHO.g ( 0B52CEDA 01568055 00263EE0 0023AF63 49204)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP224\A0134690.dll >>> suspicion for Trojan.Win32.BHO.bd ( 0BF5787C 017E8DFB 00287344 00254D91 58420)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP224\A0135535.DLL >>> suspicion for Trojan.Win32.BHO.bd ( 0BF5787C 017E8DFB 00287344 00254D91 58420)
Direct reading C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP248\A0145569.exe
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156536.dll >>>>> Keylogger.Win32.KGBSpy.34
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156674.dll >>> suspicion for AdvWare.Win32.Virtumonde.kg ( 0B99DBC7 01B1A046 0029D636 0023A4D6 131124)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156675.dll >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156676.dll >>> suspicion for AdvWare.Win32.Virtumonde.kb ( 0B3135E1 015E435F 0027AE21 00250DA2 50745)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156677.dll >>> suspicion for AdvWare.Win32.BHO.v ( 0B634177 064B4968 0024BD1E 00280BC9 124436)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156678.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156679.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156680.dll >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B362F6C 01B7C443 0023F233 0023CD05 131124)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156681.dll >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B362F6C 01B7C443 0023F233 0023CD05 131124)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156682.dll >>> suspicion for AdvWare.Win32.Virtumonde.ir ( 0D461F06 01A2B9DE 0029E2BB 00280214 49204)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156683.dll >>> suspicion for Trojan.Win32.BHO.o ( 0C110628 005E5E84 0023A0B2 0025270C 55316)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156684.dll >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156686.dll >>> suspicion for AdvWare.Win32.BHO.v ( 0BBC8AB8 0400D4A1 00248BCC 0028C2C4 125460)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156687.dll >>> suspicion for Trojan-Spy.Win32.VBStat.h ( 0C4B04E0 0141C207 00286445 0028FEF0 76412)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156688.dll >>> suspicion for Trojan.Win32.BHO.g ( 0AF37A9C 0175643C 0027A1EF 00255ECC 49204)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156689.dll >>> suspicion for AdvWare.Win32.BHO.v ( 0B634177 064B4968 0024BD1E 00280BC9 124436)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156690.dll >>> suspicion for Trojan.Win32.BHO.bd ( 0B6294C0 01A8D44C 0028430F 00275DC8 50740)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156691.dll >>> suspicion for AdvWare.Win32.BHO.v ( 0B9D9EDF 03ABBA0A 00286896 00280E64 125460)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156692.dll >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B527BB8 01EFFACC 0024909E 002685D6 132660)
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0156693.dll >>> suspicion for Trojan.Win32.BHO.g ( 0B52CEDA 01568055 00263EE0 0023AF63 49204)
Direct reading C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP259\change.log
Direct reading C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{51C08E9B-857D-4E70-A6F4-EF26F1A870C1}.crmlog
Direct reading C:\WINDOWS\SchedLgU.Txt
Direct reading C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
C:\WINDOWS\system32\awtst.exe - Suspicion for Virus.Win32.PE_Type1(danger level 75%)
Direct reading C:\WINDOWS\system32\CatRoot2\edb.log
Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb
Direct reading C:\WINDOWS\system32\config\Antivirus.Evt
Direct reading C:\WINDOWS\system32\config\AppEvent.Evt
Direct reading C:\WINDOWS\system32\config\default
Direct reading C:\WINDOWS\system32\config\Media Ce.evt
Direct reading C:\WINDOWS\system32\config\SAM
Direct reading C:\WINDOWS\system32\config\SecEvent.Evt
Direct reading C:\WINDOWS\system32\config\SECURITY
Direct reading C:\WINDOWS\system32\config\software
Direct reading C:\WINDOWS\system32\config\SysEvent.Evt
Direct reading C:\WINDOWS\system32\config\system
Direct reading C:\WINDOWS\system32\drivers\sptd.sys
Direct reading C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log
Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
C:\WINDOWS\system32\xhayksms.dll >>> suspicion for AdvWare.Win32.Virtumonde.ar ( 0B362F6C 01B7C443 0023F233 0023CD05 131124)
Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat
Direct reading C:\WINDOWS\WindowsUpdate.log
D:\I386\DRV\APP32031\src\runHSC.exe >>> suspicion for AdvWare.Win32.VirtualBouncer.c ( 0044105C 00304E19 000EF470 00000000 16384)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\WINDOWS\system32\nview.dll --> Suspicion for a Keylogger or Trojan DLL
C:\WINDOWS\system32\nview.dll>>> Behavioral analysis:
1. Reacts to events: keyboard, window events, all events
2. Determines PID of current process
C:\WINDOWS\system32\nview.dll>>> Neural net: file with probability of 0.22% like a typical keyboard/mouse events interceptor
C:\Program Files\Xfire\xfire_toucan_26993.dll --> Suspicion for a Keylogger or Trojan DLL
C:\Program Files\Xfire\xfire_toucan_26993.dll>>> Behavioral analysis:
1. Reacts to events: keyboard, window events, all events
C:\Program Files\Xfire\xfire_toucan_26993.dll>>> Neural net: file with probability of 23.09% like a typical keyboard/mouse events interceptor
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
In the database: 317 port descriptions
Opened at this PC: 98 TCP ports and 46 UDP ports
>> Attention: Port 1116 UDP - Backdoor.Lurker (c:\program files\xfire\xfire.exe)
Note: Do NOT delete suspicious files, send them for analysis (see FAQ and Help for more details)
7. Heuristic system check
Checking complete
Files scanned: 500648, extracted from archives: 394229, malicious programs found 37
Scanning finished at 7/30/2007 1:43:54 AM
Time of scanning: 01:33:22
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:59 AM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6614 bytes
7
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 27, 2007, 11:57:50 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:35 AM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6549 bytes
Scan saved at 12:56:35 AM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6549 bytes
8
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 27, 2007, 11:35:07 PM »
xD Sorry I thought I did I re-scan for HiJackThis.
Logfile of HijackThis v1.99.1
Scan saved at 12:32:49 AM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
INSTALLED SOFTWARE (261) - HPA1520N - 7/28/2007 12:34:07 AM
Ad-Aware SE Personal Ver: 1.06
Adobe Flash Player 9 ActiveX Ver: 9
Adobe Reader 7.0.9 Ver: 7.0.9 Installed: 7/12/2007
Adobe Shockwave Player Ver: 10.1.3.18
Agere Systems PCI-SV92PP Soft Modem
AI RoboForm (All Users)
AIM 6
AiO_Scan Ver: 50.0.206.000 Installed: 5/6/2006
AiO_Scan_CDA Ver: 51.0.230.000 Installed: 5/6/2006
AiOSoftware Ver: 50.0.206.000 Installed: 5/6/2006
AiOSoftwareNPI Ver: 51.0.230.000 Installed: 5/6/2006
America's Army Ver: 2.8.1 Installed: 7/12/2007
Apple Software Update Ver: 1.0.2.1 Installed: 11/2/2006
avast! Antivirus Ver: 4.7
AVG Anti-Spyware 7.5
Azureus Vuze
Battlefield 2(tm) Installed: 7/7/2007
BufferChm Ver: 70.0.170.000 Installed: 5/6/2006
CameraDrivers Ver: 5.0.0.328 Installed: 5/6/2006
CameraDrivers Ver: 6.0.0.212 Installed: 5/6/2006
CameraUserGuides Ver: 6.0.0.212 Installed: 5/6/2006
CP_AtenaShokunin1Config Ver: 70.0.170.000 Installed: 5/6/2006
CP_CalendarTemplates1 Ver: 70.0.170.000 Installed: 5/6/2006
cp_LightScribeConfig Ver: 70.0.170.000 Installed: 5/6/2006
cp_OnlineProjectsConfig Ver: 70.0.170.000 Installed: 5/6/2006
CP_Package_Basic1 Ver: 70.0.170.000 Installed: 5/6/2006
CP_Package_Variety1 Ver: 70.0.170.000 Installed: 5/6/2006
CP_Package_Variety2 Ver: 70.0.170.000 Installed: 5/6/2006
CP_Package_Variety3 Ver: 70.0.170.000 Installed: 5/6/2006
CP_Panorama1Config Ver: 70.0.170.000 Installed: 5/6/2006
cp_PosterPrintConfig Ver: 70.0.170.000 Installed: 5/6/2006
cp_UpdateProjectsConfig Ver: 70.0.170.000 Installed: 5/6/2006
CueTour Ver: 70.0.170.000 Installed: 5/6/2006
CustomerResearchQFolder Ver: 1.00.0000 Installed: 10/2/2006
Destinations Ver: 70.0.170.000 Installed: 5/6/2006
DeviceFunctionQFolder Ver: 1.00.0000 Installed: 10/2/2006
Diner Dash Ver: 1.0 (Cracked By CoffeeMan)
Diner Dash Ver: WT005638
Diner Dash 2
DocProc Ver: 6.0.0.0 Installed: 5/6/2006
DocumentViewer Ver: 61.0.163.000 Installed: 5/6/2006
Enhanced Multimedia Keyboard Solution
Fax Ver: 50.0.206.000 Installed: 5/6/2006
Fax_CDA Ver: 51.0.230.000 Installed: 5/6/2006
High Definition Audio Driver Package - KB888111 Ver: 20040219.000000
HijackThis 1.99.1 Ver: 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393) Installed: 5/6/2006
Hotfix for Windows XP (KB888795) Ver: 3
Hotfix for Windows XP (KB891593) Ver: 2
Hotfix for Windows XP (KB893357) Ver: 2 Installed: 5/6/2006
Hotfix for Windows XP (KB895961) Ver: 1
Hotfix for Windows XP (KB899337) Ver: 5
Hotfix for Windows XP (KB899510) Ver: 1
Hotfix for Windows XP (KB902841) Ver: 1
Hotfix for Windows XP (KB906569) Ver: 2 Installed: 5/6/2006
Hotfix for Windows XP (KB912024) Ver: 2 Installed: 5/6/2006
Hotfix for Windows XP (KB935448) Ver: 1 Installed: 4/12/2007
HP Deskjet 3900 series Ver: 5.0
HP Deskjet Printer Preload Ver: 10.1.0 Installed: 5/6/2006
HP DigitalMedia Archive Ver: 2.0 Installed: 5/6/2006
HP Document Viewer 6.1 Ver: 6.1
HP DVD Play 2.1
HP Extended Capabilities 5.0 Ver: 5.0
HP Image Zone Express Ver: 1.5.1.29 Installed: 10/2/2006
HP Imaging Device Functions 7.0 Ver: 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series Ver: 8.1
HP Photosmart Cameras 6.0 Ver: 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5 Ver: 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Software Update Ver: 3.0.7.014 Installed: 5/6/2006
HP Solution Center and Imaging Support Tools 6.1 Ver: 6.1
HPDeskjet3900Series Ver: 1.00.0000 Installed: 10/2/2006
hpiCamDrvQFolder Ver: 6.0.0 Installed: 5/6/2006
HPPhotoSmartExpress Ver: 70.0.170.000 Installed: 5/6/2006
HPProductAssistant Ver: 61.0.163.000 Installed: 5/6/2006
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 5/6/2006
Insaniquarium Deluxe Ver: WT005641
Insaniquarium Deluxe 1.0
InstantShareDevices Ver: 70.0.170.000 Installed: 5/6/2006
iTunes Ver: 7.0.2.16 Installed: 11/16/2006
Java(tm) SE Runtime Environment 6 Update 1 Ver: 1.6.0.10 Installed: 4/25/2007
LightScribe 1.4.84.1 Ver: 1.4.84.1 Installed: 5/6/2006
MapleStory
MarketResearch Ver: 53.0.13.000 Installed: 10/2/2006
Microsoft .NET Framework 1.0 Hotfix (KB887998) Installed: 8/6/2006
Microsoft .NET Framework 1.0 Hotfix (KB930494) Installed: 7/12/2007
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 7/12/2007
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Ver: 2.0.50727 Installed: 7/12/2007
Microsoft Away Mode Ver: 6.0.0160.0
Microsoft Office Professional Edition 2003 Ver: 11.0.5614.0 Installed: 11/11/2006
Microsoft Works Ver: 08.04.0623 Installed: 5/6/2006
Mozilla Firefox (2.0.0.5) Ver: 2.0.0.5 (en-US)
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 11/15/2006
MyCam CIF Ver: 2.02.0000 Installed: 10/29/2006
MySpaceIM Ver: 0.0.40.0 Installed: 11/2/2006
Nero Suite
NewCopy Ver: 50.0.206.000 Installed: 5/6/2006
NewCopy_CDA Ver: 51.0.230.000 Installed: 5/6/2006
NVIDIA Drivers
OptionalContentQFolder Ver: 1.00.0000 Installed: 5/6/2006
PanoStandAlone Ver: 61.0.163.000 Installed: 5/6/2006
PhotoGallery Ver: 70.0.170.000 Installed: 5/6/2006
Picasa 2 Ver: 2.0
PSPrinters08 Ver: 8.01.0000 Installed: 5/6/2006
PSTAPlugin Ver: 8.01.0000 Installed: 5/6/2006
QuickTime Ver: 7.1.3.170 Installed: 11/16/2006
RandMap Ver: 70.0.170.000 Installed: 5/6/2006
Readme Ver: 51.0.230.000 Installed: 5/6/2006
Realtek High Definition Audio Driver
Scan Ver: 6.0.0.0 Installed: 5/6/2006
ScannerCopy Ver: 6.0.0.0 Installed: 5/6/2006
Security Update for Microsoft .NET Framework 2.0 (KB928365) Ver: 2
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010 Installed: 8/6/2006
Security Update for Step By Step Interactive Training (KB923723) Ver: 20050502.101010 Installed: 2/16/2007
Security Update for Windows Media Player 10 (KB911565) Installed: 5/6/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 8/6/2006
Security Update for Windows Media Player 6.4 (KB925398) Installed: 12/14/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB896422) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB899589) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB902400) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB904706) Ver: 2 Installed: 5/6/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB905915) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB917159) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB918118) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB918439) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB918899) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 9/13/2006
Security Update for Windows XP (KB920213) Ver: 1 Installed: 11/15/2006
Security Update for Windows XP (KB920214) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 9/13/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB921883) Ver: 1 Installed: 8/8/2006
Security Update for Windows XP (KB922616) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB922760) Ver: 1 Installed: 11/15/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923689) Installed: 12/14/2006
Security Update for Windows XP (KB923694) Ver: 1 Installed: 12/14/2006
Security Update for Windows XP (KB923980) Ver: 1 Installed: 11/15/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB924270) Ver: 1 Installed: 11/15/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB924667) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB925454) Ver: 1 Installed: 12/14/2006
Security Update for Windows XP (KB925486) Ver: 1 Installed: 9/27/2006
Security Update for Windows XP (KB925902) Ver: 1 Installed: 4/4/2007
Security Update for Windows XP (KB926255) Ver: 1 Installed: 12/14/2006
Security Update for Windows XP (KB926436) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB927779) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB927802) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928090) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928255) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928843) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB929123) Ver: 1 Installed: 6/14/2007
Security Update for Windows XP (KB929969) Ver: 1 Installed: 1/13/2007
Security Update for Windows XP (KB930178) Ver: 1 Installed: 4/12/2007
Security Update for Windows XP (KB931261) Ver: 1 Installed: 4/12/2007
Security Update for Windows XP (KB931768) Ver: 1 Installed: 5/9/2007
Security Update for Windows XP (KB931784) Ver: 1 Installed: 4/12/2007
Security Update for Windows XP (KB932168) Ver: 1 Installed: 4/12/2007
Security Update for Windows XP (KB933566) Ver: 1 Installed: 6/14/2007
Security Update for Windows XP (KB935839) Ver: 1 Installed: 6/14/2007
Security Update for Windows XP (KB935840) Ver: 1 Installed: 6/14/2007
Serif PhotoPlus 6.0 Ver: 6.00
Shockwave Director 10.1.3
SkinsHP1 Ver: 70.0.170.000 Installed: 5/6/2006
SlideShow Ver: 70.0.170.000 Installed: 5/6/2006
SlideShowMusic Ver: 70.0.170.000 Installed: 5/6/2006
SolutionCenter Ver: 61.0.163.000 Installed: 5/6/2006
Sonic Express Labeler Ver: 2.1.0 Installed: 5/6/2006
Sonic MyDVD Plus Ver: 6.2.0 Installed: 5/6/2006
Sonic RecordNow Audio Ver: 2.0.6 Installed: 5/6/2006
Sonic RecordNow Copy Ver: 2.0.6 Installed: 5/6/2006
Sonic RecordNow Data Ver: 2.0.6 Installed: 5/6/2006
Sonic Update Manager Ver: 3.0.0 Installed: 5/6/2006
Sonic_PrimoSDK Ver: 70.0.170.000 Installed: 5/6/2006
Spybot - Search & Destroy 1.4 Ver: 1.4
Status Ver: 61.0.163.000 Installed: 5/6/2006
Toolbox Ver: 61.0.163.000 Installed: 5/6/2006
TrayApp Ver: 61.0.163.000 Installed: 5/6/2006
Unload Ver: 7.0.0 Installed: 5/6/2006
Update for Windows Media Player 10 (KB913800) Installed: 8/6/2006
Update for Windows Media Player 10 (KB926251) Installed: 12/14/2006
Update for Windows XP (KB898461) Ver: 1 Installed: 8/6/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 8/6/2006
Update for Windows XP (KB908531) Ver: 2 Installed: 8/6/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 8/6/2006
Update for Windows XP (KB911280) Ver: 2 Installed: 8/6/2006
Update for Windows XP (KB912945) Ver: 1 Installed: 5/6/2006
Update for Windows XP (KB916595) Ver: 1 Installed: 8/6/2006
Update for Windows XP (KB920872) Ver: 1 Installed: 9/13/2006
Update for Windows XP (KB922582) Ver: 1 Installed: 9/13/2006
Update for Windows XP (KB927891) Ver: 3 Installed: 5/23/2007
Update for Windows XP (KB929338) Ver: 1 Installed: 3/14/2007
Update for Windows XP (KB930916) Ver: 1 Installed: 5/9/2007
Update for Windows XP (KB931836) Ver: 1 Installed: 2/16/2007
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Viewpoint Media Player
WarRock Ver: 2.2 Installed: 3/10/2007
WebFldrs XP Ver: 9.50.7523 Installed: 8/30/2005
WebReg Ver: 61.0.163.000 Installed: 5/6/2006
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0 Ver: 2.0.1.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player Firefox Plugin Ver: 1.0.0.8 Installed: 6/1/2007
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB883667 Ver: 20040812.104354
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 8/6/2006
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB892050 Ver: 3 Installed: 5/6/2006
Windows XP Hotfix - KB893066 Ver: 1 Installed: 5/6/2006
Windows XP Media Center Edition 2005 KB908246 Installed: 5/6/2006
Windows XP Media Center Edition 2005 KB912067 Installed: 5/6/2006
WinFlyer
Xfire (remove only)
Yahoo! Internet Mail
Yahoo! Messenger
Logfile of HijackThis v1.99.1
Scan saved at 12:32:49 AM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
INSTALLED SOFTWARE (261) - HPA1520N - 7/28/2007 12:34:07 AM
Ad-Aware SE Personal Ver: 1.06
Adobe Flash Player 9 ActiveX Ver: 9
Adobe Reader 7.0.9 Ver: 7.0.9 Installed: 7/12/2007
Adobe Shockwave Player Ver: 10.1.3.18
Agere Systems PCI-SV92PP Soft Modem
AI RoboForm (All Users)
AIM 6
AiO_Scan Ver: 50.0.206.000 Installed: 5/6/2006
AiO_Scan_CDA Ver: 51.0.230.000 Installed: 5/6/2006
AiOSoftware Ver: 50.0.206.000 Installed: 5/6/2006
AiOSoftwareNPI Ver: 51.0.230.000 Installed: 5/6/2006
America's Army Ver: 2.8.1 Installed: 7/12/2007
Apple Software Update Ver: 1.0.2.1 Installed: 11/2/2006
avast! Antivirus Ver: 4.7
AVG Anti-Spyware 7.5
Azureus Vuze
Battlefield 2(tm) Installed: 7/7/2007
BufferChm Ver: 70.0.170.000 Installed: 5/6/2006
CameraDrivers Ver: 5.0.0.328 Installed: 5/6/2006
CameraDrivers Ver: 6.0.0.212 Installed: 5/6/2006
CameraUserGuides Ver: 6.0.0.212 Installed: 5/6/2006
CP_AtenaShokunin1Config Ver: 70.0.170.000 Installed: 5/6/2006
CP_CalendarTemplates1 Ver: 70.0.170.000 Installed: 5/6/2006
cp_LightScribeConfig Ver: 70.0.170.000 Installed: 5/6/2006
cp_OnlineProjectsConfig Ver: 70.0.170.000 Installed: 5/6/2006
CP_Package_Basic1 Ver: 70.0.170.000 Installed: 5/6/2006
CP_Package_Variety1 Ver: 70.0.170.000 Installed: 5/6/2006
CP_Package_Variety2 Ver: 70.0.170.000 Installed: 5/6/2006
CP_Package_Variety3 Ver: 70.0.170.000 Installed: 5/6/2006
CP_Panorama1Config Ver: 70.0.170.000 Installed: 5/6/2006
cp_PosterPrintConfig Ver: 70.0.170.000 Installed: 5/6/2006
cp_UpdateProjectsConfig Ver: 70.0.170.000 Installed: 5/6/2006
CueTour Ver: 70.0.170.000 Installed: 5/6/2006
CustomerResearchQFolder Ver: 1.00.0000 Installed: 10/2/2006
Destinations Ver: 70.0.170.000 Installed: 5/6/2006
DeviceFunctionQFolder Ver: 1.00.0000 Installed: 10/2/2006
Diner Dash Ver: 1.0 (Cracked By CoffeeMan)
Diner Dash Ver: WT005638
Diner Dash 2
DocProc Ver: 6.0.0.0 Installed: 5/6/2006
DocumentViewer Ver: 61.0.163.000 Installed: 5/6/2006
Enhanced Multimedia Keyboard Solution
Fax Ver: 50.0.206.000 Installed: 5/6/2006
Fax_CDA Ver: 51.0.230.000 Installed: 5/6/2006
High Definition Audio Driver Package - KB888111 Ver: 20040219.000000
HijackThis 1.99.1 Ver: 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393) Installed: 5/6/2006
Hotfix for Windows XP (KB888795) Ver: 3
Hotfix for Windows XP (KB891593) Ver: 2
Hotfix for Windows XP (KB893357) Ver: 2 Installed: 5/6/2006
Hotfix for Windows XP (KB895961) Ver: 1
Hotfix for Windows XP (KB899337) Ver: 5
Hotfix for Windows XP (KB899510) Ver: 1
Hotfix for Windows XP (KB902841) Ver: 1
Hotfix for Windows XP (KB906569) Ver: 2 Installed: 5/6/2006
Hotfix for Windows XP (KB912024) Ver: 2 Installed: 5/6/2006
Hotfix for Windows XP (KB935448) Ver: 1 Installed: 4/12/2007
HP Deskjet 3900 series Ver: 5.0
HP Deskjet Printer Preload Ver: 10.1.0 Installed: 5/6/2006
HP DigitalMedia Archive Ver: 2.0 Installed: 5/6/2006
HP Document Viewer 6.1 Ver: 6.1
HP DVD Play 2.1
HP Extended Capabilities 5.0 Ver: 5.0
HP Image Zone Express Ver: 1.5.1.29 Installed: 10/2/2006
HP Imaging Device Functions 7.0 Ver: 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series Ver: 8.1
HP Photosmart Cameras 6.0 Ver: 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5 Ver: 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Software Update Ver: 3.0.7.014 Installed: 5/6/2006
HP Solution Center and Imaging Support Tools 6.1 Ver: 6.1
HPDeskjet3900Series Ver: 1.00.0000 Installed: 10/2/2006
hpiCamDrvQFolder Ver: 6.0.0 Installed: 5/6/2006
HPPhotoSmartExpress Ver: 70.0.170.000 Installed: 5/6/2006
HPProductAssistant Ver: 61.0.163.000 Installed: 5/6/2006
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 5/6/2006
Insaniquarium Deluxe Ver: WT005641
Insaniquarium Deluxe 1.0
InstantShareDevices Ver: 70.0.170.000 Installed: 5/6/2006
iTunes Ver: 7.0.2.16 Installed: 11/16/2006
Java(tm) SE Runtime Environment 6 Update 1 Ver: 1.6.0.10 Installed: 4/25/2007
LightScribe 1.4.84.1 Ver: 1.4.84.1 Installed: 5/6/2006
MapleStory
MarketResearch Ver: 53.0.13.000 Installed: 10/2/2006
Microsoft .NET Framework 1.0 Hotfix (KB887998) Installed: 8/6/2006
Microsoft .NET Framework 1.0 Hotfix (KB930494) Installed: 7/12/2007
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 7/12/2007
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Ver: 2.0.50727 Installed: 7/12/2007
Microsoft Away Mode Ver: 6.0.0160.0
Microsoft Office Professional Edition 2003 Ver: 11.0.5614.0 Installed: 11/11/2006
Microsoft Works Ver: 08.04.0623 Installed: 5/6/2006
Mozilla Firefox (2.0.0.5) Ver: 2.0.0.5 (en-US)
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 11/15/2006
MyCam CIF Ver: 2.02.0000 Installed: 10/29/2006
MySpaceIM Ver: 0.0.40.0 Installed: 11/2/2006
Nero Suite
NewCopy Ver: 50.0.206.000 Installed: 5/6/2006
NewCopy_CDA Ver: 51.0.230.000 Installed: 5/6/2006
NVIDIA Drivers
OptionalContentQFolder Ver: 1.00.0000 Installed: 5/6/2006
PanoStandAlone Ver: 61.0.163.000 Installed: 5/6/2006
PhotoGallery Ver: 70.0.170.000 Installed: 5/6/2006
Picasa 2 Ver: 2.0
PSPrinters08 Ver: 8.01.0000 Installed: 5/6/2006
PSTAPlugin Ver: 8.01.0000 Installed: 5/6/2006
QuickTime Ver: 7.1.3.170 Installed: 11/16/2006
RandMap Ver: 70.0.170.000 Installed: 5/6/2006
Readme Ver: 51.0.230.000 Installed: 5/6/2006
Realtek High Definition Audio Driver
Scan Ver: 6.0.0.0 Installed: 5/6/2006
ScannerCopy Ver: 6.0.0.0 Installed: 5/6/2006
Security Update for Microsoft .NET Framework 2.0 (KB928365) Ver: 2
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010 Installed: 8/6/2006
Security Update for Step By Step Interactive Training (KB923723) Ver: 20050502.101010 Installed: 2/16/2007
Security Update for Windows Media Player 10 (KB911565) Installed: 5/6/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 8/6/2006
Security Update for Windows Media Player 6.4 (KB925398) Installed: 12/14/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB896422) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB899589) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB902400) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB904706) Ver: 2 Installed: 5/6/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB905915) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 5/6/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB917159) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB918118) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB918439) Ver: 1 Installed: 8/6/2006
Security Update for Windows XP (KB918899) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 9/13/2006
Security Update for Windows XP (KB920213) Ver: 1 Installed: 11/15/2006
Security Update for Windows XP (KB920214) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 9/13/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB921883) Ver: 1 Installed: 8/8/2006
Security Update for Windows XP (KB922616) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB922760) Ver: 1 Installed: 11/15/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923689) Installed: 12/14/2006
Security Update for Windows XP (KB923694) Ver: 1 Installed: 12/14/2006
Security Update for Windows XP (KB923980) Ver: 1 Installed: 11/15/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB924270) Ver: 1 Installed: 11/15/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB924667) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB925454) Ver: 1 Installed: 12/14/2006
Security Update for Windows XP (KB925486) Ver: 1 Installed: 9/27/2006
Security Update for Windows XP (KB925902) Ver: 1 Installed: 4/4/2007
Security Update for Windows XP (KB926255) Ver: 1 Installed: 12/14/2006
Security Update for Windows XP (KB926436) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB927779) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB927802) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928090) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928255) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928843) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB929123) Ver: 1 Installed: 6/14/2007
Security Update for Windows XP (KB929969) Ver: 1 Installed: 1/13/2007
Security Update for Windows XP (KB930178) Ver: 1 Installed: 4/12/2007
Security Update for Windows XP (KB931261) Ver: 1 Installed: 4/12/2007
Security Update for Windows XP (KB931768) Ver: 1 Installed: 5/9/2007
Security Update for Windows XP (KB931784) Ver: 1 Installed: 4/12/2007
Security Update for Windows XP (KB932168) Ver: 1 Installed: 4/12/2007
Security Update for Windows XP (KB933566) Ver: 1 Installed: 6/14/2007
Security Update for Windows XP (KB935839) Ver: 1 Installed: 6/14/2007
Security Update for Windows XP (KB935840) Ver: 1 Installed: 6/14/2007
Serif PhotoPlus 6.0 Ver: 6.00
Shockwave Director 10.1.3
SkinsHP1 Ver: 70.0.170.000 Installed: 5/6/2006
SlideShow Ver: 70.0.170.000 Installed: 5/6/2006
SlideShowMusic Ver: 70.0.170.000 Installed: 5/6/2006
SolutionCenter Ver: 61.0.163.000 Installed: 5/6/2006
Sonic Express Labeler Ver: 2.1.0 Installed: 5/6/2006
Sonic MyDVD Plus Ver: 6.2.0 Installed: 5/6/2006
Sonic RecordNow Audio Ver: 2.0.6 Installed: 5/6/2006
Sonic RecordNow Copy Ver: 2.0.6 Installed: 5/6/2006
Sonic RecordNow Data Ver: 2.0.6 Installed: 5/6/2006
Sonic Update Manager Ver: 3.0.0 Installed: 5/6/2006
Sonic_PrimoSDK Ver: 70.0.170.000 Installed: 5/6/2006
Spybot - Search & Destroy 1.4 Ver: 1.4
Status Ver: 61.0.163.000 Installed: 5/6/2006
Toolbox Ver: 61.0.163.000 Installed: 5/6/2006
TrayApp Ver: 61.0.163.000 Installed: 5/6/2006
Unload Ver: 7.0.0 Installed: 5/6/2006
Update for Windows Media Player 10 (KB913800) Installed: 8/6/2006
Update for Windows Media Player 10 (KB926251) Installed: 12/14/2006
Update for Windows XP (KB898461) Ver: 1 Installed: 8/6/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 8/6/2006
Update for Windows XP (KB908531) Ver: 2 Installed: 8/6/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 8/6/2006
Update for Windows XP (KB911280) Ver: 2 Installed: 8/6/2006
Update for Windows XP (KB912945) Ver: 1 Installed: 5/6/2006
Update for Windows XP (KB916595) Ver: 1 Installed: 8/6/2006
Update for Windows XP (KB920872) Ver: 1 Installed: 9/13/2006
Update for Windows XP (KB922582) Ver: 1 Installed: 9/13/2006
Update for Windows XP (KB927891) Ver: 3 Installed: 5/23/2007
Update for Windows XP (KB929338) Ver: 1 Installed: 3/14/2007
Update for Windows XP (KB930916) Ver: 1 Installed: 5/9/2007
Update for Windows XP (KB931836) Ver: 1 Installed: 2/16/2007
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Viewpoint Media Player
WarRock Ver: 2.2 Installed: 3/10/2007
WebFldrs XP Ver: 9.50.7523 Installed: 8/30/2005
WebReg Ver: 61.0.163.000 Installed: 5/6/2006
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0 Ver: 2.0.1.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player Firefox Plugin Ver: 1.0.0.8 Installed: 6/1/2007
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB883667 Ver: 20040812.104354
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 8/6/2006
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB892050 Ver: 3 Installed: 5/6/2006
Windows XP Hotfix - KB893066 Ver: 1 Installed: 5/6/2006
Windows XP Media Center Edition 2005 KB908246 Installed: 5/6/2006
Windows XP Media Center Edition 2005 KB912067 Installed: 5/6/2006
WinFlyer
Xfire (remove only)
Yahoo! Internet Mail
Yahoo! Messenger
9
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 27, 2007, 09:04:24 PM »
Yeah I over read that. xD Well I did everything. Here are the two logs. By the way, thanks for helping me.
"HP_Administrator" - 2007-07-27 21:52:57 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\abjfliew.dll
C:\WINDOWS\system32\cuepmxrp.dll
C:\WINDOWS\system32\ennaqmha.dll
C:\WINDOWS\system32\fhbfsrps.dll
C:\WINDOWS\system32\fuvtrnxh.dll
C:\WINDOWS\system32\gdqnokdh.dll
C:\WINDOWS\system32\gsnaadty.dll
C:\WINDOWS\system32\ijimgiwo.dll
C:\WINDOWS\system32\jatvfawe.dll
C:\WINDOWS\system32\javkiuvo.dll
C:\WINDOWS\system32\jcoojhid.dll
C:\WINDOWS\system32\knajafbu.dll
C:\WINDOWS\system32\mqmctvsk.dll
C:\WINDOWS\system32\mtgcpaav.dll
C:\WINDOWS\system32\sfmtkiin.dll
C:\WINDOWS\system32\tmp31F.tmp.dll
C:\WINDOWS\system32\tmp3BC.tmp.dll
C:\WINDOWS\system32\tsgbdqeq.dll
C:\WINDOWS\system32\viavejlq.dll
C:\WINDOWS\system32\wlyluqvo.dll
C:\WINDOWS\system32\wqovnypm.dll
C:\WINDOWS\system32\xyxkgvky.dll
C:\WINDOWS\jkkjkh.dll
C:\WINDOWS\khgday.dll
C:\WINDOWS\mliged.dll
C:\WINDOWS\system32\weilfjba.ini
C:\WINDOWS\system32\ytdaansg.ini
C:\WINDOWS\system32\owigmiji.ini
C:\WINDOWS\system32\mpynvoqw.ini
C:\WINDOWS\hkjkkj.ini
C:\WINDOWS\yadghk.ini
C:\WINDOWS\degilm.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\autorun.inf
C:\DOCUME~1\HP_ADM~1\APPLIC~1.\addon.dat
C:\DOCUME~1\HP_ADM~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\S858EZKA\www.broadcaster.com
C:\DOCUME~1\HP_ADM~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\HP_ADM~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\racle~1
C:\WINDOWS\IA
C:\WINDOWS\system32\bnyqhyv.dat
C:\WINDOWS\system32\bnyqhyv.exe
C:\WINDOWS\system32\bnyqhyv_nav.dat
C:\WINDOWS\system32\bnyqhyv_navps.dat
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\uzcx.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\tmp31F.tmp.dll
C:\WINDOWS\system32\tmp3BC.tmp.dll
C:\WINDOWS\system32\tmp3F5.tmp.dll
C:\WINDOWS\system32\tmp8B2.tmp.dll
C:\WINDOWS\system32\tmpC12.tmp.dll
C:\WINDOWS\system32\tmpF10.tmp.dll
C:\WINDOWS\ufdata2000.log
d:\autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))
2007-07-27 21:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 21:44 <DIR> d-------- C:\bintheredunthat
2007-07-27 21:17 <DIR> d-------- C:\BFU
2007-07-15 11:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-14 15:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-14 15:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-12 23:38 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-07-11 18:25 <DIR> d-------- C:\Program Files\Free Download Manager
2007-07-07 21:24 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-07 21:17 <DIR> d-------- C:\NVIDIA
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-28 01:50:08 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Xfire
2007-07-27 21:54:34 -------- d-----w C:\Program Files\WarRock
2007-07-27 21:35:14 -------- d-s---w C:\Program Files\Xfire
2007-07-27 17:45:40 -------- d-sh--w C:\Program Files\Free KGB Key Logger
2007-07-27 17:45:13 -------- d-----w C:\Program Files\music_now
2007-07-27 00:57:26 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus
2007-07-13 03:51:08 -------- d-----w C:\Program Files\LimeWire
2007-07-13 03:39:03 -------- d-----w C:\Program Files\America's Army
2007-07-13 01:38:28 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-07-10 05:20:51 4,442 ----a-w C:\WINDOWS\mozver.dat
2007-07-08 01:24:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-08 01:17:07 -------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-28 22:14:35 -------- d-----w C:\Program Files\Azureus
2007-06-26 05:32:13 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\style bind
2007-06-21 18:55:13 -------- d-----w C:\Program Files\eMule
2007-06-21 14:49:45 45,568 ----a-w C:\WINDOWS\system32\dsupl.exe
2007-06-21 05:08:42 2,472 ----a-w C:\clean.bat
2007-06-21 04:25:11 -------- d-----w C:\Program Files\Error Expert
2007-06-21 04:10:49 -------- d-----w C:\Program Files\Share_Accelerator_MM
2007-06-19 02:30:23 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
2007-06-19 02:30:11 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
2007-06-18 21:44:30 -------- d-----w C:\Program Files\AIM6
2007-06-18 21:44:28 -------- d-----w C:\Program Files\Viewpoint
2007-06-17 16:47:03 686,840 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 16:26:22 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 16:10:40 -------- d--h--r C:\DOCUME~1\HP_ADM~1\APPLIC~1\SecuROM
2007-06-17 16:00:13 -------- d-----w C:\Program Files\Ubisoft
2007-06-17 15:12:45 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-06-15 01:35:08 -------- d-----w C:\Program Files\Globe7
2007-06-13 15:25:17 -------- d-----w C:\Program Files\Common Files\stardock
2007-06-13 04:42:42 -------- d-----w C:\Program Files\BitTorrent
2007-06-13 04:03:14 -------- d-----w C:\Program Files\BitDownload
2007-06-13 03:57:58 -------- d-----w C:\Program Files\style bind
2007-06-11 01:51:48 1,859,254 --sh--w C:\WINDOWS\system32\mpqss.ini2
2007-06-11 00:46:35 1,848,069 --sh--w C:\WINDOWS\system32\mpqss.bak1
2007-06-10 00:46:25 1,849,579 --sha-w C:\WINDOWS\system32\mpqss.bak2
2007-06-09 13:17:01 131,124 ----a-w C:\WINDOWS\system32\xhayksms.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
2006-11-20 00:26:12 0 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2006-12-13 22:32:22 80 --sh--r C:\WINDOWS\system32\4090D52FA0.dll
2006-11-22 03:04:32 88 --sh--r C:\WINDOWS\system32\A02FD59040.sys
2006-11-22 03:04:32 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 00:54 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 15:15 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"ALCMTR"="ALCMTR.EXE" [2005-05-03 14:43 C:\WINDOWS\ALCMTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 15:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-29 11:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-10 21:07:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 14:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 usbstor;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys
S2 AFSEGTGF Windows Service;AFSEGTGF Windows Service;C:\WINDOWS\system32\dsjch.exe -service
S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd56ec3-0bf3-11dc-8a35-0c0c0c0c0c01}]
Auto\command- F:\tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98983a3a-5630-11db-87a0-001731c64165}]
Auto\command- tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7B566F8A-624C-2570-0B75-A27CDC7119CF}
C:\WINDOWS\NtmsData\klswd.exe s
Contents of the 'Scheduled Tasks' folder
2007-07-27 07:00:00 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 21:57:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-27 21:59:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 21:58
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 10:03:03 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
"HP_Administrator" - 2007-07-27 21:52:57 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\abjfliew.dll
C:\WINDOWS\system32\cuepmxrp.dll
C:\WINDOWS\system32\ennaqmha.dll
C:\WINDOWS\system32\fhbfsrps.dll
C:\WINDOWS\system32\fuvtrnxh.dll
C:\WINDOWS\system32\gdqnokdh.dll
C:\WINDOWS\system32\gsnaadty.dll
C:\WINDOWS\system32\ijimgiwo.dll
C:\WINDOWS\system32\jatvfawe.dll
C:\WINDOWS\system32\javkiuvo.dll
C:\WINDOWS\system32\jcoojhid.dll
C:\WINDOWS\system32\knajafbu.dll
C:\WINDOWS\system32\mqmctvsk.dll
C:\WINDOWS\system32\mtgcpaav.dll
C:\WINDOWS\system32\sfmtkiin.dll
C:\WINDOWS\system32\tmp31F.tmp.dll
C:\WINDOWS\system32\tmp3BC.tmp.dll
C:\WINDOWS\system32\tsgbdqeq.dll
C:\WINDOWS\system32\viavejlq.dll
C:\WINDOWS\system32\wlyluqvo.dll
C:\WINDOWS\system32\wqovnypm.dll
C:\WINDOWS\system32\xyxkgvky.dll
C:\WINDOWS\jkkjkh.dll
C:\WINDOWS\khgday.dll
C:\WINDOWS\mliged.dll
C:\WINDOWS\system32\weilfjba.ini
C:\WINDOWS\system32\ytdaansg.ini
C:\WINDOWS\system32\owigmiji.ini
C:\WINDOWS\system32\mpynvoqw.ini
C:\WINDOWS\hkjkkj.ini
C:\WINDOWS\yadghk.ini
C:\WINDOWS\degilm.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\autorun.inf
C:\DOCUME~1\HP_ADM~1\APPLIC~1.\addon.dat
C:\DOCUME~1\HP_ADM~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\S858EZKA\www.broadcaster.com
C:\DOCUME~1\HP_ADM~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\HP_ADM~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\racle~1
C:\WINDOWS\IA
C:\WINDOWS\system32\bnyqhyv.dat
C:\WINDOWS\system32\bnyqhyv.exe
C:\WINDOWS\system32\bnyqhyv_nav.dat
C:\WINDOWS\system32\bnyqhyv_navps.dat
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\uzcx.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\tmp31F.tmp.dll
C:\WINDOWS\system32\tmp3BC.tmp.dll
C:\WINDOWS\system32\tmp3F5.tmp.dll
C:\WINDOWS\system32\tmp8B2.tmp.dll
C:\WINDOWS\system32\tmpC12.tmp.dll
C:\WINDOWS\system32\tmpF10.tmp.dll
C:\WINDOWS\ufdata2000.log
d:\autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))
2007-07-27 21:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 21:44 <DIR> d-------- C:\bintheredunthat
2007-07-27 21:17 <DIR> d-------- C:\BFU
2007-07-15 11:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-14 15:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-14 15:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-12 23:38 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-07-11 18:25 <DIR> d-------- C:\Program Files\Free Download Manager
2007-07-07 21:24 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-07 21:17 <DIR> d-------- C:\NVIDIA
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-28 01:50:08 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Xfire
2007-07-27 21:54:34 -------- d-----w C:\Program Files\WarRock
2007-07-27 21:35:14 -------- d-s---w C:\Program Files\Xfire
2007-07-27 17:45:40 -------- d-sh--w C:\Program Files\Free KGB Key Logger
2007-07-27 17:45:13 -------- d-----w C:\Program Files\music_now
2007-07-27 00:57:26 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus
2007-07-13 03:51:08 -------- d-----w C:\Program Files\LimeWire
2007-07-13 03:39:03 -------- d-----w C:\Program Files\America's Army
2007-07-13 01:38:28 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-07-10 05:20:51 4,442 ----a-w C:\WINDOWS\mozver.dat
2007-07-08 01:24:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-08 01:17:07 -------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-28 22:14:35 -------- d-----w C:\Program Files\Azureus
2007-06-26 05:32:13 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\style bind
2007-06-21 18:55:13 -------- d-----w C:\Program Files\eMule
2007-06-21 14:49:45 45,568 ----a-w C:\WINDOWS\system32\dsupl.exe
2007-06-21 05:08:42 2,472 ----a-w C:\clean.bat
2007-06-21 04:25:11 -------- d-----w C:\Program Files\Error Expert
2007-06-21 04:10:49 -------- d-----w C:\Program Files\Share_Accelerator_MM
2007-06-19 02:30:23 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
2007-06-19 02:30:11 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
2007-06-18 21:44:30 -------- d-----w C:\Program Files\AIM6
2007-06-18 21:44:28 -------- d-----w C:\Program Files\Viewpoint
2007-06-17 16:47:03 686,840 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 16:26:22 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 16:10:40 -------- d--h--r C:\DOCUME~1\HP_ADM~1\APPLIC~1\SecuROM
2007-06-17 16:00:13 -------- d-----w C:\Program Files\Ubisoft
2007-06-17 15:12:45 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-06-15 01:35:08 -------- d-----w C:\Program Files\Globe7
2007-06-13 15:25:17 -------- d-----w C:\Program Files\Common Files\stardock
2007-06-13 04:42:42 -------- d-----w C:\Program Files\BitTorrent
2007-06-13 04:03:14 -------- d-----w C:\Program Files\BitDownload
2007-06-13 03:57:58 -------- d-----w C:\Program Files\style bind
2007-06-11 01:51:48 1,859,254 --sh--w C:\WINDOWS\system32\mpqss.ini2
2007-06-11 00:46:35 1,848,069 --sh--w C:\WINDOWS\system32\mpqss.bak1
2007-06-10 00:46:25 1,849,579 --sha-w C:\WINDOWS\system32\mpqss.bak2
2007-06-09 13:17:01 131,124 ----a-w C:\WINDOWS\system32\xhayksms.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
2006-11-20 00:26:12 0 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2006-12-13 22:32:22 80 --sh--r C:\WINDOWS\system32\4090D52FA0.dll
2006-11-22 03:04:32 88 --sh--r C:\WINDOWS\system32\A02FD59040.sys
2006-11-22 03:04:32 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 00:54 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 15:15 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"ALCMTR"="ALCMTR.EXE" [2005-05-03 14:43 C:\WINDOWS\ALCMTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 15:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-29 11:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-10 21:07:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 14:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 usbstor;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys
S2 AFSEGTGF Windows Service;AFSEGTGF Windows Service;C:\WINDOWS\system32\dsjch.exe -service
S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd56ec3-0bf3-11dc-8a35-0c0c0c0c0c01}]
Auto\command- F:\tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98983a3a-5630-11db-87a0-001731c64165}]
Auto\command- tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7B566F8A-624C-2570-0B75-A27CDC7119CF}
C:\WINDOWS\NtmsData\klswd.exe s
Contents of the 'Scheduled Tasks' folder
2007-07-27 07:00:00 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 21:57:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-27 21:59:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 21:58
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 10:03:03 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
10
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 27, 2007, 08:22:30 PM »
I got done with everything until
"Next to the scriptline to execute field click the folder icon and select alcanshorty.bfu"
because I can't find "alcanshorty.bfu"
"Next to the scriptline to execute field click the folder icon and select alcanshorty.bfu"
because I can't find "alcanshorty.bfu"
11
Tech Clinic / Microsoft C++ Runtime Error Firefox
« on: July 27, 2007, 01:36:59 PM »
Well I tried to browse the internet with firefox this morning and it keeps dying. I'm using Safe Mode right now and the last program I downloaded and installed was WinRAR. Help!
Logfile of HijackThis v1.99.1
Scan saved at 2:33:19 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX17.141\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [j6201035] rundll32 C:\WINDOWS\system32\j6201035.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\xhayksms.dll",realset
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Logfile of HijackThis v1.99.1
Scan saved at 2:33:19 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX17.141\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [j6201035] rundll32 C:\WINDOWS\system32\j6201035.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\xhayksms.dll",realset
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsjch.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Pages: [1]