View Full Version : Virtuemonde problem and i am st st st stupid
CrazedRedneck
2007-08-29, 04:45
i tried downloading hijackthis off of trend micro and i get this website error
Fatal error: Call to a member function execute() on a non-object in /trend/html/trendsecure/portal/en-US/_includes/adodb_lite/session/adodb-session.php on line 64
i got this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:37 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\WINDOWS\kjdcehdA.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1f814e86-9d91-453c-98f0-791f7f00ebc5} - C:\WINDOWS\system32\eoqslqt.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\efccaaw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66E0AFB1-B5A3-432B-85E9-6A1EF33AC539} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C3EE4EBE-1303-4275-9F3F-E57D2755BF97} - C:\WINDOWS\system32\ddabb.dll
O2 - BHO: (no name) - {C5512F26-FC12-4C07-B08D-81BDD63D8908} - C:\Program Files\Windows Media Player\hokem4444.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\mivtgruy.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [kjdcehdA] C:\WINDOWS\kjdcehdA.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157908919394
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll
O20 - Winlogon Notify: efccaaw - C:\WINDOWS\SYSTEM32\efccaaw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 9018 bytes
Hi CrazedRedneck
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Post:
- vundofix report
- main.txt
- extra.txt
CrazedRedneck
2007-08-30, 00:30
heres vundofix:
VundoFix V6.5.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 5:04:30 PM 8/29/2007
Listing files found while scanning....
C:\windows\system32\ammrpuwx.exe
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\bbadd.tmp
C:\WINDOWS\system32\ddabb.dll
C:\windows\system32\dgcraejd.exe
C:\windows\system32\doiuasms.exe
C:\WINDOWS\system32\efccaaw.dll
C:\windows\system32\gcmxqjeq.exe
C:\windows\system32\imhcljhr.exe
C:\WINDOWS\system32\mivtgruy.dll
C:\windows\system32\mwjgfpfc.exe
C:\windows\system32\nlfuathd.exe
C:\windows\system32\pnxhcffe.exe
C:\windows\system32\pqsaxuqn.exe
C:\windows\system32\rebfpodc.exe
C:\windows\system32\rovcewox.exe
C:\windows\system32\sdtwktpw.exe
C:\windows\system32\tuvurrq.dll
C:\windows\system32\upoklbre.exe
C:\windows\system32\urqpqqr.dll
C:\windows\system32\vtttptly.exe
C:\windows\system32\widkmqss.exe
C:\windows\system32\xxbmmrcw.exe
C:\windows\system32\ycecaasd.exe
Beginning removal...
Attempting to delete C:\windows\system32\ammrpuwx.exe
C:\windows\system32\ammrpuwx.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\bbadd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbadd.tmp
C:\WINDOWS\system32\bbadd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddabb.dll Has been deleted!
Attempting to delete C:\windows\system32\dgcraejd.exe
C:\windows\system32\dgcraejd.exe Has been deleted!
Attempting to delete C:\windows\system32\doiuasms.exe
C:\windows\system32\doiuasms.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\efccaaw.dll
C:\WINDOWS\system32\efccaaw.dll Could not be deleted.
Attempting to delete C:\windows\system32\gcmxqjeq.exe
C:\windows\system32\gcmxqjeq.exe Has been deleted!
Attempting to delete C:\windows\system32\imhcljhr.exe
C:\windows\system32\imhcljhr.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\mivtgruy.dll
C:\WINDOWS\system32\mivtgruy.dll Has been deleted!
Attempting to delete C:\windows\system32\mwjgfpfc.exe
C:\windows\system32\mwjgfpfc.exe Has been deleted!
Attempting to delete C:\windows\system32\nlfuathd.exe
C:\windows\system32\nlfuathd.exe Has been deleted!
Attempting to delete C:\windows\system32\pnxhcffe.exe
C:\windows\system32\pnxhcffe.exe Has been deleted!
Attempting to delete C:\windows\system32\pqsaxuqn.exe
C:\windows\system32\pqsaxuqn.exe Has been deleted!
Attempting to delete C:\windows\system32\rebfpodc.exe
C:\windows\system32\rebfpodc.exe Has been deleted!
Attempting to delete C:\windows\system32\rovcewox.exe
C:\windows\system32\rovcewox.exe Has been deleted!
Attempting to delete C:\windows\system32\sdtwktpw.exe
C:\windows\system32\sdtwktpw.exe Has been deleted!
Attempting to delete C:\windows\system32\tuvurrq.dll
C:\windows\system32\tuvurrq.dll Has been deleted!
Attempting to delete C:\windows\system32\upoklbre.exe
C:\windows\system32\upoklbre.exe Has been deleted!
Attempting to delete C:\windows\system32\urqpqqr.dll
C:\windows\system32\urqpqqr.dll Has been deleted!
Attempting to delete C:\windows\system32\vtttptly.exe
C:\windows\system32\vtttptly.exe Has been deleted!
Attempting to delete C:\windows\system32\widkmqss.exe
C:\windows\system32\widkmqss.exe Has been deleted!
Attempting to delete C:\windows\system32\xxbmmrcw.exe
C:\windows\system32\xxbmmrcw.exe Has been deleted!
Attempting to delete C:\windows\system32\ycecaasd.exe
C:\windows\system32\ycecaasd.exe Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\efccaaw.dll
C:\WINDOWS\system32\efccaaw.dll Has been deleted!
Performing Repairs to the registry.
Done!
CrazedRedneck
2007-08-30, 00:32
here is dss in multiple replys:
Deckard's System Scanner v20070826.66
Run by Owner on 2007-08-29 17:18:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
31: 2007-08-29 22:18:38 UTC - RP646 - Deckard's System Scanner Restore Point
30: 2007-08-29 02:01:24 UTC - RP645 - Windows Defender Checkpoint
29: 2007-08-29 00:13:35 UTC - RP644 - Installed DirectX
28: 2007-08-28 01:39:00 UTC - RP643 - Installed Lineage II
27: 2007-08-27 16:28:14 UTC - RP642 - System Checkpoint
-- First Restore Point --
1: 2007-08-14 17:40:06 UTC - RP616 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 504 MiB (512 MiB recommended).
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:03 AM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1f814e86-9d91-453c-98f0-791f7f00ebc5} - C:\WINDOWS\system32\eoqslqt.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\efccaaw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66E0AFB1-B5A3-432B-85E9-6A1EF33AC539} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C3EE4EBE-1303-4275-9F3F-E57D2755BF97} - C:\WINDOWS\system32\ddabb.dll
O2 - BHO: (no name) - {C5512F26-FC12-4C07-B08D-81BDD63D8908} - C:\Program Files\Windows Media Player\hokem4444.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\mivtgruy.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [kjdcehdA] C:\WINDOWS\kjdcehdA.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157908919394
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll
O20 - Winlogon Notify: efccaaw - C:\WINDOWS\SYSTEM32\efccaaw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 8903 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\program files\belkin\f5d9050\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Compaq PS2 Keyboard (2K - 3)
Device ID: ACPI\PNP0303\4&1ACBC190&0
Manufacturer: Compaq
Name: Compaq PS2 Keyboard (2K - 3)
PNP Device ID: ACPI\PNP0303\4&1ACBC190&0
Service: i8042prt
-- Scheduled Tasks -------------------------------------------------------------
2007-08-29 17:15:42 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-29 17:13:49 432 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-29 07:06:40 288 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-08-29 07:06:32 362 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2007-08-29 04:00:00 348 --a------ C:\WINDOWS\Tasks\XoftSpy.job
2007-08-26 20:20:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 17:04:30 0 d-------- C:\VundoFix Backups
2007-08-28 21:46:35 0 d-------- C:\Program Files\Trend Micro
2007-08-25 14:00:56 0 d-------- C:\Program Files\Lineage II
2007-08-25 13:58:59 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\WinRAR
2007-08-25 10:39:09 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\Comodo
2007-08-25 10:38:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-08-25 09:44:23 0 d-------- C:\Program Files\Comodo
2007-08-17 09:02:17 75328 --a------ C:\WINDOWS\system32\trkdwkmj.exe <Not Verified; ; DDC>
2007-08-17 08:37:03 75328 --a------ C:\WINDOWS\system32\gbetbbgp.exe <Not Verified; ; DDC>
2007-08-17 08:35:09 75328 --a------ C:\WINDOWS\system32\exkjbemi.exe <Not Verified; ; DDC>
2007-08-16 21:37:39 0 d-------- C:\Program Files\Windows Defender
2007-08-16 21:25:49 75328 --a------ C:\WINDOWS\system32\cybgjwkb.exe <Not Verified; ; DDC>
2007-08-15 20:25:28 75328 --a------ C:\WINDOWS\system32\ubgpymvm.exe <Not Verified; ; DDC>
2007-08-15 03:26:55 75328 --a------ C:\WINDOWS\system32\anrrartb.exe <Not Verified; ; DDC>
2007-08-14 21:41:33 75328 --a------ C:\WINDOWS\system32\eltrtlxd.exe <Not Verified; ; DDC>
2007-08-14 20:37:27 0 d-------- C:\Program Files\S?mantec
2007-08-13 21:44:07 75328 --a------ C:\WINDOWS\system32\pmhqpsjj.exe <Not Verified; ; DDC>
2007-08-13 21:41:08 75328 --a------ C:\WINDOWS\system32\bixkrsww.exe <Not Verified; ; DDC>
2007-08-13 19:21:07 1719387 ---hs---- C:\WINDOWS\system32\wybeg.ini2
2007-08-12 21:41:08 75328 --a------ C:\WINDOWS\system32\vxsjvkjm.exe <Not Verified; ; DDC>
2007-08-11 21:41:07 75328 --a------ C:\WINDOWS\system32\nxmhewfe.exe <Not Verified; ; DDC>
2007-08-10 21:41:07 75328 --a------ C:\WINDOWS\system32\nedqrqho.exe <Not Verified; ; DDC>
2007-08-10 20:59:08 75328 --a------ C:\WINDOWS\system32\xvdntqsb.exe <Not Verified; ; DDC>
2007-08-09 18:06:17 75328 --a------ C:\WINDOWS\system32\wdqrenhi.exe <Not Verified; ; DDC>
2007-08-09 16:49:11 75328 --a------ C:\WINDOWS\system32\aqjrwvhv.exe <Not Verified; ; DDC>
2007-08-08 16:00:10 75328 --a------ C:\WINDOWS\system32\qdoptfqb.exe <Not Verified; ; DDC>
2007-08-06 16:13:34 66112 --a------ C:\WINDOWS\system32\wrqgvilq.exe
2007-08-06 13:07:34 66112 --a------ C:\WINDOWS\system32\jfrbthhy.exe
2007-08-05 10:19:19 66112 --a------ C:\WINDOWS\system32\majufkbu.exe
2007-08-04 22:36:52 0 d-------- C:\Program Files\?ppPatch
2007-08-04 10:19:19 66112 --a------ C:\WINDOWS\system32\dclcitbi.exe
2007-08-04 10:16:27 1689792 ---hs---- C:\WINDOWS\system32\wybeg.bak2
2007-08-03 22:22:14 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-08-03 22:21:32 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2007-08-03 22:21:29 0 d-------- C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
2007-08-03 22:16:14 1725158 ---hs---- C:\WINDOWS\system32\wybeg.bak1
2007-08-03 22:13:16 135168 --a------ C:\WINDOWS\tk58.exe
2007-08-03 22:13:08 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-08-03 22:12:49 2 --a------ C:\WINDOWS\system32\wtsiit.exe
2007-08-03 22:12:41 0 d-------- C:\Program Files\??mantec
2007-08-03 22:12:27 306352 -r-hs---- C:\WINDOWS\kjdcehdA.exe <Not Verified; System Service; System Monitor Service>
2007-08-03 22:12:24 171520 --a------ C:\WINDOWS\system32\eoqslqt.dll
2007-08-03 22:12:16 0 d-------- C:\WINDOWS\system32\win
2007-08-03 22:12:16 0 d-------- C:\WINDOWS\system32\E5
2007-08-03 22:12:16 0 d-------- C:\WINDOWS\system32\C9
2007-08-03 22:12:16 0 d-------- C:\WINDOWS\system32\C5
2007-08-03 22:12:16 0 d-------- C:\WINDOWS\system32\C3
2007-08-03 22:12:16 0 d-------- C:\WINDOWS\system32\C1
2007-08-03 22:11:28 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\F?nts
2007-08-03 22:10:48 0 d-------- C:\WINDOWS\system32\b02FdUe
2007-08-03 22:10:32 0 d-------- C:\Program Files\Total Video Converter
-- Find3M Report ---------------------------------------------------------------
2007-08-27 22:07:45 0 d-------- C:\Program Files\XoftSpySE
2007-08-27 20:39:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-17 02:28:20 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\F?nts
2007-08-17 02:28:19 0 d-------- C:\Program Files\Messenger
2007-08-16 22:08:15 0 d-------- C:\Program Files\??mantec
2007-08-16 18:21:02 0 d-------- C:\Program Files\Common Files
2007-08-16 18:17:37 0 d-------- C:\Program Files\BearShare
2007-08-14 20:37:27 0 d-------- C:\Program Files\S?mantec
2007-08-04 22:36:52 0 d-------- C:\Program Files\?ppPatch
2007-07-15 18:38:34 0 d-------- C:\Program Files\Belkin
2007-07-11 08:52:03 0 d-------- C:\Program Files\Google
2007-07-08 19:38:21 0 d-------- C:\Program Files\Steam
2007-07-08 17:59:59 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\interMute
2007-07-08 17:56:57 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\PC Tools
2007-07-08 17:55:36 0 d-------- C:\Program Files\Common Files\Real
2007-07-08 17:55:26 0 d-------- C:\Program Files\PhotoMix
2007-07-08 17:55:00 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\Real
2007-07-08 17:54:35 0 d-------- C:\Program Files\Rhapsody
2007-07-08 17:54:26 0 d-------- C:\Program Files\GameSpy Arcade
2007-07-08 17:41:02 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\Google
2007-07-08 17:39:15 0 d-------- C:\Program Files\Microsoft Games
2007-07-02 00:50:31 0 d-------- C:\Program Files\iTunes
2007-07-02 00:50:16 0 d-------- C:\Program Files\iPod
2007-07-02 00:48:22 0 d-------- C:\Program Files\Common Files\Apple
CrazedRedneck
2007-08-30, 00:37
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f814e86-9d91-453c-98f0-791f7f00ebc5}]
08/03/2007 10:12 PM 171520 --a------ C:\WINDOWS\system32\eoqslqt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66E0AFB1-B5A3-432B-85E9-6A1EF33AC539}]
C:\WINDOWS\system32\gebyw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3EE4EBE-1303-4275-9F3F-E57D2755BF97}]
C:\WINDOWS\system32\ddabb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5512F26-FC12-4C07-B08D-81BDD63D8908}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Windows Media Player\hokem4444.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/20/2004 03:51 PM]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 10:01 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 11:42 PM]
"QuickFinder Scheduler"="c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [03/07/2003 05:01 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/20/2004 03:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/15/2005 04:46 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 06:26 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [07/31/2002 10:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [03/14/2006 04:52 PM]
"kjdcehdA"="C:\WINDOWS\kjdcehdA.exe" [12/12/1989 10:10 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [08/25/2007 09:44 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/08/2006 05:17 AM]
"Steam"="c:\program files\valve\steam\steam.exe" [07/12/2007 11:56 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 9:20:02 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=WIKI.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-08-29 17:25:02 ------------
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) CPU 2.70GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 503.52 MiB / 177.99 MiB
Pagefile Memory (total/avail): 1230.93 MiB / 942.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.43 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 106.83 GiB total, 33.02 GiB free.
D: is Fixed (FAT32) - 4.96 GiB total, 0.9 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SV1203N - 111.81 GiB - 2 partitions
\PARTITION0 - Unknown - 4.97 GiB - D:
\PARTITION1 (bootable) - Installable File System - 106.83 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: COMODO Firewall Pro v2.3.035 (COMODO)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\team fortress classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\biggoose2006\\team fortress classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\biggoose2006\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\ijji\\ENGLISH\\GUNSTER.exe"="C:\\ijji\\ENGLISH\\GUNSTER.exe:*:Enabled:Gunster"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\source sdk base\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\half-life\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\crazedredneck\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\WINDOWS\\system32\\qdoptfqb.exe"="C:\\WINDOWS\\system32\\qdo"
"C:\\WINDOWS\\system32\\cybgjwkb.exe"="C:\\WINDOWS\\system32\\cyb"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-LK4RLMSU41
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.YOUR-LK4RLMSU41
LOGONSERVER=\\YOUR-LK4RLMSU41
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=c:\program files\valve\steam\steamapps\crazedredneck\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp
USERDOMAIN=YOUR-LK4RLMSU41
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.YOUR-LK4RLMSU41
VProject=c:\program files\valve\steam\steamapps\crazedredneck\half-life 2 deathmatch\hl2mp
windir=C:\WINDOWS
CrazedRedneck
2007-08-30, 00:38
-- User Profiles ---------------------------------------------------------------
Owner.YOUR-LK4RLMSU41 (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album Starter Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AOL Instant Messenger --> C:\PROGRA~1\AIM\uninstll.exe -LOG= C:\PROGRA~1\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{D84E40A2-380A-46E9-A750-6F55D398D973}
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Belkin Wireless G Plus MIMO USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\F5D9050\Setup.exe" -l0x9
Blackhawk Striker from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\33A16A26-1533-4016-AE2D-89D6398D7EB2\Uninstall.exe"
Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\350CC34B-2B8E-4EE5-AE4D-F04FDF37DC39\Uninstall.exe"
Block Checker 2.0 --> "C:\Program Files\Block Checker\uninstall.exe"
Bounce from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Counter-Strike: Source --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/240
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
Excavation from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9A8CE71F-71D5-4555-B355-85481DC99B80\Uninstall.exe"
Five Card Frenzy from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\2FDCC229-354D-4279-ABEF-CE17E355BFFA\Uninstall.exe"
Google Desktop MSN Plugin --> MsiExec.exe /I{DC33D3D7-E641-4F17-A562-D572A1FD579B}
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Half-Life 2 --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Honeycombs from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\623398D3-0B1E-4A63-A019-9BA8E77962AD\Uninstall.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
Instant Support --> C:\PROGRA~1\INSTAN~1\UNWISE.EXE C:\PROGRA~1\INSTAN~1\INSTALL.LOG
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Lineage II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe" -l0x9 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Mars Rover from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A6A08018-6E8D-44BA-B964-8235A0B34985\Uninstall.exe"
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Rise Of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.6) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySpaceIM --> MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PokerRoom.com (remove only) --> "C:\Program Files\PokerRoom.com\uninst.exe"
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SkinChooser 1.1.1 --> C:\Program Files\valve\Steam\steamapps\SourceMods\uninst.exe
Slyder from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8567FC11-B0BF-49CD-9EF0-959413FA103D\Uninstall.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Steam --> C:\PROGRA~1\Valve\Steam\UNWISE.EXE C:\PROGRA~1\Valve\Steam\INSTALL.LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
STX from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75443238-3575-492C-9122-6A88DC3A2B75\Uninstall.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtual Warfare from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EEDAA297-DFDF-436A-B977-D95EA63C907D\Uninstall.exe"
WebIQ Client Software --> C:\WINDOWS\System32\WebIQInstall.exe /u
Weblink --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type3050 / Error
Event Submitted/Written: 08/29/2007 01:42:36 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type3045 / Error
Event Submitted/Written: 08/28/2007 01:48:59 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type3039 / Error
Event Submitted/Written: 08/27/2007 01:48:54 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type2930 / Error
Event Submitted/Written: 08/26/2007 11:10:19 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 8.1.178.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type2886 / Error
Event Submitted/Written: 08/26/2007 10:11:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 8.1.178.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4038 / Warning
Event Submitted/Written: 08/29/2007 05:22:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-LK4RLMSU4127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-LK4RLMSU4127 can't undo changes that you allow.
For more information please see the following:
%YOUR-LK4RLMSU41275
Scan ID: {27A3AC3F-1575-45D6-9567-DF0F205163E9}
User: YOUR-LK4RLMSU41\Owner
Name: %YOUR-LK4RLMSU41271
ID: %YOUR-LK4RLMSU41272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-LK4RLMSU41276
Alert Type: %YOUR-LK4RLMSU41278
Detection Type: 1.1.1593.02
Event Record #/Type4037 / Warning
Event Submitted/Written: 08/29/2007 05:22:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-LK4RLMSU4127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-LK4RLMSU4127 can't undo changes that you allow.
For more information please see the following:
%YOUR-LK4RLMSU41275
Scan ID: {BDF9D807-4D30-467D-9688-667BFB99EE25}
User: YOUR-LK4RLMSU41\Owner
Name: %YOUR-LK4RLMSU41271
ID: %YOUR-LK4RLMSU41272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-LK4RLMSU41276
Alert Type: %YOUR-LK4RLMSU41278
Detection Type: 1.1.1593.02
Event Record #/Type4036 / Warning
Event Submitted/Written: 08/29/2007 05:22:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-LK4RLMSU4127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-LK4RLMSU4127 can't undo changes that you allow.
For more information please see the following:
%YOUR-LK4RLMSU41275
Scan ID: {2BE9A133-AC1C-42A1-9CCE-ACEB959E1662}
User: YOUR-LK4RLMSU41\Owner
Name: %YOUR-LK4RLMSU41271
ID: %YOUR-LK4RLMSU41272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-LK4RLMSU41276
Alert Type: %YOUR-LK4RLMSU41278
Detection Type: 1.1.1593.02
Event Record #/Type4035 / Warning
Event Submitted/Written: 08/29/2007 05:22:39 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-LK4RLMSU4127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-LK4RLMSU4127 can't undo changes that you allow.
For more information please see the following:
%YOUR-LK4RLMSU41275
Scan ID: {FF0EFCD7-EB9B-4933-BB3F-AEDA41F56D8E}
User: YOUR-LK4RLMSU41\Owner
Name: %YOUR-LK4RLMSU41271
ID: %YOUR-LK4RLMSU41272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-LK4RLMSU41276
Alert Type: %YOUR-LK4RLMSU41278
Detection Type: 1.1.1593.02
Event Record #/Type4034 / Warning
Event Submitted/Written: 08/29/2007 05:22:39 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-LK4RLMSU4127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-LK4RLMSU4127 can't undo changes that you allow.
For more information please see the following:
%YOUR-LK4RLMSU41275
Scan ID: {473D3BCC-E5A7-438E-A4E1-5BEB5F89AFEC}
User: YOUR-LK4RLMSU41\Owner
Name: %YOUR-LK4RLMSU41271
ID: %YOUR-LK4RLMSU41272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-LK4RLMSU41276
Alert Type: %YOUR-LK4RLMSU41278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2007-08-29 17:25:02 ------------
CrazedRedneck
2007-08-30, 03:23
bumping this to get read
Hi
"bumping this to get read"
We live in different time zones. You can't assume me to reply in the middle of the night, eh?
1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
CrazedRedneck
2007-08-31, 05:30
sorry for my impatience and thanks again for helping
heres the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:15 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66E0AFB1-B5A3-432B-85E9-6A1EF33AC539} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C3EE4EBE-1303-4275-9F3F-E57D2755BF97} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157908919394
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 8386 bytes
heres combofix:
ComboFix 07-08-30.3 - "Owner" 2007-08-30 22:04:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.171 [GMT -5:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Aaron1\Desktop\internet explorer.lnk
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\winantispyware 2007
C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\fnts~1
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\mantec~1
C:\Program Files\pppatc~1
C:\Program Files\smante~1
C:\Program Files\Windows Media Player\hokem4444.dll
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\WINDOWS\bar.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\kjdcehdA.exe
C:\WINDOWS\system32\anrrartb.exe
C:\WINDOWS\system32\aqjrwvhv.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\bixkrsww.exe
C:\WINDOWS\system32\C1
C:\WINDOWS\system32\C3
C:\WINDOWS\system32\C5
C:\WINDOWS\system32\C9
C:\WINDOWS\system32\cybgjwkb.exe
C:\WINDOWS\system32\dclcitbi.exe
C:\WINDOWS\system32\E5
C:\WINDOWS\system32\eltrtlxd.exe
C:\WINDOWS\system32\eoqslqt.dll
C:\WINDOWS\system32\exkjbemi.exe
C:\WINDOWS\system32\gbetbbgp.exe
C:\WINDOWS\system32\jfrbthhy.exe
C:\WINDOWS\system32\majufkbu.exe
C:\WINDOWS\system32\nedqrqho.exe
C:\WINDOWS\system32\nxmhewfe.exe
C:\WINDOWS\system32\pmhqpsjj.exe
C:\WINDOWS\system32\qdoptfqb.exe
C:\WINDOWS\system32\trkdwkmj.exe
C:\WINDOWS\system32\ubgpymvm.exe
C:\WINDOWS\system32\vxsjvkjm.exe
C:\WINDOWS\system32\wdqrenhi.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wrqgvilq.exe
C:\WINDOWS\system32\wtsiit.exe
C:\WINDOWS\system32\xvdntqsb.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))
2007-08-30 22:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 17:05 <DIR> d-------- C:\Deckard
2007-08-29 17:04 <DIR> d-------- C:\VundoFix Backups
2007-08-28 21:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-28 19:13 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-28 19:13 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-28 19:13 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-08-28 19:13 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-08-28 19:13 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-08-28 19:13 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-08-28 19:13 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-08-28 19:13 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-08-28 19:13 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-25 14:00 <DIR> d-------- C:\Program Files\Lineage II
2007-08-25 13:58 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\WinRAR
2007-08-25 10:39 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Comodo
2007-08-25 10:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-25 09:44 <DIR> d-------- C:\Program Files\Comodo
2007-08-16 21:37 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-13 19:21 1,719,387 ---hs---- C:\WINDOWS\system32\wybeg.ini2
2007-08-04 10:16 1,689,792 ---hs---- C:\WINDOWS\system32\wybeg.bak2
2007-08-03 22:16 1,725,158 ---hs---- C:\WINDOWS\system32\wybeg.bak1
2007-08-03 22:10 <DIR> d-------- C:\Program Files\Total Video Converter
2007-07-15 18:38 40,960 --a------ C:\WINDOWS\system32\F5D9050.dll
2007-07-15 18:38 36,864 --a------ C:\WINDOWS\system32\ss.dll
2007-07-15 18:38 245,248 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2007-07-15 18:38 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-15 18:38 19,968 --a------ C:\WINDOWS\system32\drivers\ss.sys
2007-07-15 18:38 <DIR> d-------- C:\Program Files\Belkin
2007-07-09 10:48 <DIR> d-------- C:\HammerAutosave
2007-07-08 19:38 <DIR> d-------- C:\Program Files\Steam
2007-07-08 17:56 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PC Tools
2007-07-02 00:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-02 00:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-29 18:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-27 22:07 --------- d-------- C:\Program Files\XoftSpySE
2007-08-16 18:17 --------- d-------- C:\Program Files\BearShare
2007-08-16 16:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-07-11 08:52 --------- d-------- C:\Program Files\Google
2007-07-08 17:59 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\interMute
2007-07-08 17:55 --------- d-------- C:\Program Files\PhotoMix
2007-07-08 17:55 --------- d-------- C:\Program Files\Common Files\Real
2007-07-08 17:55 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Real
2007-07-08 17:54 --------- d-------- C:\Program Files\Rhapsody
2007-07-08 17:54 --------- d-------- C:\Program Files\GameSpy Arcade
2007-07-08 17:41 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Google
2007-07-08 17:39 --------- d-------- C:\Program Files\Microsoft Games
2007-07-02 00:50 --------- d-------- C:\Program Files\iTunes
2007-07-02 00:50 --------- d-------- C:\Program Files\iPod
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2004-07-01 19:21 369 --a------ C:\Program Files\MOHAA_UKUS_ONLY_patch111v9safedisk.exe.FilePlanetCache
2004-05-31 11:24 3999760 --a------ C:\Program Files\iaplayer_2.05.10.0325.exe
2003-12-06 11:15 169984 --a------ C:\DOCUME~1\Diana\APPLIC~1\DownloadPlus.exe
2003-12-01 17:07 36591 --a------ C:\Program Files\weird293.jpg
2003-11-08 08:56 682525696 --------- C:\DOCUME~1\GAMESP~1\AmericasArmy200Installer.exe
2003-11-07 15:24 234137114 --------- C:\DOCUME~1\GAMESP~1\aao_patch_190to200.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66E0AFB1-B5A3-432B-85E9-6A1EF33AC539}]
C:\WINDOWS\system32\gebyw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3EE4EBE-1303-4275-9F3F-E57D2755BF97}]
C:\WINDOWS\system32\ddabb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42]
"QuickFinder Scheduler"="c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 05:01]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 04:46]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 18:26]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 16:52]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-25 09:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-07-12 11:56]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=WIKI.DLL
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys
Contents of the 'Scheduled Tasks' folder
2007-08-27 01:20:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-31 03:22:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-08-31 03:13:18 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-08-30 09:00:00 C:\WINDOWS\Tasks\XoftSpy.job
2007-08-31 03:19:36 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-30 12:50:14 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 22:19:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-30 22:23:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-30 22:22
--- E O F ---
Hi
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.bak1
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
CrazedRedneck
2007-09-07, 04:53
sorry for long reply time.... internet has been out for a couple of days
ComboFix 07-08-30.3 - "Owner" 2007-09-04 19:04:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.127 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.bak1
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.ini2
((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))
2007-08-30 22:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 17:05 <DIR> d-------- C:\Deckard
2007-08-29 17:04 <DIR> d-------- C:\VundoFix Backups
2007-08-28 21:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-28 19:13 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-28 19:13 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-28 19:13 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-08-28 19:13 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-08-28 19:13 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-08-28 19:13 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-08-28 19:13 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-08-28 19:13 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-08-28 19:13 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-25 14:00 <DIR> d-------- C:\Program Files\Lineage II
2007-08-25 13:58 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\WinRAR
2007-08-25 10:39 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Comodo
2007-08-25 10:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-25 09:44 <DIR> d-------- C:\Program Files\Comodo
2007-08-16 21:37 <DIR> d-------- C:\Program Files\Windows Defender
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-01 07:50 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Apple Computer
2007-08-29 18:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-27 22:07 --------- d-------- C:\Program Files\XoftSpySE
2007-08-16 18:17 --------- d-------- C:\Program Files\BearShare
2007-08-16 16:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-03 23:49 --------- d-------- C:\Program Files\Total Video Converter
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-07-15 18:38 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-15 18:38 --------- d-------- C:\Program Files\Belkin
2007-07-11 08:52 --------- d-------- C:\Program Files\Google
2007-07-08 19:38 --------- d-------- C:\Program Files\Steam
2007-07-08 17:59 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\interMute
2007-07-08 17:56 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PC Tools
2007-07-08 17:55 --------- d-------- C:\Program Files\PhotoMix
2007-07-08 17:55 --------- d-------- C:\Program Files\Common Files\Real
2007-07-08 17:55 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Real
2007-07-08 17:54 --------- d-------- C:\Program Files\Rhapsody
2007-07-08 17:54 --------- d-------- C:\Program Files\GameSpy Arcade
2007-07-08 17:41 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Google
2007-07-08 17:39 --------- d-------- C:\Program Files\Microsoft Games
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2004-07-01 19:21 369 --a------ C:\Program Files\MOHAA_UKUS_ONLY_patch111v9safedisk.exe.FilePlanetCache
2004-05-31 11:24 3999760 --a------ C:\Program Files\iaplayer_2.05.10.0325.exe
2003-12-06 11:15 169984 --a------ C:\DOCUME~1\Diana\APPLIC~1\DownloadPlus.exe
2003-12-01 17:07 36591 --a------ C:\Program Files\weird293.jpg
2003-11-08 08:56 682525696 --------- C:\DOCUME~1\GAMESP~1\AmericasArmy200Installer.exe
2003-11-07 15:24 234137114 --------- C:\DOCUME~1\GAMESP~1\aao_patch_190to200.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66E0AFB1-B5A3-432B-85E9-6A1EF33AC539}]
C:\WINDOWS\system32\gebyw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3EE4EBE-1303-4275-9F3F-E57D2755BF97}]
C:\WINDOWS\system32\ddabb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42]
"QuickFinder Scheduler"="c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 05:01]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 04:46]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 18:26]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 16:52]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-25 09:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-07-12 11:56]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=WIKI.DLL
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys
Contents of the 'Scheduled Tasks' folder
2007-09-03 01:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-05 00:02:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-09-04 23:58:48 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-09-04 09:00:00 C:\WINDOWS\Tasks\XoftSpy.job
2007-09-05 00:00:37 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-09-04 12:43:41 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 19:14:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-04 19:15:49
C:\ComboFix-quarantined-files.txt ... 2007-09-04 19:15
C:\ComboFix2.txt ... 2007-08-30 22:23
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:11 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66E0AFB1-B5A3-432B-85E9-6A1EF33AC539} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C3EE4EBE-1303-4275-9F3F-E57D2755BF97} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157908919394
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 8657 bytes
Hi
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {66E0AFB1-B5A3-432B-85E9-6A1EF33AC539} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C3EE4EBE-1303-4275-9F3F-E57D2755BF97} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Close all windows including browser and press fix checked.
Reboot.
Please run this online scan:
Panda ActiveScan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm)
Once you are on the Panda site, click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log
http://forums.spybot.info/showthread.php?p=115642#post115642 :lip:
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.