View Full Version : Another virtumonde victim
Thank you for at least opening my thread i believe that i may have gotten virtumonde it might be something else though i am not 100% sure and i see you guys have done a great job helping out people in the past and im hoping you can do same for me.
thanks in advance :)
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 05, 2008 5:40:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/06/2008
Kaspersky Anti-Virus database records: 831358
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics:
Total number of scanned objects: 121556
Number of viruses found: 22
Number of infected objects: 113
Number of suspicious objects: 0
Duration of the scan process: 01:56:58
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\00e9_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\00ec_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\00f0_AdBlocker_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\00f0_AdBlocker_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\0100_Scan_Objects_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\0100_Scan_Objects_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\eventlog Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\GEOFF\Local Settings\Temporary Internet Files\Content.IE5\9KSBT5KL\uptro[1].exe/updatefile.exe Infected: Backdoor.Win32.IRCBot.dhr skipped
C:\Documents and Settings\GEOFF\Local Settings\Temporary Internet Files\Content.IE5\9KSBT5KL\uptro[1].exe RAR: infected - 1 skipped
C:\Documents and Settings\GEOFF\Local Settings\Temporary Internet Files\Content.IE5\KR7FIO9P\kb767887[1] Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\Documents and Settings\GEOFF\Local Settings\Temporary Internet Files\Content.IE5\L108OTH7\setup[1].exe Infected: Trojan-Downloader.Win32.Zlob.nsa skipped
C:\Documents and Settings\GEOFF\Local Settings\Temporary Internet Files\Content.IE5\VN57V5GW\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\cert8.db Object is locked skipped
C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\history.dat Object is locked skipped
C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\key3.db Object is locked skipped
C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\parent.lock Object is locked skipped
C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\search.sqlite Object is locked skipped
C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\MIKE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MIKE\Desktop\Desktop stuff\RegistryCleaner2008.exe/file1 Infected: not-a-virus:FraudTool.Win32.RegCleanFix.c skipped
C:\Documents and Settings\MIKE\Desktop\Desktop stuff\RegistryCleaner2008.exe Inno: infected - 1 skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Identities\{D731E0A7-0994-43AA-A799-E3B15FF39CC6}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Identities\{D731E0A7-0994-43AA-A799-E3B15FF39CC6}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Mozilla\Firefox\Profiles\npn8v0sm.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\History\History.IE5\MSHist012008060520080606\index.dat Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen.zip/PowerISO 4.0 + Keygen/Keygen.exe/data0002 Infected: Backdoor.Win32.Rbot.kht skipped
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen.zip/PowerISO 4.0 + Keygen/Keygen.exe Infected: Backdoor.Win32.Rbot.kht skipped
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen.zip ZIP: infected - 2 skipped
C:\Documents and Settings\MIKE\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\MIKE\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\test\Local Settings\Temp\UVln.exe Infected: Trojan-Spy.Win32.Zbot.cec skipped
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\3Y67QHF4\kb635111[1] Infected: Trojan.Win32.Obfuscated.auw skipped
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\3Y67QHF4\XPantivirus2008_v880062[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.gen skipped
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\L108OTH7\kb516107[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\OEB3ZRM8\kb767887[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\ZBBRJPNC\kb456456[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030209.exe Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030210.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030213.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030215.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030216.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030218.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030224.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030226.dll Infected: not-a-virus:AdTool.Win32.Zango.n skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030227.dll Infected: not-a-virus:AdTool.Win32.Zango.n skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP169\A0030246.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP178\A0037599.exe Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP178\A0037600.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP178\A0037602.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP178\A0037604.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP178\A0037605.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP178\A0037607.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP178\A0038570.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP216\A0067612.exe Infected: Backdoor.Win32.Rbot.pji skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP216\A0067613.exe Infected: Backdoor.Win32.Rbot.pji skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP216\A0067617.exe/updatefile.exe Infected: Backdoor.Win32.Rbot.pji skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP216\A0067617.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP229\A0081482.dll Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP229\A0081484.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP229\A0081486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP229\A0081487.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP229\A0081507.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP230\A0082533.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP231\A0086562.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP231\A0087571.exe Infected: Trojan-Spy.Win32.Zbot.cec skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP231\A0087585.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0087607.exe Infected: Trojan-Spy.Win32.Zbot.cew skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0089666.exe Infected: Backdoor.Win32.Kbot.s skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090703.exe Infected: Trojan-Downloader.Win32.VB.dck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090704.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090705.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090706.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090707.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090708.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090709.exe Infected: Backdoor.Win32.Rbot.kht skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090714.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090715.exe Infected: Backdoor.Win32.IRCBot.dhr skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090716.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090717.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090718.dll Infected: not-a-virus:AdWare.Win32.Shopper.v skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090722.exe Infected: Trojan-Downloader.Win32.VB.dck skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090728.exe Infected: Backdoor.Win32.IRCBot.dhr skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090729.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090730.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090759.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090760.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090762.exe/updatefile.exe Infected: Backdoor.Win32.IRCBot.dhr skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090762.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090763.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090764.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090765.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090766.dll Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090767.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090768.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090769.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090770.dll Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090771.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090772.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090773.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090774.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090775.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\A0090776.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP232\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Help\Tours\updatefile.exe Infected: Backdoor.Win32.IRCBot.dhr skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lcuvynpq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\WINDOWS\system32\mpxqnpth.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\WINDOWS\system32\ohmquxin.dll Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\WINDOWS\system32\qduwqemj.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\rfhhvyom.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\shvmoqxq.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\WINDOWS\system32\sircasqe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\WINDOWS\system32\ucvmocmo.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xsnomyqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\WINDOWS\Temp\1.tmp Infected: Trojan-Spy.Win32.Zbot.cew skipped
C:\WINDOWS\Temp\Perflib_Perfdata_314.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:59 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {173C8188-6872-4C87-8E19-CEBC6D63A91F} - (no file)
O2 - BHO: (no name) - {2535EF54-8302-4E7E-BF16-3EA7657C6DD1} - C:\WINDOWS\system32\awttsTno.dll (file missing)
O2 - BHO: (no name) - {2DC6C4DF-B2DD-44E9-8F06-3ED3E3F53E98} - (no file)
O2 - BHO: (no name) - {505845C0-8978-408C-BEE9-1B5D76C3C469} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {E243A8E7-6244-49E0-A361-22DBF30FD46C} - C:\WINDOWS\system32\pmnkHWqo.dll (file missing)
O2 - BHO: (no name) - {F8311821-50B5-4919-9F7A-673290E6A699} - C:\WINDOWS\system32\ljJCuTnk.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199108387330
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199108595361
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: pmnkHWqo - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 9932 bytes
steamwiz
2008-06-06, 21:48
Hi
It looks like most of your vundo infection has been removed, however you have other malware, some of which has come from downloading illegal cracks ... these allways come with a little "extra"
Download Deckard's System
Scanner (formerly Comboscan) (http://www.geekstogo.com/forum/index.php?automodule=downloads&showfile=19) to your Desktop.
1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - ComboScan.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next reply.
5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
6. Please copy and paste the contents of Supplementary.txt to your post.
Please remember to post both txt files ...
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please
ensure that you allow sigcheck.exe permission to do so.
THEN ..
Please Download Malwarebytes' Anti-Malware from Here :-
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or here :-
http://www.besttechie.net/tools/mbam-setup.exe
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then
click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.
steam
Thanks alot and sorry for my slow reply hope i posted right things:)
Deckard's System Scanner v20071014.68
Run by MIKE on 2008-06-07 16:27:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
66: 2008-06-07 15:27:44 UTC - RP233 - Deckard's System Scanner Restore Point
65: 2008-06-04 01:34:12 UTC - RP232 - Installed Kaspersky Internet Security 7.0.
64: 2008-06-01 19:00:02 UTC - RP231 - Installed Kaspersky Internet Security 7.0.
63: 2008-06-01 15:10:11 UTC - RP230 - Last known good configuration
62: 2008-06-01 15:10:07 UTC - RP229 - Restore Operation
-- First Restore Point --
1: 2008-06-01 15:09:55 UTC - RP168 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as MIKE.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:43 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\MIKE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MIKE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {173C8188-6872-4C87-8E19-CEBC6D63A91F} - (no file)
O2 - BHO: (no name) - {2535EF54-8302-4E7E-BF16-3EA7657C6DD1} - C:\WINDOWS\system32\awttsTno.dll (file missing)
O2 - BHO: (no name) - {2DC6C4DF-B2DD-44E9-8F06-3ED3E3F53E98} - (no file)
O2 - BHO: (no name) - {505845C0-8978-408C-BEE9-1B5D76C3C469} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {E243A8E7-6244-49E0-A361-22DBF30FD46C} - C:\WINDOWS\system32\pmnkHWqo.dll (file missing)
O2 - BHO: (no name) - {F8311821-50B5-4919-9F7A-673290E6A699} - C:\WINDOWS\system32\ljJCuTnk.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199108387330
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199108595361
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: pmnkHWqo - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 9652 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys <Not Verified; Analog Deivces; ADI ADSL chipset loader>
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
S3 ctdvda2k (Creative DVD-Audio Device Driver) - c:\windows\system32\drivers\ctdvda2k.sys (file missing)
S3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Diskeeper - c:\program files\diskeeper corporation\diskeeper\dkservice.exe <Not Verified; Diskeeper® Corporation; Diskeeper (TM) Disk Defragmenter>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82566DC-2 Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_00018086&REV_02\3&61AAA01&0&C8
Manufacturer: Intel
Name: Intel(R) 82566DC-2 Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_00018086&REV_02\3&61AAA01&0&C8
Service: e1express
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1F31EF9902700
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1F31EF9902700
Service: NIC1394
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: d347bus
-- Files created between 2008-05-07 and 2008-06-07 -----------------------------
2008-06-06 17:41:01 0 d-------- C:\hellgatecrack
2008-06-06 10:12:10 0 d-------- C:\VundoFix Backups
2008-06-06 09:50:02 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-05 15:39:46 0 d-------- C:\Program Files\Trend Micro
2008-06-05 15:17:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-05 10:28:50 2560 --a------ C:\WINDOWS\system32\kwwklmvs.exe
2008-06-04 02:35:50 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-04 02:35:50 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-04 02:34:40 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-04 02:34:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-04 01:32:43 0 d-------- C:\Program Files\Diablo 2 Mastertool
2008-06-04 01:12:38 2560 --a------ C:\WINDOWS\system32\jboeprqo.exe
2008-06-02 21:33:54 0 d-------- C:\DIABLO2LODCRACK
2008-06-02 21:21:51 0 d-------- C:\diablo2
2008-06-02 20:57:03 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-02 20:15:27 2560 --a------ C:\WINDOWS\system32\iedbxfvu.exe
2008-06-02 17:20:32 0 d-------- C:\Documents and Settings\test\Application Data\DAEMON Tools
2008-06-02 06:18:07 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-02 06:18:07 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-02 06:18:07 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-02 06:16:54 35499 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-02 06:16:53 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-02 06:16:53 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-02 05:53:25 0 d-------- C:\Program Files\Diablo II
2008-06-02 05:52:47 0 d-------- C:\Program Files\Hero Editor
2008-06-02 05:51:14 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-02 05:47:18 0 d-------- C:\Documents and Settings\test\Application Data\WinRAR
2008-06-02 05:44:40 0 d-------- C:\Documents and Settings\test\Application Data\uTorrent
2008-06-02 00:28:25 0 d-------- C:\Documents and Settings\GEOFF\Application Data\Talkback
2008-06-02 00:27:07 0 d-------- C:\Documents and Settings\GEOFF\Application Data\Mozilla
2008-06-01 20:43:36 0 d-------- C:\Documents and Settings\GEOFF\Application Data\Ventrilo
2008-06-01 20:15:42 2560 --a------ C:\WINDOWS\system32\iakgnuia.exe
2008-06-01 20:11:02 530020 --ahs---- C:\WINDOWS\system32\onTsttwa.ini2
2008-06-01 20:02:49 0 d--hs---- C:\Documents and Settings\NetworkService\Application Data\wsnpoem
2008-06-01 19:55:08 15136 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 19:55:08 1616416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 19:06:28 0 d-------- C:\Documents and Settings\test\Application Data\Talkback
2008-06-01 19:05:14 0 d-------- C:\Documents and Settings\test\Application Data\Mozilla
2008-06-01 18:44:59 0 d---s---- C:\Documents and Settings\test\UserData
2008-06-01 18:03:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-01 17:51:37 0 d--hs---- C:\Documents and Settings\LocalService\Application Data\wsnpoem
2008-06-01 16:20:19 0 d-------- C:\Documents and Settings\test\Application Data\Ventrilo
2008-06-01 16:16:57 0 d-------- C:\Documents and Settings\test\Contacts
2008-06-01 16:12:53 2560 --a------ C:\WINDOWS\system32\hnvfifpk.exe
2008-06-01 02:33:28 0 d-------- C:\hellgate
2008-06-01 02:19:09 573671 --ahs---- C:\WINDOWS\system32\knTuCJjl.ini2
2008-05-31 08:02:50 0 d-------- C:\Program Files\Firefly Studios
2008-05-28 06:44:41 0 d-------- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-05-28 05:49:17 0 d-------- C:\WINDOWS\nvidia icons
2008-05-28 05:49:08 0 d-------- C:\WINDOWS\NV36322728.TMP
2008-05-25 07:15:07 0 d-------- C:\Program Files\DOOM Collector's Edition
2008-05-24 22:10:39 0 d-------- C:\Documents and Settings\MIKE\VASSAL
2008-05-18 14:12:25 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-05-17 14:32:40 0 d-------- C:\Program Files\Doom 3
2008-05-17 12:22:02 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-12 16:03:10 0 d-------- C:\Documents and Settings\GEOFF\Application Data\Sun
2008-05-11 02:30:57 0 d-------- C:\Program Files\CamStudio(2)
-- Find3M Report ---------------------------------------------------------------
2008-06-07 07:19:34 0 d-------- C:\Program Files\Steam
2008-06-06 17:56:40 0 d-------- C:\Documents and Settings\MIKE\Application Data\uTorrent
2008-06-06 17:41:55 0 d-------- C:\Program Files\Flagship Studios
2008-06-06 17:30:19 0 d-------- C:\Documents and Settings\MIKE\Application Data\LimeWire
2008-06-05 17:58:12 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 15:36:21 0 d-------- C:\Documents and Settings\MIKE\Application Data\ShoppingReport
2008-05-31 08:02:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 05:17:11 1783 --a------ C:\WINDOWS\mozver.dat
2008-05-24 22:26:43 0 d-------- C:\Program Files\Java
2008-05-17 17:26:40 0 d-------- C:\Program Files\Warcraft III
2008-05-17 11:01:07 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-12 16:36:02 0 d-------- C:\Documents and Settings\MIKE\Application Data\dvdcss
2008-05-12 16:35:53 0 d-------- C:\Documents and Settings\MIKE\Application Data\Hamachi
2008-05-11 22:31:20 0 d-------- C:\Program Files\CAPCOM
2008-05-04 11:56:35 0 d-------- C:\Program Files\Zylom Games
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-02 16:28:58 0 d-------- C:\Program Files\THQ
2008-04-28 18:07:34 0 d-------- C:\Program Files\CureROM
2008-04-28 17:56:33 0 d-------- C:\Program Files\Atari
2008-04-26 14:23:51 63170 --a------ C:\WINDOWS\War3Unin.dat
2008-04-26 14:09:23 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-26 14:09:23 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-18 17:56:51 0 d-------- C:\Program Files\RenegadePublicTools
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{173C8188-6872-4C87-8E19-CEBC6D63A91F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2535EF54-8302-4E7E-BF16-3EA7657C6DD1}]
C:\WINDOWS\system32\awttsTno.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC6C4DF-B2DD-44E9-8F06-3ED3E3F53E98}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{505845C0-8978-408C-BEE9-1B5D76C3C469}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}]
C:\WINDOWS\system32\pmnkHWqo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8311821-50B5-4919-9F7A-673290E6A699}]
C:\WINDOWS\system32\ljJCuTnk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/23/2008 10:42 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"SigmatelSysTrayApp"="sttray.exe" [09/26/2007 09:33 AM C:\WINDOWS\sttray.exe]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [12/28/2006 07:07 PM]
"PWRISOVM.EXE"="C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE" [03/15/2008 12:50 AM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/26/2007 04:53 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2007 11:21 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/28/2008 07:06 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 05:24 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/14/2008 12:09 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [05/18/2008 02:12 PM]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 5:44:06 AM]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2/9/2008 3:58:27 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E243A8E7-6244-49E0-A361-22DBF30FD46C}"= C:\WINDOWS\system32\pmnkHWqo.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkHWqo]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awttsTno
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MIKE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c6d3285]
rundll32.exe "C:\WINDOWS\system32\rfhhvyom.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
adiras.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5f5e0119]
Rundll32.exe "C:\WINDOWS\system32\qduwqemj.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
"C:\Program Files\Intel\IDU\iptray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
"C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 208.67.70.3
127.0.0.1 38.99.150.167
127.0.0.1 38.99.150.205
127.0.0.1 88.255.90.60
127.0.0.1 opal.spod.org
127.0.0.1 sendspace.com
127.0.0.1 ad1.ny.yieldmanager.com
127.0.0.1 ad2.ny.yieldmanager.com
127.0.0.1 ny.yieldmanager.com
127.0.0.1 yieldmanager.com
8567 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-06-07 16:31:19 ------------
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type437 / Error
Event Submitted/Written: 06/06/2008 11:03:28 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module msxml3.dll, version 8.90.1101.0, fault address 0x000ae6ca.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type428 / Success
Event Submitted/Written: 06/06/2008 10:47:25 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type413 / Success
Event Submitted/Written: 06/06/2008 09:38:09 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4257 / Warning
Event Submitted/Written: 06/07/2008 07:20:00 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{FA77DF8D-7082-4106-983A-DC8242E48108}.
Event Record #/Type4256 / Error
Event Submitted/Written: 06/07/2008 07:19:57 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.100.2 on the
Network Card with network address 000A73A7BBBD.
Event Record #/Type4255 / Warning
Event Submitted/Written: 06/07/2008 07:19:57 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000A73A7BBBD. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type4235 / Warning
Event Submitted/Written: 06/07/2008 07:18:43 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000A73A7BBBD. The IP address being used is 169.254.28.93.
Event Record #/Type4234 / Warning
Event Submitted/Written: 06/07/2008 07:18:43 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{FA77DF8D-7082-4106-983A-DC8242E48108}.
-- End of Deckard's System Scanner: finished at 2008-06-07 16:31:19 ------------
Malwarebytes' Anti-Malware 1.15
Database version: 830
4:47:24 PM 6/7/2008
mbam-log-6-7-2008 (16-47-24).txt
Scan type: Quick Scan
Objects scanned: 52330
Time elapsed: 8 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 23
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{514a5c49-0c7d-42c3-a71b-38864a269b7a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\res3 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\hnvfifpk.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iakgnuia.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iedbxfvu.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jboeprqo.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kwwklmvs.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\3Y67QHF4\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\OEB3ZRM8\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\ZBBRJPNC\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Local Settings\Temporary Internet Files\Content.IE5\OEB3ZRM8\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\test\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\MIKE\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEOFF\Application Data\ShoppingReport\cs\res3\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
steamwiz
2008-06-07, 22:12
Hi
There should be 2 text files produced by Deckard's System Scanner, you've posted the main.txt ...
you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt ... please post it in your next reply.
THEN ...
Please follow these directions to run Combofix & post a log.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
steam
ok sorry for not posting the extra.txt i thought i had done
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2029.55 MiB / 1114.92 MiB
Pagefile Memory (total/avail): 3412 MiB / 2655.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.5 MiB
C: is Fixed (NTFS) - 232.88 GiB total, 44.43 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Hitachi HCS725025VLAT80 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Kaspersky Internet Security v7.0.0.124 (Kaspersky Lab) Disabled
AV: Kaspersky Internet Security v7.0.0.124 (Kaspersky Lab) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears of War"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"="C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe:*:Enabled:Hellgate: London"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe:*:Enabled:LostPlanetDX10"
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe:*:Enabled:LostPlanetDX9"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm Demo\\Soulstorm.exe"="C:\\Program Files\\THQ\\Dawn of War - Soulstorm Demo\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"E:\\My stuff\\World of Warcraft\\WoWTest\\WoW-0.4.0.7979-to-0.4.0.7994-enGB-downloader.exe"="E:\\My stuff\\World of Warcraft\\WoWTest\\WoW-0.4.0.7979-to-0.4.0.7994-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\MIKE\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\MIKE\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat"="C:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"="C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat:*:Enabled:Command & Conquer(tm) 3: Kane's Wrath"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\WESTWOOD\\Renegade\\Game.exe"="C:\\WESTWOOD\\Renegade\\Game.exe:*:Enabled:Renegade"
"C:\\WESTWOOD\\C&C95\\C&C95.EXE"="C:\\WESTWOOD\\C&C95\\C&C95.EXE:*:Enabled:C&C95"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Atari\\Act of War - High Treason\\ActOfWar_HighTreason.exe"="C:\\Program Files\\Atari\\Act of War - High Treason\\ActOfWar_HighTreason.exe:*:Enabled:ActOfWar_HighTreason"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\MIKE\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-SXIKJD77MT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HellgateEnv=C:\Program Files\Flagship Studios\Hellgate London\
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MIKE
LOGONSERVER=\\HOME-SXIKJD77MT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MIKE\LOCALS~1\Temp
TMP=C:\DOCUME~1\MIKE\LOCALS~1\Temp
USERDOMAIN=HOME-SXIKJD77MT
USERNAME=MIKE
USERPROFILE=C:\Documents and Settings\MIKE
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
MIKE (admin)
GEOFF
test (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Act of War - High Treason --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C08EBBFD-C565-472F-9354-5593B9873705}\setup.exe" -l0x9
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Around the World in 80 Days Deluxe --> "C:\Program Files\Zylom Games\Around the World in 80 Days Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Cannon Blast Deluxe --> "C:\Program Files\Zylom Games\Cannon Blast Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Command & Conquer 3 Tiberium Wars(TM) Worldbuilder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F428768A-BA63-43A5-86E9-7F0CFD174944}\setup.exe" -l0x9 -removeonly
Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXE
Command & Conquer Renegade --> C:\Westwood\Renegade\Uninstll.exe
Command & Conquer Windows 95 --> C:\WINDOWS\UNINSTCC.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\C&C95\DeIsL1.isu
Command & Conquer™ 3: Kane's Wrath --> MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Condition Zero --> "C:\Program Files\Steam\steam.exe" steam://uninstall/80
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
CryEngine(R)2 Sandbox(TM)2 --> MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
Crysis(R) --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CureROM Pro 2.0.3.3 --> C:\Program Files\CureROM\uninst.exe
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dawn of War - Dark Crusade --> C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn of War - Soulstorm --> "C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Dawn of War - Soulstorm Demo --> "C:\Program Files\InstallShield Installation Information\{66615AF8-6B17-4224-853D-7F78BEC06A4F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Devil May Cry 3 Special Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}\setup.exe" -l0x9 -removeonly
Diablo 2 Mastertool --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Diablo 2 Mastertool\DeIsL1.isu" -c"C:\Program Files\Diablo 2 Mastertool\_ISREG32.DLL"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diskeeper Home Edition --> MsiExec.exe /X{0C38EB05-3259-4DD3-9663-74A60C80BA4E}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DMC Screen Saver --> C:\WINDOWS\SOFTDISK\SSSTUDIO\DMC\UNINSTAL.EXE
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
DOOM Collector's Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DOOM Collector's Edition\DC.isu"
Family Feud Deluxe --> "C:\Program Files\Zylom Games\Family Feud Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Gears of War --> C:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\Setup.exe -runfromtemp -l0x0409
Gold Rush Deluxe --> "C:\Program Files\Zylom Games\Gold Rush Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hamachi 1.0.0.62 --> C:\Program Files\Hamachi\uninstall.exe
Hellgate: London --> MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
Hero Editor V0.95 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.000"
Hero Editor V0.96 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Desktop Utilities --> C:\Program Files\InstallShield Installation Information\{F5982296-84CC-4D5B-B791-B03650F3380E}\setup.exe -runfromtemp -l0x0409
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\System32\igxpun.exe -uninstall
Intel(R) Management Engine Interface --> C:\WINDOWS\System32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel(R) SMBus --> C:\WINDOWS\System32\ismbun.exe -uninstall
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Jewel Match Deluxe --> "C:\Program Files\Zylom Games\Jewel Match Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.16.2 --> "C:\Program Files\LimeWire\uninstall.exe"
Lost Planet: Extreme Condition --> "C:\Program Files\Steam\steam.exe" steam://uninstall/6510
MechCommander Desperate Measures --> C:\WINDOWS\uninst.exe -f"C:\Program Files\MicroProse\MCX\DeIsL1.isu"
MechCommander Mission Editor --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MicroProse\MCX\Uninst.isu"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials --> MsiExec.exe /X{1A6A6531-08FC-47AD-BAC4-C41497E71033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pcsx2 0.9.4 Watermoose --> "C:\Program Files\Pcsx2_0.9.4\unins000.exe"
Pirate Poppers Deluxe --> "C:\Program Files\Zylom Games\Pirate Poppers Deluxe\GameInstlr.exe" --uninstall UnInstall.log
PowerISO --> "C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\uninstall.exe"
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
Python 2.5.2 --> MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Alert Windows 95 --> C:\WINDOWS\RAUNINST.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\REDALERT\DeIsL1.isu
Retribution --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\STARCR~1\maps\RETRIB~1\Uninst.isu
SAGEM F@st 800-840 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x9
ShopperReports --> C:\Program Files\ShoppingReport\Uninst.exe
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Spielegeier.de Command & Conquer 3: Tiberium Wars - MapPack 1 --> "C:\Games\C&C3\unins000.exe"
Spielegeier.de Command & Conquer 3: Tiberium Wars - MapPack 2 --> "C:\Games\C&C3\unins001.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold Crusader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\Setup.exe"
Super Collapse! 3 Deluxe --> "C:\Program Files\Zylom Games\Super Collapse! 3 Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Supercow Deluxe --> "C:\Program Files\Zylom Games\Supercow Deluxe\GameInstlr.exe" --uninstall UnInstall.log
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The legend of El Dorado Deluxe --> "C:\Program Files\Zylom Games\The legend of El Dorado Deluxe\GameInstlr.exe" --uninstall UnInstall.log
the Renegade mod tools --> C:\PROGRA~1\RENEGA~1\UNWISE.EXE C:\PROGRA~1\RENEGA~1\INSTALL.LOG
Unreal Tournament 3 --> "C:\Documents and Settings\MIKE\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe" -runfromtemp -l0x0409 -removeonly
Unreal Tournament 3 --> MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
VASSAL 3.0 --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.vassalengine.org/ws/vassal-3.0.jnlp"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Warhammer Mark of Chaos --> C:\Program Files\InstallShield Installation Information\{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}\Setup.exe -runfromtemp -l0x0009 -removeonly
WebSTAR DPX USB Cable Modem Adapter --> UNDPX.EXE
Westwood Chat 4.221 --> "C:\WESTWOOD\WWONLINE\Uninstall.exe"
Westwood Online --> C:\WESTWOOD\WWONLINE\UNINSTWC.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\WWONLINE\DeIsL1.isu
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xango Tango Deluxe --> "C:\Program Files\Zylom Games\Xango Tango Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Zuma Deluxe --> "C:\Program Files\Zylom Games\Zuma Deluxe\GameInstlr.exe" --uninstall UnInstall.log
-- Application Event Log -------------------------------------------------------
Event Record #/Type463 / Success
Event Submitted/Written: 06/07/2008 07:22:44 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type447 / Success
Event Submitted/Written: 06/06/2008 06:01:55 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type437 / Error
Event Submitted/Written: 06/06/2008 11:03:28 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module msxml3.dll, version 8.90.1101.0, fault address 0x000ae6ca.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type428 / Success
Event Submitted/Written: 06/06/2008 10:47:25 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type413 / Success
Event Submitted/Written: 06/06/2008 09:38:09 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4257 / Warning
Event Submitted/Written: 06/07/2008 07:20:00 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{FA77DF8D-7082-4106-983A-DC8242E48108}.
Event Record #/Type4256 / Error
Event Submitted/Written: 06/07/2008 07:19:57 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.100.2 on the
Network Card with network address 000A73A7BBBD.
Event Record #/Type4255 / Warning
Event Submitted/Written: 06/07/2008 07:19:57 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000A73A7BBBD. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type4235 / Warning
Event Submitted/Written: 06/07/2008 07:18:43 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000A73A7BBBD. The IP address being used is 169.254.28.93.
Event Record #/Type4234 / Warning
Event Submitted/Written: 06/07/2008 07:18:43 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{FA77DF8D-7082-4106-983A-DC8242E48108}.
-- End of Deckard's System Scanner: finished at 2008-06-07 16:31:19 ------------
ComboFix 08-06-07.3 - MIKE 2008-06-08 4:20:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1112 [GMT 1:00]
Running from: C:\Documents and Settings\MIKE\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM5f5e0119.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\arnptxgi.ini
C:\WINDOWS\system32\knTuCJjl.ini
C:\WINDOWS\system32\knTuCJjl.ini2
C:\WINDOWS\system32\lujfrgsb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\moyvhhfr.ini
C:\WINDOWS\system32\onTsttwa.ini
C:\WINDOWS\system32\onTsttwa.ini2
C:\WINDOWS\system32\qpnyvucl.ini
C:\WINDOWS\system32\rlkdkbds.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Documents and Settings\MIKE\Application Data\Malwarebytes
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-07 16:35 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 16:35 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 16:26 . 2008-06-07 16:26 <DIR> d-------- C:\Deckard
2008-06-06 10:12 . 2008-06-06 10:32 <DIR> d-------- C:\VundoFix Backups
2008-06-06 09:50 . 2008-06-06 10:06 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-05 15:39 . 2008-06-05 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 15:17 . 2008-06-05 15:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-04 08:05 . 2008-06-08 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 08:05 . 2008-06-04 08:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 03:11 . 2008-06-05 10:24 474 ---hs---- C:\WINDOWS\system32\huknhbyi.ini
2008-06-04 02:35 . 2008-06-05 10:58 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-04 02:35 . 2008-06-05 10:58 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-04 02:34 . 2008-06-04 02:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-04 02:34 . 2008-06-07 07:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-02 21:21 . 2008-06-02 21:21 <DIR> d-------- C:\diablo2
2008-06-02 20:57 . 2008-06-05 23:43 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-02 17:20 . 2008-06-02 17:20 <DIR> d-------- C:\Documents and Settings\test\Application Data\DAEMON Tools
2008-06-02 06:18 . 2008-06-02 17:25 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-06-02 06:18 . 2008-06-02 17:25 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-06-02 06:18 . 2008-06-02 17:25 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-06-02 06:16 . 2008-06-02 06:16 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-02 06:16 . 2008-06-02 20:56 35,499 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-02 06:16 . 2008-06-02 06:16 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-02 05:53 . 2008-06-06 10:18 <DIR> d-------- C:\Program Files\Diablo II
2008-06-02 05:52 . 2008-06-02 21:23 249,856 --------- C:\WINDOWS\Setup1.exe
2008-06-02 05:51 . 2008-06-02 21:23 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-02 05:44 . 2008-06-02 19:14 <DIR> d-------- C:\Documents and Settings\test\Application Data\uTorrent
2008-06-02 00:28 . 2008-06-02 00:28 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Talkback
2008-06-01 20:43 . 2008-06-01 20:44 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Ventrilo
2008-06-01 19:55 . 2008-06-08 04:28 1,720,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 19:55 . 2008-06-08 04:26 24,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 19:55 . 2008-06-08 04:28 22,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 19:55 . 2008-06-08 04:26 3,092 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 19:14 . 2008-06-04 04:27 154 --a------ C:\WINDOWS\wininit.ini
2008-06-01 19:06 . 2008-06-01 19:06 <DIR> d-------- C:\Documents and Settings\test\Application Data\Talkback
2008-06-01 18:44 . 2008-06-01 18:44 <DIR> d---s---- C:\Documents and Settings\test\UserData
2008-06-01 18:03 . 2008-06-01 18:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-01 18:03 . 2008-06-01 19:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-01 16:20 . 2008-06-01 16:20 <DIR> d-------- C:\Documents and Settings\test\Application Data\Ventrilo
2008-06-01 16:16 . 2008-06-01 16:17 <DIR> d-------- C:\Documents and Settings\test\Contacts
2008-06-01 15:59 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\waky_woko.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\n3el06.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\kat_rol.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\dontletmebemisunserstood.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\devilsscorpion.exe.zip
2008-06-01 02:33 . 2008-06-06 17:41 <DIR> d-------- C:\hellgate
2008-05-31 08:02 . 2008-05-31 08:02 <DIR> d-------- C:\Program Files\Firefly Studios
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\wzm_5.exe.zip
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\wickr2k.exe.zip
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\taori_uts.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\mrhorwood.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\mr_audun.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\ladyspoonerism.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\gunde999.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\gajolmand.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\daniel_2_929.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\cyphonerrr.exe.zip
2008-05-30 23:48 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\tari_nl.exe.zip
2008-05-30 23:48 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\pic0382.zip
2008-05-30 23:48 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\manachicken.exe.zip
2008-05-28 06:44 . 2008-05-28 07:54 <DIR> d-------- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-05-28 05:49 . 2008-05-28 05:49 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-28 05:49 . 2008-05-28 05:51 <DIR> d-------- C:\WINDOWS\NV36322728.TMP
2008-05-25 07:15 . 2008-05-25 07:16 <DIR> d-------- C:\Program Files\DOOM Collector's Edition
2008-05-25 07:14 . 2008-05-25 07:16 882 --a------ C:\WINDOWS\DC.ini
2008-05-24 22:10 . 2008-05-24 22:36 <DIR> d-------- C:\Documents and Settings\MIKE\VASSAL
2008-05-18 14:12 . 2008-05-18 14:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-05-17 14:54 . 2008-05-17 14:54 331 --a------ C:\WINDOWS\doom3.ini
2008-05-17 14:32 . 2008-05-17 14:53 <DIR> d-------- C:\Program Files\Doom 3
2008-05-17 12:22 . 2008-05-17 12:22 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 03:07 . 2008-05-17 03:07 641 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-11 02:30 . 2008-05-12 16:35 <DIR> d-------- C:\Program Files\CamStudio(2)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 03:28 --------- d-----w C:\Program Files\Steam
2008-06-06 16:56 --------- d-----w C:\Documents and Settings\MIKE\Application Data\uTorrent
2008-06-06 16:41 --------- d-----w C:\Program Files\Flagship Studios
2008-06-05 16:58 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-05 09:58 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-01 19:14 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\LimeWire
2008-06-01 15:03 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Skype
2008-05-31 07:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 21:26 --------- d-----w C:\Program Files\Java
2008-05-17 16:26 --------- d-----w C:\Program Files\Warcraft III
2008-05-17 10:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-17 10:01 22,328 ----a-w C:\Documents and Settings\MIKE\Application Data\PnkBstrK.sys
2008-05-13 15:34 727,808 ----a-w C:\WINDOWS\Help\Tours\updatefile.exe
2008-05-12 15:36 --------- d-----w C:\Documents and Settings\MIKE\Application Data\dvdcss
2008-05-12 15:35 --------- d-----w C:\Documents and Settings\MIKE\Application Data\Hamachi
2008-05-11 21:31 --------- d-----w C:\Program Files\CAPCOM
2008-05-04 10:56 --------- d-----w C:\Program Files\Zylom Games
2008-05-04 10:56 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Zylom
2008-05-02 21:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-02 15:28 --------- d-----w C:\Program Files\THQ
2008-04-28 17:07 --------- d-----w C:\Program Files\CureROM
2008-04-28 16:56 --------- d-----w C:\Program Files\Atari
2008-04-28 15:48 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-28 15:48 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-26 13:09 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-04-26 13:09 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-04-18 16:56 --------- d-----w C:\Program Files\RenegadePublicTools
2008-04-12 17:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\renguard
2008-04-08 10:06 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Super-Cow
2008-04-01 15:43 25,600 ----a-w C:\WINDOWS\Help\Tours\nircmd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{173C8188-6872-4C87-8E19-CEBC6D63A91F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2535EF54-8302-4E7E-BF16-3EA7657C6DD1}]
C:\WINDOWS\system32\awttsTno.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC6C4DF-B2DD-44E9-8F06-3ED3E3F53E98}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{505845C0-8978-408C-BEE9-1B5D76C3C469}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8311821-50B5-4919-9F7A-673290E6A699}]
C:\WINDOWS\system32\ljJCuTnk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 19:06 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-18 14:12 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 10:42 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-26 09:33 303104 C:\WINDOWS\sttray.exe]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [2006-12-28 19:07 2242328]
"PWRISOVM.EXE"="C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50 233472]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376]
C:\Documents and Settings\GEOFF\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 19:08:24 147456]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-09 15:58:27 962660]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkHWqo]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MIKE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c6d3285]
C:\WINDOWS\system32\rfhhvyom.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5f5e0119]
C:\WINDOWS\system32\qduwqemj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-06-09 03:07 28672 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2006-02-24 20:29 196709 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2007-09-26 09:35 162584 C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2007-09-26 09:36 142104 C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
--a------ 2006-12-28 19:07 2242328 C:\Program Files\Intel\IDU\iptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a------ 2001-11-29 02:00 28672 C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-07-18 18:55 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 22:46 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2007-09-26 09:36 138008 C:\WINDOWS\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 00:50 233472 C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2007-09-26 09:33 303104 C:\WINDOWS\sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-18 14:12 1271032 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm Demo\\Soulstorm.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WESTWOOD\\Renegade\\Game.exe"=
"C:\\WESTWOOD\\C&C95\\C&C95.EXE"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Atari\\Act of War - High Treason\\ActOfWar_HighTreason.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2007-12-31 22:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys [2001-12-17 12:25]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 04:28:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-08 4:36:25 - machine was rebooted [MIKE]
ComboFix-quarantined-files.txt 2008-06-08 03:36:21
Pre-Run: 47,587,999,744 bytes free
Post-Run: 48,378,355,712 bytes free
313 --- E O F --- 2008-05-17 02:07:55
steamwiz
2008-06-08, 23:39
Hi
Important You MUST run Ccleaner on each of your User Profiles :-
User Profiles ->
MIKE (admin)
GEOFF
test (admin)
Please Download CCleaner from :-
http://www.filehippo.com/download_ccleaner/ (click the download tab)
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.
doubleclick the ccsetup.exe file and install the program...
After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Make sure the "windows" tab is selected
Under "internet explorer" tick...
Temporary internet files
Cookies* > see Note below
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history
under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"
Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)
under "System"
Tick ALL these ...
under "Advanced"
no need to tick any of these (but you can if you want, and realise what they do)
Applications tab...
These will mostly clean out old log files for these applications...
Clean:- (if you use them)
Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm
...
Personally I clean everything in the applications tab... but you tick what you want...
Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.
click "analyse" if you want to see a list of what is going to be removed, before it is removed.
Or
click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up
"This process will permanently delete files from your system. Are you sure you wish to proceed?"
click OK.
Then...
This program is running, it's shown in your running processes :-
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen.zip > Infected: Backdoor.Win32.Rbot.kh
This is what you get when you download cracks/keygens, I am including in the following script measures to delete the original zip file, but not the program which is running, if you are happy to leave an open backdoor for a hacker to access anything on your computer, including Bank/credit card details and passwords, then leave it, if not, then go to add/remove programs in the Control Panel and uninstall PowerISO
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\Documents and Settings\MIKE\Desktop\Desktop stuff\RegistryCleaner2008.exe
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen.zip
C:\Documents and Settings\test\Local Settings\Temp\UVln.exe
C:\WINDOWS\Help\Tours\updatefile.exe
C:\WINDOWS\system32\huknhbyi.ini
C:\WINDOWS\system32\lcuvynpq.dll
C:\WINDOWS\system32\mpxqnpth.dll
C:\WINDOWS\system32\ohmquxin.dll
C:\WINDOWS\system32\qduwqemj.dll
C:\WINDOWS\system32\rfhhvyom.dll
C:\WINDOWS\system32\shvmoqxq.dll
C:\WINDOWS\system32\sircasqe.dll
C:\WINDOWS\system32\ucvmocmo.dll
C:\WINDOWS\system32\xsnomyqp.dll
C:\WINDOWS\Temp\1.tmp
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{173C8188-6872-4C87-8E19-CEBC6D63A91F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2535EF54-8302-4E7E-BF16-3EA7657C6DD1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC6C4DF-B2DD-44E9-8F06-3ED3E3F53E98}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{505845C0-8978-408C-BEE9-1B5D76C3C469}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8311821-50B5-4919-9F7A-673290E6A699}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkHWqo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c6d3285]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5f5e0119]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
Save this as "CFScript.txt"
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Then run & post a new KASPERSKY ONLINE SCANNER REPORT
steam
Appreciate all the help so far at the moment im
Running the online scan now Here are the other two for now
Also i may not have accses to the internet until wednesday
ComboFix 08-06-07.3 - MIKE 2008-06-09 8:42:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1640 [GMT 1:00]
Running from: C:\Documents and Settings\MIKE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MIKE\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\MIKE\Desktop\Desktop stuff\RegistryCleaner2008.exe
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen.zip
C:\Documents and Settings\test\Local Settings\Temp\UVln.exe
C:\WINDOWS\Help\Tours\updatefile.exe
C:\WINDOWS\system32\huknhbyi.ini
C:\WINDOWS\system32\lcuvynpq.dll
C:\WINDOWS\system32\mpxqnpth.dll
C:\WINDOWS\system32\ohmquxin.dll
C:\WINDOWS\system32\qduwqemj.dll
C:\WINDOWS\system32\rfhhvyom.dll
C:\WINDOWS\system32\shvmoqxq.dll
C:\WINDOWS\system32\sircasqe.dll
C:\WINDOWS\system32\ucvmocmo.dll
C:\WINDOWS\system32\xsnomyqp.dll
C:\WINDOWS\Temp\1.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\MIKE\Desktop\Desktop stuff\RegistryCleaner2008.exe
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen.zip
C:\Documents and Settings\test\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\PWRISOSH.DLL.bad
C:\WINDOWS\Help\Tours\updatefile.exe
C:\WINDOWS\system32\huknhbyi.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
2008-06-09 08:08 . 2008-06-09 08:08 <DIR> d-------- C:\Program Files\CCleaner
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Documents and Settings\MIKE\Application Data\Malwarebytes
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-07 16:35 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 16:35 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 16:26 . 2008-06-07 16:26 <DIR> d-------- C:\Deckard
2008-06-06 17:41 . 2008-06-06 17:41 <DIR> d-------- C:\hellgatecrack
2008-06-06 09:50 . 2008-06-06 10:06 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-05 15:39 . 2008-06-05 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 15:17 . 2008-06-05 15:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-04 08:05 . 2008-06-09 08:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 08:05 . 2008-06-04 08:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 02:35 . 2008-06-05 10:58 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-04 02:35 . 2008-06-05 10:58 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-04 02:34 . 2008-06-04 02:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-04 02:34 . 2008-06-09 08:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-04 01:32 . 2008-06-04 01:32 <DIR> d-------- C:\Program Files\Diablo 2 Mastertool
2008-06-02 21:33 . 2008-06-04 01:33 <DIR> d-------- C:\DIABLO2LODCRACK
2008-06-02 21:21 . 2008-06-02 21:21 <DIR> d-------- C:\diablo2
2008-06-02 20:57 . 2008-06-08 07:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-02 17:20 . 2008-06-02 17:20 <DIR> d-------- C:\Documents and Settings\test\Application Data\DAEMON Tools
2008-06-02 06:18 . 2008-06-02 17:25 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-06-02 06:18 . 2008-06-02 17:25 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-06-02 06:18 . 2008-06-02 17:25 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-06-02 06:16 . 2008-06-02 06:16 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-02 06:16 . 2008-06-02 20:56 35,499 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-02 06:16 . 2008-06-02 06:16 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-02 05:53 . 2008-06-08 05:00 <DIR> d-------- C:\Program Files\Diablo II
2008-06-02 05:52 . 2008-06-02 21:24 <DIR> d-------- C:\Program Files\Hero Editor
2008-06-02 05:52 . 2008-06-02 21:23 249,856 --------- C:\WINDOWS\Setup1.exe
2008-06-02 05:51 . 2008-06-02 21:23 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-02 05:44 . 2008-06-02 19:14 <DIR> d-------- C:\Documents and Settings\test\Application Data\uTorrent
2008-06-02 00:28 . 2008-06-02 00:28 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Talkback
2008-06-01 20:43 . 2008-06-01 20:44 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Ventrilo
2008-06-01 19:55 . 2008-06-09 08:46 2,071,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 19:55 . 2008-06-09 08:46 49,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 19:55 . 2008-06-08 04:26 24,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 19:55 . 2008-06-08 04:26 3,092 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 19:14 . 2008-06-04 04:27 154 --a------ C:\WINDOWS\wininit.ini
2008-06-01 19:06 . 2008-06-01 19:06 <DIR> d-------- C:\Documents and Settings\test\Application Data\Talkback
2008-06-01 18:44 . 2008-06-01 18:44 <DIR> d---s---- C:\Documents and Settings\test\UserData
2008-06-01 18:03 . 2008-06-01 18:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-01 18:03 . 2008-06-01 19:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-01 16:20 . 2008-06-01 16:20 <DIR> d-------- C:\Documents and Settings\test\Application Data\Ventrilo
2008-06-01 16:16 . 2008-06-01 16:17 <DIR> d-------- C:\Documents and Settings\test\Contacts
2008-06-01 15:59 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\waky_woko.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\n3el06.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\kat_rol.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\dontletmebemisunserstood.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\devilsscorpion.exe.zip
2008-06-01 02:33 . 2008-06-06 17:41 <DIR> d-------- C:\hellgate
2008-05-31 08:02 . 2008-05-31 08:02 <DIR> d-------- C:\Program Files\Firefly Studios
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\wzm_5.exe.zip
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\wickr2k.exe.zip
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\taori_uts.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\mrhorwood.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\mr_audun.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\ladyspoonerism.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\gunde999.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\gajolmand.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\daniel_2_929.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\cyphonerrr.exe.zip
2008-05-30 23:48 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\tari_nl.exe.zip
2008-05-30 23:48 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\pic0382.zip
2008-05-30 23:48 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\manachicken.exe.zip
2008-05-28 06:44 . 2008-05-28 07:54 <DIR> d-------- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-05-28 05:49 . 2008-05-28 05:49 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-28 05:49 . 2008-05-28 05:51 <DIR> d-------- C:\WINDOWS\NV36322728.TMP
2008-05-25 07:15 . 2008-05-25 07:16 <DIR> d-------- C:\Program Files\DOOM Collector's Edition
2008-05-25 07:14 . 2008-05-25 07:16 882 --a------ C:\WINDOWS\DC.ini
2008-05-24 22:10 . 2008-05-24 22:36 <DIR> d-------- C:\Documents and Settings\MIKE\VASSAL
2008-05-18 14:12 . 2008-05-18 14:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-05-17 14:54 . 2008-05-17 14:54 331 --a------ C:\WINDOWS\doom3.ini
2008-05-17 14:32 . 2008-05-17 14:53 <DIR> d-------- C:\Program Files\Doom 3
2008-05-17 12:22 . 2008-05-17 12:22 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 03:07 . 2008-05-17 03:07 641 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-11 02:30 . 2008-05-12 16:35 <DIR> d-------- C:\Program Files\CamStudio(2)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 07:35 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Skype
2008-06-09 07:34 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\LimeWire
2008-06-08 13:47 --------- d-----w C:\Program Files\Steam
2008-06-06 16:56 --------- d-----w C:\Documents and Settings\MIKE\Application Data\uTorrent
2008-06-06 16:41 --------- d-----w C:\Program Files\Flagship Studios
2008-06-06 16:30 --------- d-----w C:\Documents and Settings\MIKE\Application Data\LimeWire
2008-06-05 16:58 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-05 09:58 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-31 07:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 21:26 --------- d-----w C:\Program Files\Java
2008-05-17 16:26 --------- d-----w C:\Program Files\Warcraft III
2008-05-17 10:01 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-17 10:01 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-17 10:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-17 10:01 22,328 ----a-w C:\Documents and Settings\MIKE\Application Data\PnkBstrK.sys
2008-05-17 10:01 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 15:36 --------- d-----w C:\Documents and Settings\MIKE\Application Data\dvdcss
2008-05-12 15:35 --------- d-----w C:\Documents and Settings\MIKE\Application Data\Hamachi
2008-05-11 21:31 --------- d-----w C:\Program Files\CAPCOM
2008-05-04 10:56 --------- d-----w C:\Program Files\Zylom Games
2008-05-04 10:56 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Zylom
2008-05-03 22:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-02 15:28 --------- d-----w C:\Program Files\THQ
2008-04-30 16:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-28 17:07 --------- d-----w C:\Program Files\CureROM
2008-04-28 16:56 --------- d-----w C:\Program Files\Atari
2008-04-28 15:48 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-28 15:48 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-26 13:09 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-04-26 13:09 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-04-18 16:56 --------- d-----w C:\Program Files\RenegadePublicTools
2008-04-12 17:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\renguard
2008-04-01 15:43 25,600 ----a-w C:\WINDOWS\Help\Tours\nircmd.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_ 4.36.01.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 06:54:13 111,785 ----a-w C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP\WiseCustomCalla6.dll
+ 2008-06-08 11:57:12 111,785 ----a-w C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP\WiseCustomCalla6.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A21D2D-1519-4FB9-B399-68C338A126DF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72d173fd-9ae1-4260-8582-9915c5acc366}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 19:06 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-18 14:12 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 10:42 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-26 09:33 303104 C:\WINDOWS\sttray.exe]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [2006-12-28 19:07 2242328]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"Microsoft host service"="mshost.exe" []
"PWRISOVM.EXE"="C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE" [ ]
"5c6d3285"="C:\WINDOWS\system32\igxtpnra.dll" [ ]
"BM5f5e0119"="C:\WINDOWS\system32\aupikjvm.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft host service"="mshost.exe" []
"Windows TaskManager"="tskmngr.exe" []
C:\Documents and Settings\GEOFF\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 19:08:24 147456]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-09 15:58:27 962660]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MIKE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-06-09 03:07 28672 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2006-02-24 20:29 196709 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2007-09-26 09:35 162584 C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2007-09-26 09:36 142104 C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
--a------ 2006-12-28 19:07 2242328 C:\Program Files\Intel\IDU\iptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a------ 2001-11-29 02:00 28672 C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-07-18 18:55 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 22:46 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2007-09-26 09:36 138008 C:\WINDOWS\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2007-09-26 09:33 303104 C:\WINDOWS\sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-18 14:12 1271032 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm Demo\\Soulstorm.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WESTWOOD\\Renegade\\Game.exe"=
"C:\\WESTWOOD\\C&C95\\C&C95.EXE"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Atari\\Act of War - High Treason\\ActOfWar_HighTreason.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2007-12-31 22:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys [2001-12-17 12:25]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 08:46:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-09 8:48:04
ComboFix-quarantined-files.txt 2008-06-09 07:47:51
ComboFix2.txt 2008-06-08 03:36:29
Pre-Run: 46,883,520,512 bytes free
Post-Run: 46,863,224,832 bytes free
302 --- E O F --- 2008-05-17 02:07:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:49 AM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {26A21D2D-1519-4FB9-B399-68C338A126DF} - (no file)
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72d173fd-9ae1-4260-8582-9915c5acc366} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft host service] mshost.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [5c6d3285] rundll32.exe "C:\WINDOWS\system32\igxtpnra.dll",b
O4 - HKLM\..\Run: [BM5f5e0119] Rundll32.exe "C:\WINDOWS\system32\aupikjvm.dll",s
O4 - HKLM\..\RunServices: [Microsoft host service] mshost.exe
O4 - HKLM\..\RunServices: [Windows TaskManager] tskmngr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199108387330
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199108595361
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 9419 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 09, 2008 12:04:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/06/2008
Kaspersky Anti-Virus database records: 841597
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 114810
Number of viruses found: 4
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 02:56:17
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\temp\1.tmp Infected: Trojan-Spy.Win32.Zbot.cew skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\eventlog Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MIKE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Identities\{D731E0A7-0994-43AA-A799-E3B15FF39CC6}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Identities\{D731E0A7-0994-43AA-A799-E3B15FF39CC6}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\History\History.IE5\MSHist012008060920080610\index.dat Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Temp\~DF836C.tmp Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Temp\~DF8379.tmp Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Temp\~DF8841.tmp Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Temp\~DF8852.tmp Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Temp\~DFE291.tmp Object is locked skipped
C:\Documents and Settings\MIKE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MIKE\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\MIKE\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\SteamApps\half-life 2 content.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\half-life 2 game dialog.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source engine.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source materials.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source models.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source sounds.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\MIKE\Desktop\Desktop stuff\RegistryCleaner2008.exe.vir/file1 Infected: not-a-virus:FraudTool.Win32.RegCleanFix.c skipped
C:\QooBox\Quarantine\C\Documents and Settings\MIKE\Desktop\Desktop stuff\RegistryCleaner2008.exe.vir Inno: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Help\Tours\updatefile.exe.vir Infected: Backdoor.Win32.IRCBot.dhr skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030226.dll Infected: not-a-virus:AdTool.Win32.Zango.n skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP168\A0030227.dll Infected: not-a-virus:AdTool.Win32.Zango.n skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP235\A0095063.exe/file1 Infected: not-a-virus:FraudTool.Win32.RegCleanFix.c skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP235\A0095063.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP235\A0095064.exe Infected: Backdoor.Win32.IRCBot.dhr skipped
C:\System Volume Information\_restore{54E69961-D783-421D-88F7-D7F0169D50DE}\RP235\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_31c.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
steamwiz
2008-06-09, 23:25
Hi
I see you've uninstalled PowerISO 4.0 ... a wise decision :) but it hasn't uninstalled cleanly, we have a few things to clean up which it left behind...
If these 2 files are cracks as the names suggest, I advise you to have them scanned to see if they are clean, none of the scanners we used tagged them, but that doesn't guarantee they are clean ...
2008-06-06 17:41 . 2008-06-06 17:41 <DIR> d-------- C:\hellgatecrack
2008-06-01 02:33 . 2008-06-06 17:41 <DIR> d-------- C:\hellgate
2008-06-02 21:33 . 2008-06-04 01:33 <DIR> d-------- C:\DIABLO2LODCRACK
2008-06-02 21:21 . 2008-06-02 21:21 <DIR> d-------- C:\diablo2
have them scanned here :-
http://www.virustotal.com/flash/index_en.html
If the scans show them as infected & you need help to remove them ... let me know ?
Your first KASPERSKY ONLINE SCANNER REPORT showed :-
Number of viruses found: 22
Number of infected objects: 113
The last one :-
Number of viruses found: 4
Number of infected objects: 9
A big improvement :)
Now let's take care of the rest ...
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word Registry:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A21D2D-1519-4FB9-B399-68C338A126DF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72d173fd-9ae1-4260-8582-9915c5acc366}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft host service"=-
"PWRISOVM.EXE"=-
"5c6d3285"=-
"BM5f5e0119"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft host service"=-
"Windows TaskManager"=-
Save this as "CFScript.txt"
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
once you have run Combofix & got the log continue with this ...
Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK
http://img.photobucket.com/albums/v624/29wood/Clipboard01-1.gif
Then run & post a new KASPERSKY ONLINE SCANNER REPORT
together with a new HijackThis log.
steam
Kaspersky kept crashing and not responding when i tried to perform scan i shall get it to you as soon possible
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:45 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft host service] mshost.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [5c6d3285] rundll32.exe "C:\WINDOWS\system32\igxtpnra.dll",b
O4 - HKLM\..\Run: [BM5f5e0119] Rundll32.exe "C:\WINDOWS\system32\aupikjvm.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199108387330
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199108595361
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 8976 bytes
ComboFix 08-06-07.3 - MIKE 2008-06-11 15:19:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1493 [GMT 1:00]
Running from: C:\Documents and Settings\MIKE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MIKE\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.
2008-06-09 10:40 . 2008-06-09 10:40 <DIR> d-------- C:\Program Files\Copy of Starcraft
2008-06-09 08:08 . 2008-06-09 08:08 <DIR> d-------- C:\Program Files\CCleaner
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Documents and Settings\MIKE\Application Data\Malwarebytes
2008-06-07 16:35 . 2008-06-07 16:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-07 16:35 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 16:35 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 16:26 . 2008-06-07 16:26 <DIR> d-------- C:\Deckard
2008-06-06 17:41 . 2008-06-06 17:41 <DIR> d-------- C:\hellgatecrack
2008-06-06 09:50 . 2008-06-06 10:06 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-05 15:39 . 2008-06-05 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 15:17 . 2008-06-05 15:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-04 08:05 . 2008-06-11 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 08:05 . 2008-06-04 08:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 02:35 . 2008-06-05 10:58 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-04 02:35 . 2008-06-05 10:58 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-04 02:34 . 2008-06-04 02:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-04 02:34 . 2008-06-09 12:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-04 01:32 . 2008-06-04 01:32 <DIR> d-------- C:\Program Files\Diablo 2 Mastertool
2008-06-02 21:33 . 2008-06-04 01:33 <DIR> d-------- C:\DIABLO2LODCRACK
2008-06-02 21:21 . 2008-06-02 21:21 <DIR> d-------- C:\diablo2
2008-06-02 20:57 . 2008-06-09 11:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-02 17:20 . 2008-06-02 17:20 <DIR> d-------- C:\Documents and Settings\test\Application Data\DAEMON Tools
2008-06-02 06:18 . 2008-06-02 17:25 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-06-02 06:18 . 2008-06-02 17:25 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-06-02 06:18 . 2008-06-02 17:25 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-06-02 06:16 . 2008-06-02 06:16 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-02 06:16 . 2008-06-02 20:56 35,499 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-02 06:16 . 2008-06-02 06:16 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-02 05:53 . 2008-06-08 05:00 <DIR> d-------- C:\Program Files\Diablo II
2008-06-02 05:52 . 2008-06-02 21:24 <DIR> d-------- C:\Program Files\Hero Editor
2008-06-02 05:52 . 2008-06-02 21:23 249,856 --------- C:\WINDOWS\Setup1.exe
2008-06-02 05:51 . 2008-06-02 21:23 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-02 05:44 . 2008-06-02 19:14 <DIR> d-------- C:\Documents and Settings\test\Application Data\uTorrent
2008-06-02 00:28 . 2008-06-02 00:28 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Talkback
2008-06-01 20:43 . 2008-06-01 20:44 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Ventrilo
2008-06-01 19:55 . 2008-06-09 13:25 2,288,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 19:55 . 2008-06-09 13:47 58,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 19:55 . 2008-06-08 04:26 24,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 19:55 . 2008-06-08 04:26 3,092 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 19:14 . 2008-06-04 04:27 154 --a------ C:\WINDOWS\wininit.ini
2008-06-01 19:06 . 2008-06-01 19:06 <DIR> d-------- C:\Documents and Settings\test\Application Data\Talkback
2008-06-01 18:44 . 2008-06-01 18:44 <DIR> d---s---- C:\Documents and Settings\test\UserData
2008-06-01 18:03 . 2008-06-01 18:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-01 18:03 . 2008-06-01 19:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-01 16:20 . 2008-06-01 16:20 <DIR> d-------- C:\Documents and Settings\test\Application Data\Ventrilo
2008-06-01 16:16 . 2008-06-01 16:17 <DIR> d-------- C:\Documents and Settings\test\Contacts
2008-06-01 15:59 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\waky_woko.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\n3el06.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\kat_rol.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\dontletmebemisunserstood.exe.zip
2008-06-01 15:59 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\devilsscorpion.exe.zip
2008-06-01 02:33 . 2008-06-06 17:41 <DIR> d-------- C:\hellgate
2008-05-31 08:02 . 2008-05-31 08:02 <DIR> d-------- C:\Program Files\Firefly Studios
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\wzm_5.exe.zip
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\wickr2k.exe.zip
2008-05-30 23:49 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\taori_uts.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\mrhorwood.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\mr_audun.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\ladyspoonerism.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\gunde999.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\gajolmand.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\daniel_2_929.exe.zip
2008-05-30 23:49 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\cyphonerrr.exe.zip
2008-05-30 23:48 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\tari_nl.exe.zip
2008-05-30 23:48 . 2008-06-05 14:52 22 --a------ C:\WINDOWS\pic0382.zip
2008-05-30 23:48 . 2008-06-05 14:51 22 --a------ C:\WINDOWS\manachicken.exe.zip
2008-05-28 05:49 . 2008-05-28 05:49 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-28 05:49 . 2008-05-28 05:51 <DIR> d-------- C:\WINDOWS\NV36322728.TMP
2008-05-25 07:15 . 2008-05-25 07:16 <DIR> d-------- C:\Program Files\DOOM Collector's Edition
2008-05-25 07:14 . 2008-05-25 07:16 882 --a------ C:\WINDOWS\DC.ini
2008-05-24 22:10 . 2008-05-24 22:36 <DIR> d-------- C:\Documents and Settings\MIKE\VASSAL
2008-05-18 14:12 . 2008-05-18 14:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-05-17 14:54 . 2008-05-17 14:54 331 --a------ C:\WINDOWS\doom3.ini
2008-05-17 14:32 . 2008-05-17 14:53 <DIR> d-------- C:\Program Files\Doom 3
2008-05-17 12:22 . 2008-05-17 12:22 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 03:07 . 2008-05-17 03:07 641 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-11 02:30 . 2008-05-12 16:35 <DIR> d-------- C:\Program Files\CamStudio(2)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 14:11 --------- d-----w C:\Program Files\Steam
2008-06-09 07:35 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Skype
2008-06-09 07:34 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\LimeWire
2008-06-06 16:56 --------- d-----w C:\Documents and Settings\MIKE\Application Data\uTorrent
2008-06-06 16:41 --------- d-----w C:\Program Files\Flagship Studios
2008-06-06 16:30 --------- d-----w C:\Documents and Settings\MIKE\Application Data\LimeWire
2008-06-05 16:58 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-05 09:58 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-31 07:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 21:26 --------- d-----w C:\Program Files\Java
2008-05-17 16:26 --------- d-----w C:\Program Files\Warcraft III
2008-05-17 10:01 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-17 10:01 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-17 10:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-17 10:01 22,328 ----a-w C:\Documents and Settings\MIKE\Application Data\PnkBstrK.sys
2008-05-17 10:01 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 15:36 --------- d-----w C:\Documents and Settings\MIKE\Application Data\dvdcss
2008-05-12 15:35 --------- d-----w C:\Documents and Settings\MIKE\Application Data\Hamachi
2008-05-11 21:31 --------- d-----w C:\Program Files\CAPCOM
2008-05-04 10:56 --------- d-----w C:\Program Files\Zylom Games
2008-05-04 10:56 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Zylom
2008-05-03 22:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-02 15:28 --------- d-----w C:\Program Files\THQ
2008-04-30 16:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-28 17:07 --------- d-----w C:\Program Files\CureROM
2008-04-28 16:56 --------- d-----w C:\Program Files\Atari
2008-04-28 15:48 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-28 15:48 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-26 13:09 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-04-26 13:09 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-04-18 16:56 --------- d-----w C:\Program Files\RenegadePublicTools
2008-04-12 17:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\renguard
2008-04-01 15:43 25,600 ----a-w C:\WINDOWS\Help\Tours\nircmd.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_ 4.36.01.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 03:27:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 14:06:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-17 11:21:26 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2008-06-09 10:28:53 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2008-06-07 06:18:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-11 14:06:54 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-07 06:18:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-11 14:06:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-11 14:06:55 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-11 14:06:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_334.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 19:06 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-18 14:12 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 10:42 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-26 09:33 303104 C:\WINDOWS\sttray.exe]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [2006-12-28 19:07 2242328]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"Microsoft host service"="mshost.exe" []
"PWRISOVM.EXE"="C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE" [ ]
"5c6d3285"="C:\WINDOWS\system32\igxtpnra.dll" [ ]
"BM5f5e0119"="C:\WINDOWS\system32\aupikjvm.dll" [ ]
C:\Documents and Settings\GEOFF\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 19:08:24 147456]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-09 15:58:27 962660]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MIKE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-06-09 03:07 28672 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2006-02-24 20:29 196709 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2007-09-26 09:35 162584 C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2007-09-26 09:36 142104 C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
--a------ 2006-12-28 19:07 2242328 C:\Program Files\Intel\IDU\iptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a------ 2001-11-29 02:00 28672 C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-07-18 18:55 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 22:46 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2007-09-26 09:36 138008 C:\WINDOWS\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2007-09-26 09:33 303104 C:\WINDOWS\sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-18 14:12 1271032 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm Demo\\Soulstorm.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WESTWOOD\\Renegade\\Game.exe"=
"C:\\WESTWOOD\\C&C95\\C&C95.EXE"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Atari\\Act of War - High Treason\\ActOfWar_HighTreason.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\3506c90f1cac75eb6c21f0e28244c527\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2007-12-31 22:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys [2001-12-17 12:25]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 15:24:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-06-11 15:24:50
ComboFix-quarantined-files.txt 2008-06-11 14:24:47
ComboFix2.txt 2008-06-09 07:48:09
ComboFix3.txt 2008-06-08 03:36:29
Pre-Run: 54,655,676,416 bytes free
Post-Run: 54,684,295,168 bytes free
275 --- E O F --- 2008-05-17 02:07:55
ok i have tryed to run the kaspersky scan about 5 times now it runs then crashes at differnt % each time any idea's why?
steamwiz
2008-06-12, 21:53
Hi
First ...
Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Microsoft host service] mshost.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\MIKE\My Documents\Downloads\PowerISO 4.0 + Keygen\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [5c6d3285] rundll32.exe "C:\WINDOWS\system32\igxtpnra.dll",b
O4 - HKLM\..\Run: [BM5f5e0119] Rundll32.exe "C:\WINDOWS\system32\aupikjvm.dll",s
post a new hijackthis log ...
THEN ...
There has been a major update to the KASPERSKY ONLINE SCANNER version, this should have updated automatically, but it's possible you got corrupt update ....
Go to add/remove programs in the Control panel & uninstall Kaspersky Online Scanner reboot & try the scan again ...
The scan is deeper than before & may take a lot longer, please be prepared to wait for it to complete.
steam
Ok it worked finally it also looks alot better then the first one!
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 12, 2008 20:25:45
Records in database: 857146
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
L:\
Scan statistics:
Files scanned: 124928
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 06:40:42
File name / Threat name / Threats count
C:\Program Files\Pcsx2_0.9.4\WanPacket.dll Infected: Backdoor.Win32.ForBot.aj 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:51 AM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199108387330
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199108595361
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 8706 bytes
steamwiz
2008-06-13, 22:00
HI
Your hijackthis log is clean :)
Delete this file & you're good to go :-
C:\Program Files\Pcsx2_0.9.4\WanPacket.dll > Infected: Backdoor.Win32.ForBot.aj 1
I suspect this is from another cracked file which you have downloaded, "FREE" programs, downloaded through P2P always come at a price ...
steam
Done and Thanks Alot You were a extremly great help and made everything so simple :)
Bah never thought getting a few no-cd cracks for some of the games which cd's i lost would be such a issue
steamwiz
2008-06-14, 22:07
You're welcome.. :)
& be careful what you download ...
Before you leave the site ...
Please Have a look here at ways to keep your computer safe :-
So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279
Happy surfing :)
steam