View Full Version : Virtumonde and other infections
Ej Davis
2008-07-23, 23:31
Please Help, I really have no idea what to do. I tried doing other posters did, but it didnt work.:sad:
Here is my HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:00 PM, on 7/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\Explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://airliners.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [BMf58c7ea0] Rundll32.exe "C:\Windows\system32\yudesrns.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: eqvwamkl - {6056154C-5A2B-482A-910A-16252D26D460} - C:\Windows\eqvwamkl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7842 bytes
ndmmxiaomayi
2008-07-27, 08:15
Hello,
Welcome to Safer Networking. :)
I tried doing other posters did, but it didnt work
In future, please do not do this. Each and everyone's computer is different, and so are their infections. Running the different tools hinder our analysis as we can't tell what got removed, what was there, what wasn't there, etc.
I also see that Bittorrent is running.
While Bittorrent is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it while cleaning your computer to prevent getting more infections.
A list of clean and infected P2P programs can be found at Malware Removal (http://p2p.malwareremoval.com/) and Spyware Info (http://www.spywareinfo.com/articles/p2p/).
The risks of using a P2P program are stated in this Sourceforge website (http://aresgalaxy.sourceforge.net/p2prisks.htm) and Information Week article (http://www.informationweek.com/security/showArticle.jhtml?articleID=53200209&pgno=2&queryText=).
Please also read this sticky (http://forums.spybot.info/showthread.php?t=282).
____________________
Step 1
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Please download Combofix from one of these links:
Bleeping Computer (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Forospyware (http://www.forospyware.com/sUBs/ComboFix.exe)
Geeks to Go (http://subs.geekstogo.com/ComboFix.exe)
Save it to your desktop. Do not run Combofix yet.
Step 2
Disable avast! Antivirus temporarily
Please disable avast! Antivirus temporarily as it may interfere with the fixes.
Right click on avast! Antivirus icon near the clock ( http://i100.photobucket.com/albums/m7/dasaki/avast.jpg ) and select Stop On-Access Protection.
Right click on this icon again and select Program Settings.
On the left, click on Troubleshooting.
Uncheck (untick) this box - Disable avast! self-defense module.
Click OK to apply the settings.
Disable Spybot Teatimer temporarily
Right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check (tick) this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.
Step 3
Right click on ComboFix.exe and select Run As Administrator. When UAC prompts, please allow it.
Follow all the prompts.
When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.
Do not mouse click on Combofix while it is running. That may cause it to stall.
Step 4
Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.
In your next reply, please post:
Combofix log (C:\Combofix.txt)
Uninstall list
A new Hijackthis log
Ej Davis
2008-07-27, 16:27
Combofix log:
ComboFix 08-07-26.1 - Ej Davis 2008-07-27 10:01:45.7 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.358 [GMT -4:00]
Running from: C:\Users\Ej Davis\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\eqvwamkl.dll
C:\Windows\nfavxwdbqxv.dll
C:\Windows\system32\adjngnax.dll
C:\Windows\system32\aefszr.dll
C:\Windows\system32\ajeypdjy.dll
C:\Windows\system32\bbukdkib.dll
C:\Windows\system32\cewyxj.dll
C:\Windows\system32\eiobun.dll
C:\Windows\system32\epijwfqa.dll
C:\Windows\System32\fiblajcw.ini
C:\Windows\system32\frlhiwoo.dll
C:\Windows\system32\gbtcwd.dll
C:\Windows\system32\hdsxfnph.dll
C:\Windows\system32\iovhbtqs.dll
C:\Windows\system32\jffejvco.ini
C:\Windows\system32\kacyfxxu.dll
C:\Windows\system32\kptvqvkv.dll
C:\Windows\system32\kxxmqvhf.dll
C:\Windows\system32\ldrwut.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\occenyqm.dll
C:\Windows\system32\qwhpbyhf.dll
C:\Windows\system32\rnbtwjtg.dll
C:\Windows\system32\rtnftwia.dll
C:\Windows\system32\sAcdNXyb.ini
C:\Windows\System32\sAcdNXyb.ini2
C:\Windows\system32\svvnli.dll
C:\Windows\system32\syvocuik.dll
C:\Windows\system32\tapncfed.dll
C:\Windows\system32\tgvtbpmu.dll
C:\Windows\system32\tknkghug.dll
C:\Windows\System32\umpbtvgt.ini
C:\Windows\system32\ussgpfck.dll
C:\Windows\system32\vrrgkqtg.dll
C:\Windows\system32\wcjalbif.dll
C:\Windows\system32\wlbieokk.dll
C:\Windows\System32\xangnjda.ini
C:\Windows\system32\yudesrns.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.
2008-07-24 15:42 . 2008-07-24 15:45 <DIR> d-------- C:\Program Files\Instant Scenery
2008-07-24 15:20 . 2008-07-24 15:20 <DIR> d-------- C:\Program Files\AI Flight Creator
2008-07-24 09:03 . 2008-07-24 15:41 737,280 --a------ C:\Windows\iun6002.exe
2008-07-24 09:02 . 2008-07-24 15:46 <DIR> d-------- C:\Users\Ej Davis\AppData\Roaming\Flight1
2008-07-24 09:02 . 2008-07-24 09:07 <DIR> d-------- C:\Program Files\AFX
2008-07-23 17:10 . 2008-07-23 17:10 <DIR> d-------- C:\Program Files\FLIGHT1
2008-07-23 17:07 . 2008-07-23 17:19 834 ---hs---- C:\Windows\System32\inhiovqp.ini
2008-07-23 11:13 . 2008-03-29 14:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-07-23 06:57 . 2008-07-23 13:41 32,256 --a------ C:\Windows\SysC43A.exe
2008-07-23 06:57 . 2008-07-23 13:41 31,744 --a------ C:\Windows\SysC4A7.exe
2008-07-23 04:32 . 2008-07-22 15:00 30,720 --a------ C:\Windows\SysD90F.exe
2008-07-23 04:32 . 2008-07-22 15:00 30,208 --a------ C:\Windows\SysD806.exe
2008-07-22 22:20 . 2008-07-22 22:27 <DIR> d-------- C:\ComboFix(0)
2008-07-22 21:51 . 2008-07-22 21:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-22 20:19 . 2008-07-22 15:00 30,720 --a------ C:\Windows\SysB837.exe
2008-07-22 20:19 . 2008-07-22 15:00 30,208 --a------ C:\Windows\SysAF22.exe
2008-07-22 19:03 . 2008-07-22 19:03 323,648 --a------ C:\Windows\System32\byXNdcAs.dll
2008-07-22 18:57 . 2008-07-22 13:48 86,016 --a------ C:\Windows\grswptdl.exe
2008-07-22 18:53 . 2008-07-18 19:54 32,256 --a------ C:\Windows\SysE612.exe
2008-07-22 18:53 . 2008-07-18 19:54 31,744 --a------ C:\Windows\SysE6AE.exe
2008-07-22 18:53 . 2008-07-18 19:54 30,720 --a------ C:\Windows\SysE805.exe
2008-07-22 18:53 . 2008-07-18 19:54 30,208 --a------ C:\Windows\SysE70B.exe
2008-07-22 18:23 . 2008-07-22 20:00 <DIR> d-------- C:\Users\All Users\PC Drivers HeadQuarters
2008-07-22 18:23 . 2008-07-22 20:00 <DIR> d-------- C:\ProgramData\PC Drivers HeadQuarters
2008-07-22 18:23 . 2008-07-22 18:23 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-07-17 20:41 . 2008-06-25 20:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-17 20:41 . 2008-06-25 20:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-17 20:39 . 2008-06-25 20:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-16 22:42 . 2008-07-16 22:42 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2008-07-16 22:35 . 2008-07-16 22:35 <DIR> d-------- C:\DVDVideoSoft
2008-07-16 22:34 . 2008-07-16 22:34 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-07-16 22:34 . 2008-07-16 22:34 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-16 22:10 . 2008-07-16 22:10 <DIR> d-------- C:\Program Files\Image Converter .EXE
2008-07-16 22:10 . 2008-07-16 22:10 <DIR> d-------- C:\Program Files\Common Files\SoftTech InterCorp
2008-07-16 22:10 . 2004-10-27 10:52 834,128 --a------ C:\Windows\System32\Actbar2.ocx
2008-07-16 22:10 . 2007-05-04 23:17 561,152 --a------ C:\Windows\System32\AltST.dll
2008-07-16 22:10 . 2000-07-31 14:47 491,520 --a------ C:\Windows\System32\imagx4.dll
2008-07-16 22:10 . 2000-06-29 16:38 421,888 --a------ C:\Windows\System32\imagr4.dll
2008-07-16 22:10 . 2002-09-21 16:08 372,736 --a------ C:\Windows\System32\ShellExtension.dll
2008-07-16 22:10 . 2000-07-31 18:16 250,736 --a------ C:\Windows\System32\ImagXpr4.dll
2008-07-16 22:10 . 2006-09-28 17:55 57,344 --a------ C:\Windows\System32\sticversion.exe
2008-07-16 22:10 . 2000-06-27 08:31 35,328 --a------ C:\Windows\System32\picn20.dll
2008-07-09 16:45 . 2008-07-09 16:45 <DIR> d-------- C:\Users\Ej Davis\AppData\Roaming\WinCare2008
2008-07-09 16:45 . 2008-07-09 16:53 <DIR> d-------- C:\Program Files\Spotmau WinCare 2008
2008-07-07 08:57 . 2008-07-07 08:57 <DIR> d-------- C:\Program Files\Data Doctor Recovery Removable Media (Demo)
2008-07-04 10:46 . 2008-07-04 10:46 <DIR> d-------- C:\Program Files\FS2004 Night Time
2008-07-02 18:43 . 2008-07-02 18:43 <DIR> d-------- C:\Windows\CONCORDE SSTSIM
2008-07-02 18:43 . 2005-04-27 05:36 2,048 --a------ C:\Windows\sstv10.lic
2008-07-02 18:35 . 2008-07-02 18:35 <DIR> d-------- C:\Windows\SSTSim
2008-07-02 16:49 . 2008-07-25 16:47 <DIR> d-------- C:\Program Files\FS Panel Studio
2008-06-30 17:24 . 2008-06-30 18:34 81,984 --a------ C:\Windows\System32\bdod.bin
2008-06-30 16:00 . 2008-06-30 16:00 121 --a------ C:\Windows\bdagent.INI
2008-06-30 15:41 . 2008-06-30 18:36 <DIR> d-------- C:\Program Files\BitDefender
2008-06-30 15:39 . 2008-06-30 17:10 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-06-27 14:33 . 2008-06-27 14:33 <DIR> d-------- C:\Users\Ej Davis\AppData\Roaming\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 14:10 --------- d---a-w C:\ProgramData\TEMP
2008-07-27 14:08 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\DNA
2008-07-26 20:18 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-07-25 21:04 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\BitTorrent
2008-07-23 21:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 12:30 --------- d-----w C:\ProgramData\Ulead Systems
2008-07-23 12:30 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-21 09:07 1,328 ----a-w C:\FSUIPC_reg.bin
2008-07-20 23:35 --------- d-----w C:\Program Files\Microsoft Games
2008-07-18 19:13 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\LimeWire
2008-07-17 14:10 --------- d-----w C:\Program Files\LimeWire
2008-07-10 13:07 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 20:35 --------- d-----w C:\Program Files\Ulead Systems
2008-06-25 22:36 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-06-25 21:21 --------- d-----w C:\ProgramData\HP
2008-06-25 20:37 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\ESTsoft
2008-06-25 20:33 --------- d-----w C:\ProgramData\ESTsoft
2008-06-25 20:32 --------- d-----w C:\Program Files\ESTsoft
2008-06-05 19:54 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\NewzToolz
2008-06-05 02:45 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\Ulead Systems
2008-06-03 19:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-03 02:03 --------- d-----w C:\Program Files\Watchtower
2008-06-03 00:41 --------- d-----w C:\ProgramData\InterVideo
2008-06-03 00:41 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-31 12:06 --------- d-----w C:\Program Files\VideoShow Expressions
2008-05-31 11:51 --------- d-----w C:\ProgramData\McAfee
2008-05-31 11:51 --------- d-----w C:\Program Files\McAfee
2008-05-31 00:11 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\McAfee
2008-05-31 00:10 --------- d-----w C:\ProgramData\SiteAdvisor
2008-05-04 18:03 286,720 ----a-w C:\Windows\iun506.exe
2007-11-22 03:14 198 ----a-w C:\Users\Ej Davis\AppData\Roaming\wklnhst.dat
2007-10-07 01:39 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 02:19 61 --sh--w C:\Windows\cnerolf.bin
2008-03-10 00:44 119 --sh--w C:\Windows\cnerolf.dat
2005-08-25 03:10 174,592 --sha-w C:\Windows\System32\ncfpsys.exe
2008-04-22 22:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2008-04-22 22:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042220080423\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-23_ 4.52.13.97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-23 08:47:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-27 14:10:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-27 14:10:44 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-23 08:47:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-27 14:10:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-27 14:10:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-03-29 18:45:49 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
+ 2008-03-29 18:23:22 95,608 ----a-w C:\Windows\System32\AvastSS.scr
+ 2008-07-24 19:44:32 34,308 ----a-w C:\Windows\System32\BASSMOD.dll
- 2008-07-23 01:41:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-27 14:10:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-23 01:41:55 147,456 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-27 14:10:26 147,456 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-23 01:41:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-27 14:10:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-23 12:30:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-07-27 14:01:32 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-03-29 18:35:49 20,560 ----a-w C:\Windows\System32\drivers\aswFsBlk.sys
+ 2008-03-29 18:29:08 23,152 ----a-w C:\Windows\System32\drivers\aswRdr.sys
+ 2008-03-29 18:31:34 75,856 ----a-w C:\Windows\System32\drivers\aswSP.sys
+ 2008-03-29 18:27:33 42,912 ----a-w C:\Windows\System32\drivers\aswTdi.sys
- 2008-07-23 08:48:41 20,570 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443751153-3735565120-1847588147-1000_UserData.bin
+ 2008-07-27 13:41:20 21,402 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443751153-3735565120-1847588147-1000_UserData.bin
- 2008-07-23 08:48:41 68,494 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-27 13:41:20 69,648 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-23 08:48:37 65,050 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-23 22:19:15 67,620 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-07-22 19:18:18 272,160 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-07-26 20:42:26 280,506 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-07-23 08:41:45 124,015,103 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-23 19:48:02 212,093,859 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6EE385F-04CE-403D-9747-5A62F49270F2}]
2008-07-22 19:03 323648 --a------ C:\Windows\system32\byXNdcAs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@="{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}"
[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2007-12-02 17:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@="{8A814C29-D3CD-4F9E-9770-DF8704503ACA}"
[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2007-12-02 17:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 17:22 417792]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-06 20:56 289088]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-05-05 13:01 99608]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"Desktop Secretary"="C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" [2008-01-24 18:54 1265664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-25 21:45 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"f6bf4d3c"="C:\Windows\system32\ocvjeffj.dll" [BU]
"BMf58c7ea0"="C:\Windows\system32\hdsxfnph.dll" [BU]
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 23:24:54 98632]
C:\Users\Ej Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.ZDSV"= scrvid.dll
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Users^Ej Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Users\Ej Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Ej Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Screenshot Utility.lnk]
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2006-12-15 18:59 530552 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-06 20:56 289088 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GeelixHUDDesktop]
--a------ 2008-03-18 17:18 2146304 C:\Program Files\Geelix.4.0.6.0\GeelixHUDDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-22 18:39 1862144 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-02 17:06 166424 C:\Windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2006-12-07 19:49 55416 C:\Program Files\Toshiba\TBS\HSON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2006-11-01 11:06 413696 C:\Program Files\Toshiba\Utilities\HWSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-02 17:07 141848 C:\Windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-08-31 12:01 1037736 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
--a------ 2006-11-06 20:14 34352 C:\Program Files\Toshiba\Utilities\KeNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2005-12-16 05:41 188416 C:\Program Files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-01-02 17:07 133656 C:\Windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 17:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prntscrn]
--a------ 2006-01-03 22:55 1257472 C:\Program Files\PrntScrn.NET\PrntScrn.NET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Screen Recorder]
--a------ 2007-05-24 13:19 860160 C:\Program Files\ZD Soft\Screen Recorder\srecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2006-12-11 20:45 448632 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2006-01-18 19:06 421888 C:\Program Files\Toshiba\Utilities\SVPWUTIL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-25 21:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
--a------ 2006-12-20 02:16 411768 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-10-06 21:31 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-09 13:57 3784704 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A128CD60-A295-4083-AE9E-A518E58012BD}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{01069126-3EC4-4B6A-83FA-65AF7223E68A}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{AFC464D8-51FB-4D4C-BD78-3EB9F37E7554}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A5E1D63E-4ED9-4CA0-A6E5-D1DD9E835E41}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{383D3605-14AF-4742-9811-253368481467}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F4839679-2742-451D-84DA-D6431B70B215}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{62569EA4-D9B0-43A0-964F-8DAF85E4CFE8}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{37162428-355F-4493-BD59-150D9B5B431D}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{45B8494F-7BC8-4CA3-A885-CE294C55029E}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{DF76B48B-340B-4127-8AD8-52BB46911588}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"{B68AE2BF-CAC6-4F3A-81D4-9E908F14F384}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3F752D21-D9FE-4D32-87CE-DB7F67D1B5EA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{3B0269F1-1168-4A40-A5A8-196B320E1A34}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{B37624B8-CF3C-484A-AB6C-C216B09C523A}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"TCP Query User{A24B4CB1-EA00-45DE-935C-444329E2CCAF}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{07A4700A-36AF-4C52-A9AB-9EB7DAC3C359}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{7A6552FA-EFDC-4F47-890B-3321E8A5D714}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{CD8059C6-78D0-4B67-9D2F-649D12B81AF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{0125D812-FCF2-4D12-93BF-9AD87BB5A9F4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{D4DF4749-D771-46F3-9D2D-25A21F60C1C1}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{8742A762-2A34-4EEE-B919-3B55B868860F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{DF6912B5-D9A6-4C42-B281-FCAA41ACFEAB}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{7BB5575D-5A2E-416B-BFC1-460DBC2DE7A7}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{6BB1DDCB-B885-4EFC-AA6C-6DE6E8942794}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{C0B4C0F4-7D17-4CBB-8173-56BA1BA1832F}C:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{B08DC92D-B0CB-4147-9A5D-AD44D68B03F3}C:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"TCP Query User{18FDA89F-E585-4F52-8C2B-38336977DB76}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{BF73257E-EA44-4685-AA25-99B5CFF0968E}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{7A8F3A28-2D0D-4A2C-9166-F48285C29FA3}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{CF5F1730-6CDC-452D-9812-DF9E6DA77110}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{0845F57D-8502-4255-A0AD-6E317EAB047B}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{F79A2E70-6566-441A-B680-64CBDB665BBD}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"{D37B31E2-447F-4DC0-B78D-36A8613A7D62}"= Disabled:UDP:C:\Users\Ej Davis\AppData\Roaming\U3\00001853E472B205\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"{0AE34C26-7595-4FF6-876F-13732AB82713}"= Disabled:TCP:C:\Users\Ej Davis\AppData\Roaming\U3\00001853E472B205\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"TCP Query User{0D40E195-4BA2-440F-85E3-BDCD54B0547A}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8F49B554-1599-4687-AB54-475A319A6F0F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{82DC7C4B-2CF9-4882-ABB7-BF714158C0C3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{14357B79-8EDC-4A5A-B81F-106C673BB01D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{63E4D837-91FF-481E-B4D7-1527796750C0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{5B67FEF3-CA9E-4964-887D-BD17BE01F31F}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{5F3816AF-6CFA-4844-8A5C-C01838E339A1}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31]
R1 FolderProtectDriver;FolderProtectDriver;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectDriverVista.sys [2008-01-10 22:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32]
R2 FolderProtectService;FolderProtectService;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe [2007-12-22 00:23]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 ssoftnt4;ssoftnt4;C:\Windows\system32\Drivers\ssoftnt4.sys [2007-07-13 19:05]
R3 scrcap;scrcap;C:\Windows\system32\DRIVERS\scrcap.sys [2006-12-27 10:47]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2006-11-02 05:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464d0f1e-e35a-11dc-9b7e-001b383e0102}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Password.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a41218a-42f1-11dd-915b-001b383e0102}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Password.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63e916d4-16f1-11dd-b4d0-001b383e0102}]
\shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c54aee68-2201-11dd-a4a9-001b383e0102}]
\shell\AutoRun\command - E:\setup.exe /autorun
\shell\directx\command - E:\DirectX\dxsetup.exe
\shell\setup\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef1ba05d-a4ef-11dc-ad5a-001b383e0102}]
\shell\AutoRun\command - E:\Autorun.exe /run
\shell\Shell00\Command - E:\Autorun.exe /run
\shell\Shell01\Command - E:\Autorun.exe /action
\shell\Shell02\Command - E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d9ac79-d975-11dc-9f46-001b383e0102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-05-08 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - s !8C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe/AUTOCHECK /AUTOFIX Ej Davis []
.
- - - - ORPHANS REMOVED - - - -
BHO-{3A1D80A5-75D4-4548-BD79-5BBEEB2D1267} - C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Y1U1TO6\3077ahntdksr[1].dll
SSODL-eqvwamkl-{6056154C-5A2B-482A-910A-16252D26D460} - C:\Windows\eqvwamkl.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://airliners.net/
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Settings,ProxyOverride = local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 10:10:51
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Fraps\fraps.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\cryptainersrv.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\VSSVC.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-27 10:18:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-27 14:17:51
ComboFix2.txt 2008-07-23 19:29:00
ComboFix3.txt 2008-07-23 16:34:33
ComboFix4.txt 2008-07-23 16:14:00
ComboFix5.txt 2008-07-27 13:58:36
Pre-Run: 35,238,617,088 bytes free
Post-Run: 35,024,359,424 bytes free
419 --- E O F --- 2008-07-23 19:51:27
__________________________________________________________________________________
__________________________________________________________________________________
HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:14 AM, on 7/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Fraps\fraps.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://airliners.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E6EE385F-04CE-403D-9747-5A62F49270F2} - C:\Windows\system32\byXNdcAs.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [f6bf4d3c] rundll32.exe "C:\Windows\system32\ocvjeffj.dll",b
O4 - HKLM\..\Run: [BMf58c7ea0] Rundll32.exe "C:\Windows\system32\hdsxfnph.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7961 bytes
____________________________________________________________________________
____________________________________________________________________________
HJT UNINSTALL LOG:
A380 pour FS2004
Activation Assistant for the 2007 Microsoft Office suites
Active Camera 2004 2.1 for FS 2004 (updated to 9.1)
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
AFX
AFX
AI Flight Creator 1.7.4
Airbus Fleet
Airport for Windows Upgrade to v2.60
ALZip
ARNZ ATR72-200 & 500
AS355 VH-NEH. North Eastern Helicopters.
AS355, N588BP operated by Texair.
Atheros Driver Installation Program
Audio Recorder for FREE v9.4
avast! Antivirus
Bat
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blaine's Letterbox Effects
Blasterball 3
Bluetooth Stack for Windows by Toshiba
BusRunner
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
ClonyXXL
CONCORDE SSTSIM
Cryptainer LE
Dash 8Q-300 by fanda v1.004
Data Doctor Recovery Removable Media (Demo)
Desktop Activity Recorder 1.6
Desktop Dialer
Diner Dash - Flo on the Go
DUBAÏ 2004
DUBAÏ landclass
DUBAÏ mesh
DVD MovieFactory for TOSHIBA
EditVoicepack
Eurocopter AS355, G-JPAL
Eurocopter AS355, ZJ139, RAF Royal Flight.
Eurocopter AS355. C-FOPP. Ontario Provincial Police.
Express Burn
Expstudio Audio Editor FREE
FastStone Photo Resizer 1.4
FATE
FeelThere PIC ERJ-145LR 1.0
Flight Simulator 2004 BGLComp SDK
Fraps (remove only)
Free FLV Converter V 1.0
Free Video to Flash Converter version 4.1
FS Architect
FS Panel Studio for FSX Build 20207
FS Recorder 1.32 for FS2004
FS2004 Night Time
FSAddon - FSCargo
FSCamera
GameSpy Arcade
Google Desktop
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Ground Environment Professional
HijackThis 2.0.2
Image Converter .EXE 2.0.0.81
Image ReSizer 1.6
ImageSkill Magic Enhancer Lite (remove only)
Instant Scenery
Intel(R) Graphics Media Accelerator Driver
Internet Offers
InterVideo DeviceService
Islands of the West Indies
IsoBuster 2.2
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
LimeWire 4.16.7
Line Rider
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Halo
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Works
Mozilla Firefox (2.0.0.14)
Mozilla Firefox (2.0.0.16)
Mozilla Firefox (3.0b5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 Parser and SDK
Multi-Soundboard Player 1.5.0
MySQL Connector/ODBC 3.51
Napster
Napster Burn Engine
NewzToolz v2.0.2
oggcodecs 0.71.0946
OpenOffice.org 2.3
Opera 9.27
Password Protect USB 3.6.1
Penguins!
Picasa 2
Polar Bowler
Polar Golfer
PrntScrn.NET
Radar v2.0 for FS2004
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Remove UK2000 Gatwick FREE files
SoundTap
SpeedUp for MS FlightSimulator 9
SpongeBob Monopoly Free
Spotmau Wincare 2008
Spybot - Search & Destroy
Switch
TeamSpeak 2 RC2
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
TOSHIBA Music
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Total Video Converter 3.10
Ulead VideoStudio 11
Uniblue RegistryBooster 2
Uninstall 1.0.0.1
Uninstall VAFS
Uninstall VCAS
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VideoShow Expressions
VisioForge Video Edit SDK (Delphi) + MPEG
VRtainment CapturePad 0.1beta
WavePad Uninstall
WinAVIVideoConverter
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Movie Maker 2 Winter Fun Pack
Windows Movie Maker 2.6
WinDVD for TOSHIBA
Wisdom-soft AutoScreenRecorder 2.0 Free
Wisdom-soft AutoScreenRecorder 2.1 Pro
Wisdom-soft Toolbar
WM Converter 2.0
XviD MPEG-4 Video Codec
Yahoo! Install Manager
Yahoo! Music Jukebox
Yahoo! Toolbar
ZD Soft Screen Recorder
ZD Soft Screen Video Decoder
THANK YOU SO MUCH FOR THE HELP:)
By the way, when combofix was rebooting my computer, right before it shut down, a error message popped. i was reading it quick but i believe it said: Application Failed to Launch Properly. 0 * 000142:oops:
ndmmxiaomayi
2008-07-27, 18:24
Hello,
Please follow the instructions in my previous post to disable avast! Antivirus temporarily.
Open Notepad and copy and paste the following in the Code box into Notepad:
http://forums.spybot.info/showthread.php?t=31459
File::
C:\Windows\System32\inhiovqp.ini
Collect::
C:\Windows\SysC43A.exe
C:\Windows\SysC4A7.exe
C:\Windows\SysD90F.exe
C:\Windows\SysD806.exe
C:\Windows\SysB837.exe
C:\Windows\SysAF22.exe
C:\Windows\System32\byXNdcAs.dll
C:\Windows\grswptdl.exe
C:\Windows\SysE612.exe
C:\Windows\SysE6AE.exe
C:\Windows\SysE805.exe
C:\Windows\SysE70B.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6EE385F-04CE-403D-9747-5A62F49270F2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f6bf4d3c"=-
"BMf58c7ea0"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000001
Warning: The above script is just for Ej Davis. If you are not Ej Davis, please do not use this script as it may damage the workings of your system.
Click on File > Save As....
In the File Name field, copy and paste in CFScript.txt. Do not change the file name.
Click Save.
Referring to the picture below, drag CFScript into Combofix.
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
Combofix will start running. When done, a log will be produced. Please post this log in your next reply.
In addition, it will prompt you to submit some files for analyzing.
http://i266.photobucket.com/albums/ii277/sUBs_/CF-Submit_notice.gif
Click OK.
Copy and paste the file path into the text box next to the Browse button (boxed up in red).
http://xs123.xs.to/xs123/08053/cfsumbit320.png
Click on Send File.
Do not mouse click on Combofix while it is running. That may cause it to stall.
Do you know anything about this program - Bat ?
In your next reply, please post:
Combofix log (C:\Combofix.txt)
A new HijackThis log
If you know anything about the Bat program
Ej Davis
2008-07-27, 19:00
I Know NOTHING ABOUT BAT
PAGE NOT FOUND WHEN TRYING TO UPLOAD
CFS:
ComboFix 08-07-26.1 - Ej Davis 2008-07-27 12:45:11.8 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.399 [GMT -4:00]
Running from: C:\Users\Ej Davis\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ej Davis\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Windows\System32\inhiovqp.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\grswptdl.exe
C:\Windows\SysAF22.exe
C:\Windows\SysB837.exe
C:\Windows\SysC43A.exe
C:\Windows\SysC4A7.exe
C:\Windows\SysD806.exe
C:\Windows\SysD90F.exe
C:\Windows\SysE612.exe
C:\Windows\SysE6AE.exe
C:\Windows\SysE70B.exe
C:\Windows\SysE805.exe
C:\Windows\System32\byXNdcAs.dll
C:\Windows\System32\inhiovqp.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.
2008-07-24 15:42 . 2008-07-24 15:45 <DIR> d-------- C:\Program Files\Instant Scenery
2008-07-24 15:20 . 2008-07-24 15:20 <DIR> d-------- C:\Program Files\AI Flight Creator
2008-07-24 09:03 . 2008-07-24 15:41 737,280 --a------ C:\Windows\iun6002.exe
2008-07-24 09:02 . 2008-07-24 15:46 <DIR> d-------- C:\Users\Ej Davis\AppData\Roaming\Flight1
2008-07-24 09:02 . 2008-07-24 09:07 <DIR> d-------- C:\Program Files\AFX
2008-07-23 17:10 . 2008-07-23 17:10 <DIR> d-------- C:\Program Files\FLIGHT1
2008-07-23 11:13 . 2008-03-29 14:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-07-22 22:20 . 2008-07-22 22:27 <DIR> d-------- C:\ComboFix(0)
2008-07-22 21:51 . 2008-07-22 21:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-22 18:23 . 2008-07-22 20:00 <DIR> d-------- C:\Users\All Users\PC Drivers HeadQuarters
2008-07-22 18:23 . 2008-07-22 20:00 <DIR> d-------- C:\ProgramData\PC Drivers HeadQuarters
2008-07-22 18:23 . 2008-07-22 18:23 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-07-17 20:41 . 2008-06-25 20:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-17 20:41 . 2008-06-25 20:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-17 20:39 . 2008-06-25 20:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-16 22:42 . 2008-07-16 22:42 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2008-07-16 22:35 . 2008-07-16 22:35 <DIR> d-------- C:\DVDVideoSoft
2008-07-16 22:34 . 2008-07-16 22:34 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-07-16 22:34 . 2008-07-16 22:34 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-16 22:10 . 2008-07-16 22:10 <DIR> d-------- C:\Program Files\Image Converter .EXE
2008-07-16 22:10 . 2008-07-16 22:10 <DIR> d-------- C:\Program Files\Common Files\SoftTech InterCorp
2008-07-16 22:10 . 2004-10-27 10:52 834,128 --a------ C:\Windows\System32\Actbar2.ocx
2008-07-16 22:10 . 2007-05-04 23:17 561,152 --a------ C:\Windows\System32\AltST.dll
2008-07-16 22:10 . 2000-07-31 14:47 491,520 --a------ C:\Windows\System32\imagx4.dll
2008-07-16 22:10 . 2000-06-29 16:38 421,888 --a------ C:\Windows\System32\imagr4.dll
2008-07-16 22:10 . 2002-09-21 16:08 372,736 --a------ C:\Windows\System32\ShellExtension.dll
2008-07-16 22:10 . 2000-07-31 18:16 250,736 --a------ C:\Windows\System32\ImagXpr4.dll
2008-07-16 22:10 . 2006-09-28 17:55 57,344 --a------ C:\Windows\System32\sticversion.exe
2008-07-16 22:10 . 2000-06-27 08:31 35,328 --a------ C:\Windows\System32\picn20.dll
2008-07-09 16:45 . 2008-07-09 16:45 <DIR> d-------- C:\Users\Ej Davis\AppData\Roaming\WinCare2008
2008-07-09 16:45 . 2008-07-09 16:53 <DIR> d-------- C:\Program Files\Spotmau WinCare 2008
2008-07-07 08:57 . 2008-07-07 08:57 <DIR> d-------- C:\Program Files\Data Doctor Recovery Removable Media (Demo)
2008-07-04 10:46 . 2008-07-04 10:46 <DIR> d-------- C:\Program Files\FS2004 Night Time
2008-07-02 18:43 . 2008-07-02 18:43 <DIR> d-------- C:\Windows\CONCORDE SSTSIM
2008-07-02 18:43 . 2005-04-27 05:36 2,048 --a------ C:\Windows\sstv10.lic
2008-07-02 18:35 . 2008-07-02 18:35 <DIR> d-------- C:\Windows\SSTSim
2008-07-02 16:49 . 2008-07-25 16:47 <DIR> d-------- C:\Program Files\FS Panel Studio
2008-06-30 17:24 . 2008-06-30 18:34 81,984 --a------ C:\Windows\System32\bdod.bin
2008-06-30 16:00 . 2008-06-30 16:00 121 --a------ C:\Windows\bdagent.INI
2008-06-30 15:41 . 2008-06-30 18:36 <DIR> d-------- C:\Program Files\BitDefender
2008-06-30 15:39 . 2008-06-30 17:10 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-06-27 14:33 . 2008-06-27 14:33 <DIR> d-------- C:\Users\Ej Davis\AppData\Roaming\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 16:45 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\BitTorrent
2008-07-27 16:41 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\DNA
2008-07-27 14:10 --------- d---a-w C:\ProgramData\TEMP
2008-07-26 20:18 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-07-23 21:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 12:30 --------- d-----w C:\ProgramData\Ulead Systems
2008-07-23 12:30 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-21 09:07 1,328 ----a-w C:\FSUIPC_reg.bin
2008-07-20 23:35 --------- d-----w C:\Program Files\Microsoft Games
2008-07-18 19:13 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\LimeWire
2008-07-17 14:10 --------- d-----w C:\Program Files\LimeWire
2008-07-10 13:07 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 20:35 --------- d-----w C:\Program Files\Ulead Systems
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-25 22:36 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-06-25 21:21 --------- d-----w C:\ProgramData\HP
2008-06-25 20:37 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\ESTsoft
2008-06-25 20:33 --------- d-----w C:\ProgramData\ESTsoft
2008-06-25 20:32 --------- d-----w C:\Program Files\ESTsoft
2008-06-05 19:54 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\NewzToolz
2008-06-05 02:45 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\Ulead Systems
2008-06-03 19:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-03 02:03 --------- d-----w C:\Program Files\Watchtower
2008-06-03 00:41 --------- d-----w C:\ProgramData\InterVideo
2008-06-03 00:41 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-31 12:06 --------- d-----w C:\Program Files\VideoShow Expressions
2008-05-31 11:51 --------- d-----w C:\ProgramData\McAfee
2008-05-31 11:51 --------- d-----w C:\Program Files\McAfee
2008-05-31 00:11 --------- d-----w C:\Users\Ej Davis\AppData\Roaming\McAfee
2008-05-31 00:10 --------- d-----w C:\ProgramData\SiteAdvisor
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-04 18:03 286,720 ----a-w C:\Windows\iun506.exe
2007-11-22 03:14 198 ----a-w C:\Users\Ej Davis\AppData\Roaming\wklnhst.dat
2007-10-07 01:39 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 02:19 61 --sh--w C:\Windows\cnerolf.bin
2008-03-10 00:44 119 --sh--w C:\Windows\cnerolf.dat
2005-08-25 03:10 174,592 --sha-w C:\Windows\System32\ncfpsys.exe
2008-04-22 22:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2008-04-22 22:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042220080423\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-07-27_10.16.42.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-27 14:10:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-27 14:10:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-27 14:10:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-27 14:12:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-07-22 16:46:25 1,112,640 ----a-w C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe
- 2008-07-27 14:10:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-27 14:10:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-27 14:10:26 147,456 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-27 14:10:17 147,456 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-27 14:10:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-27 14:10:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-27 13:41:20 21,402 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443751153-3735565120-1847588147-1000_UserData.bin
+ 2008-07-27 14:12:32 21,502 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443751153-3735565120-1847588147-1000_UserData.bin
- 2008-07-27 13:41:20 69,648 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-27 14:12:32 69,782 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-23 22:19:15 67,620 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-27 14:12:22 68,440 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-27 16:49:48 53,248 ----a-w C:\Windows\temp\catchme.dll
- 2008-07-23 19:48:02 212,093,859 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-27 14:38:53 223,736,651 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@="{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}"
[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2007-12-02 17:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@="{8A814C29-D3CD-4F9E-9770-DF8704503ACA}"
[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2007-12-02 17:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 17:22 417792]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-06 20:56 289088]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-05-05 13:01 99608]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"Desktop Secretary"="C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" [2008-01-24 18:54 1265664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-25 21:45 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 23:24:54 98632]
C:\Users\Ej Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.ZDSV"= scrvid.dll
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Users^Ej Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Users\Ej Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Ej Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Screenshot Utility.lnk]
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2006-12-15 18:59 530552 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-06 20:56 289088 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GeelixHUDDesktop]
--a------ 2008-03-18 17:18 2146304 C:\Program Files\Geelix.4.0.6.0\GeelixHUDDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-22 18:39 1862144 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-02 17:06 166424 C:\Windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2006-12-07 19:49 55416 C:\Program Files\Toshiba\TBS\HSON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2006-11-01 11:06 413696 C:\Program Files\Toshiba\Utilities\HWSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-02 17:07 141848 C:\Windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-08-31 12:01 1037736 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
--a------ 2006-11-06 20:14 34352 C:\Program Files\Toshiba\Utilities\KeNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2005-12-16 05:41 188416 C:\Program Files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-01-02 17:07 133656 C:\Windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 17:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prntscrn]
--a------ 2006-01-03 22:55 1257472 C:\Program Files\PrntScrn.NET\PrntScrn.NET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Screen Recorder]
--a------ 2007-05-24 13:19 860160 C:\Program Files\ZD Soft\Screen Recorder\srecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2006-12-11 20:45 448632 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2006-01-18 19:06 421888 C:\Program Files\Toshiba\Utilities\SVPWUTIL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-25 21:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
--a------ 2006-12-20 02:16 411768 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-10-06 21:31 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-09 13:57 3784704 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A128CD60-A295-4083-AE9E-A518E58012BD}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{01069126-3EC4-4B6A-83FA-65AF7223E68A}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{AFC464D8-51FB-4D4C-BD78-3EB9F37E7554}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A5E1D63E-4ED9-4CA0-A6E5-D1DD9E835E41}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{383D3605-14AF-4742-9811-253368481467}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F4839679-2742-451D-84DA-D6431B70B215}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{62569EA4-D9B0-43A0-964F-8DAF85E4CFE8}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{37162428-355F-4493-BD59-150D9B5B431D}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{45B8494F-7BC8-4CA3-A885-CE294C55029E}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{DF76B48B-340B-4127-8AD8-52BB46911588}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"{B68AE2BF-CAC6-4F3A-81D4-9E908F14F384}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3F752D21-D9FE-4D32-87CE-DB7F67D1B5EA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{3B0269F1-1168-4A40-A5A8-196B320E1A34}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{B37624B8-CF3C-484A-AB6C-C216B09C523A}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"TCP Query User{A24B4CB1-EA00-45DE-935C-444329E2CCAF}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{07A4700A-36AF-4C52-A9AB-9EB7DAC3C359}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{7A6552FA-EFDC-4F47-890B-3321E8A5D714}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{CD8059C6-78D0-4B67-9D2F-649D12B81AF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{0125D812-FCF2-4D12-93BF-9AD87BB5A9F4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{D4DF4749-D771-46F3-9D2D-25A21F60C1C1}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{8742A762-2A34-4EEE-B919-3B55B868860F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{DF6912B5-D9A6-4C42-B281-FCAA41ACFEAB}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{7BB5575D-5A2E-416B-BFC1-460DBC2DE7A7}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{6BB1DDCB-B885-4EFC-AA6C-6DE6E8942794}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{C0B4C0F4-7D17-4CBB-8173-56BA1BA1832F}C:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{B08DC92D-B0CB-4147-9A5D-AD44D68B03F3}C:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"TCP Query User{18FDA89F-E585-4F52-8C2B-38336977DB76}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{BF73257E-EA44-4685-AA25-99B5CFF0968E}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{7A8F3A28-2D0D-4A2C-9166-F48285C29FA3}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{CF5F1730-6CDC-452D-9812-DF9E6DA77110}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{0845F57D-8502-4255-A0AD-6E317EAB047B}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{F79A2E70-6566-441A-B680-64CBDB665BBD}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"{D37B31E2-447F-4DC0-B78D-36A8613A7D62}"= Disabled:UDP:C:\Users\Ej Davis\AppData\Roaming\U3\00001853E472B205\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"{0AE34C26-7595-4FF6-876F-13732AB82713}"= Disabled:TCP:C:\Users\Ej Davis\AppData\Roaming\U3\00001853E472B205\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"TCP Query User{0D40E195-4BA2-440F-85E3-BDCD54B0547A}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8F49B554-1599-4687-AB54-475A319A6F0F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{82DC7C4B-2CF9-4882-ABB7-BF714158C0C3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{14357B79-8EDC-4A5A-B81F-106C673BB01D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{63E4D837-91FF-481E-B4D7-1527796750C0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{5B67FEF3-CA9E-4964-887D-BD17BE01F31F}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{5F3816AF-6CFA-4844-8A5C-C01838E339A1}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31]
R1 FolderProtectDriver;FolderProtectDriver;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectDriverVista.sys [2008-01-10 22:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32]
R2 FolderProtectService;FolderProtectService;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe [2007-12-22 00:23]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 ssoftnt4;ssoftnt4;C:\Windows\system32\Drivers\ssoftnt4.sys [2007-07-13 19:05]
R3 scrcap;scrcap;C:\Windows\system32\DRIVERS\scrcap.sys [2006-12-27 10:47]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2006-11-02 05:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464d0f1e-e35a-11dc-9b7e-001b383e0102}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Password.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a41218a-42f1-11dd-915b-001b383e0102}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Password.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63e916d4-16f1-11dd-b4d0-001b383e0102}]
\shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c54aee68-2201-11dd-a4a9-001b383e0102}]
\shell\AutoRun\command - E:\setup.exe /autorun
\shell\directx\command - E:\DirectX\dxsetup.exe
\shell\setup\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef1ba05d-a4ef-11dc-ad5a-001b383e0102}]
\shell\AutoRun\command - E:\Autorun.exe /run
\shell\Shell00\Command - E:\Autorun.exe /run
\shell\Shell01\Command - E:\Autorun.exe /action
\shell\Shell02\Command - E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d9ac79-d975-11dc-9f46-001b383e0102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-05-08 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - s !8C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe/AUTOCHECK /AUTOFIX Ej Davis []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 12:49:48
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2008-07-27 12:51:10
ComboFix-quarantined-files.txt 2008-07-27 16:51:06
ComboFix2.txt 2008-07-27 14:18:07
ComboFix3.txt 2008-07-23 19:29:00
ComboFix4.txt 2008-07-23 16:34:33
ComboFix5.txt 2008-07-27 16:43:42
Pre-Run: 35,710,283,776 bytes free
Post-Run: 35,689,562,112 bytes free
328 --- E O F --- 2008-07-27 14:23:14
__________________________________________________________________________________
__________________________________________________________________________________
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:07 PM, on 7/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Fraps\fraps.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://airliners.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0D2C5F57-FA50-4B51-885E-EB4A31D734C3} - (no file)
O2 - BHO: (no name) - {1CFD902E-B2D7-4618-9528-5578F67BD23E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3BEB21AE-53B2-45E2-B5B6-D22F23F80155} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8135 bytes
ndmmxiaomayi
2008-07-28, 16:06
Hello,
Can you find this file on your desktop - date@time.zip ? Date and time are numbers.
If so, please upload it to here - http://www.bleepingcomputer.com/submit-malware.php?channel=4
Remember to put a link to your log ( http://forums.spybot.info/showthread.php?t=31459 )
Next...
Right click on Internet Explorer and select Run As Administrator.
Please go to Kaspersky website (http://www.kaspersky.nl/scanforvirus-en/kavwebscan.html) to perform an online scan.
Click on Accept.
It will prompt you to download an ActiveX. Allow it.
After that, you will be prompted to install it.
Once installed, it will start downloading the definitions. This will take some time. At the same time, you may also receive another prompt to install another ActiveX. Allow it again and repeat Step 2.
When the definitions have finished downloading, click Next.
Click on Scan Settings.
Under Scan using the following antivirus database:, choose extended - protect your computer from Spyware, adware, dialers and potentially dangerous software such as remote access utilities, prank programs and jokes. We do not recommend this option to beginners or inexperienced users.
Under Scan options:, check (tick) both boxes.
Click Ok.
Under Please select a target to scan:, click on My Computer. It will start scanning. Please be patient.
Click on Save Report As....
Give this report a name and change the Save as type: to Text file (*.txt) before clicking on Save.
Please post this log in your next reply.
In your next reply, please post:
Kaspersky Antivirus scan report
A new HijackThis log
Ej Davis
2008-07-29, 00:10
Kapersky Report:
Monday, July 28, 2008 6:05:07 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/07/2008
Kaspersky Anti-Virus database records: 1021993
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 250116
Number of viruses found 26
Number of infected objects 68
Number of suspicious objects 0
Duration of the scan process 03:00:11
Infected Object Name Virus Name Last Action
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysAF22.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysB837.exe Infected: Trojan.Win32.Agent.wam skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysC43A.exe Infected: not-a-virus:FraudTool.Win32.Agent.ag skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysC4A7.exe Infected: not-a-virus:FraudTool.Win32.Agent.ac skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysD806.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysD90F.exe Infected: Trojan.Win32.Agent.wam skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysE612.exe Infected: not-a-virus:FraudTool.Win32.Agent.ab skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysE6AE.exe Infected: not-a-virus:FraudTool.Win32.Agent.ac skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysE70B.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ad skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip/SysE805.exe Infected: Trojan.Win32.Agent.tep skipped
C:\$Recycle.Bin\S-1-5-21-443751153-3735565120-1847588147-1000\$RQ0V41T.zip ZIP: infected - 10 skipped
C:\Deckard\System Scanner\20080521151525\extra.txt Object is locked skipped
C:\Deckard\System Scanner\20080521151525\main.txt Object is locked skipped
C:\Deckard\System Scanner\20080521151525\moved.txt Object is locked skipped
C:\Deckard\System Scanner\main.txt Object is locked skipped
C:\Program Files\Adobe\Adobe Bridge\install.adb Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{45A58F2F-9895-48CE-8EDD-BFA09E35701B}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\setup.ilg Object is locked skipped
C:\Program Files\Mozilla Firefox\uninstall\uninstall.update Object is locked skipped
C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\uninstall.update Object is locked skipped
C:\Program Files\SpeedUp\fssu.exe Object is locked skipped
C:\Program Files\SpeedUp\fssu.ini Object is locked skipped
C:\Program Files\SpeedUp\readme.pdf Object is locked skipped
C:\Program Files\SpeedUp\UnInstall_15974.exe Object is locked skipped
C:\Program Files\SuperNZB\New Compressed (zipped) Folder.zip Object is locked skipped
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\u32Prod.dll Object is locked skipped
C:\ProgramData\Hewlett-Packard\HP Print Settings\HPt65olp.cfg Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f27534432ff3818adedd3122acf26591_425ed188-7a7d-404e-a1cf-c0342e990beb Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fa81eb00ce991dab3c79104e7a8c8e19_425ed188-7a7d-404e-a1cf-c0342e990beb Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Guest.dat Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\0.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ag skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir Infected: not-a-virus:FraudTool.Win32.Agent.ag skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir Infected: not-a-virus:FraudTool.Win32.Agent.ac skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir Infected: Trojan.Win32.Agent.wam skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir/data.rar/vav.cpl Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.y skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir/data.rar/vav.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ab skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir/data.rar Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ab skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir RarSFX: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\7.exe.vir Infected: Trojan-Downloader.Win32.Agent.xkd skipped
C:\QooBox\Quarantine\C\Program Files\VAV\vav.cpl.vir Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.y skipped
C:\QooBox\Quarantine\C\Program Files\VAV\vav.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ab skipped
C:\QooBox\Quarantine\C\Users\Ej Davis\AppData\Roaming\SpeedRunner\SpeedRunner.exe.vir Infected: Trojan-Downloader.Win32.Agent.ndt skipped
C:\QooBox\Quarantine\C\Windows\erms.exe.vir Infected: Trojan.Win32.Vapsup.irr skipped
C:\QooBox\Quarantine\C\Windows\evgratsm.dll.vir Infected: Trojan.Win32.Vapsup.iqn skipped
C:\QooBox\Quarantine\C\Windows\kgxmotapktx.dll.vir Infected: Trojan.Win32.Vapsup.iqm skipped
C:\QooBox\Quarantine\C\Windows\Sys116D.exe.vir Infected: not-a-virus:FraudTool.Win32.Agent.ag skipped
C:\QooBox\Quarantine\C\Windows\Sys2DA4.exe.vir Infected: Trojan-Downloader.Win32.Agent.wru skipped
C:\QooBox\Quarantine\C\Windows\Sys3F8E.exe.vir Infected: Trojan.Win32.Agent.wam skipped
C:\QooBox\Quarantine\C\Windows\Sys4162.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af skipped
C:\QooBox\Quarantine\C\Windows\Sys5466.exe.vir Infected: Trojan-Downloader.Win32.Agent.wru skipped
C:\QooBox\Quarantine\C\Windows\Sys5955.exe.vir Infected: Trojan-Downloader.Win32.Agent.wru skipped
C:\QooBox\Quarantine\C\Windows\Sys95D8.exe.vir Infected: not-a-virus:FraudTool.Win32.Agent.ab skipped
C:\QooBox\Quarantine\C\Windows\Sys9F0C.exe.vir Infected: not-a-virus:FraudTool.Win32.Agent.ac skipped
C:\QooBox\Quarantine\C\Windows\System32\ajeypdjy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acxm skipped
C:\QooBox\Quarantine\C\Windows\System32\bbukdkib.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.btj skipped
C:\QooBox\Quarantine\C\Windows\System32\bwvytnwr.dll.vir Infected: Trojan.Win32.Monder.aty skipped
C:\QooBox\Quarantine\C\Windows\System32\calcheog.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abmm skipped
C:\QooBox\Quarantine\C\Windows\System32\cbXPfFXq.dll.vir Infected: Trojan.Win32.Monderb.ads skipped
C:\QooBox\Quarantine\C\Windows\System32\dvwhkgft.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abso skipped
C:\QooBox\Quarantine\C\Windows\System32\frlhiwoo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abso skipped
C:\QooBox\Quarantine\C\Windows\System32\gbtcwd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.btj skipped
C:\QooBox\Quarantine\C\Windows\System32\hdsxfnph.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acxm skipped
C:\QooBox\Quarantine\C\Windows\System32\iovhbtqs.dll.vir Infected: Trojan.Win32.Monder.awh skipped
C:\QooBox\Quarantine\C\Windows\System32\jvuvguya.dll.vir Infected: Trojan.Win32.Monder.aty skipped
C:\QooBox\Quarantine\C\Windows\System32\kptvqvkv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acxm skipped
C:\QooBox\Quarantine\C\Windows\System32\kxxmqvhf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abts skipped
C:\QooBox\Quarantine\C\Windows\System32\mkprqudn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abso skipped
C:\QooBox\Quarantine\C\Windows\System32\opnkIbAs.dll.vir Infected: Trojan.Win32.Monderb.ads skipped
C:\QooBox\Quarantine\C\Windows\System32\qlecjhpl.dll.vir Infected: Trojan.Win32.Monder.aty skipped
C:\QooBox\Quarantine\C\Windows\System32\rnbtwjtg.dll.vir Infected: Trojan.Win32.Monder.awh skipped
C:\QooBox\Quarantine\C\Windows\System32\rtnftwia.dll.vir Infected: Trojan.Win32.Monder.awh skipped
C:\QooBox\Quarantine\C\Windows\System32\rwmtuioc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abso skipped
C:\QooBox\Quarantine\C\Windows\System32\svvnli.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.btj skipped
C:\QooBox\Quarantine\C\Windows\System32\syvocuik.dll.vir Infected: Trojan.Win32.Monder.awh skipped
C:\QooBox\Quarantine\C\Windows\System32\tapncfed.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.btj skipped
C:\QooBox\Quarantine\C\Windows\System32\tgvtbpmu.dll.vir Infected: Trojan.Win32.Monder.aty skipped
C:\QooBox\Quarantine\C\Windows\System32\tknkghug.dll.vir Infected: Trojan.Win32.Monder.awh skipped
C:\QooBox\Quarantine\C\Windows\System32\ussgpfck.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abso skipped
C:\QooBox\Quarantine\C\Windows\System32\vav.cpl.vir Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.y skipped
C:\QooBox\Quarantine\C\Windows\System32\viqidtku.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cbd skipped
C:\QooBox\Quarantine\C\Windows\System32\vrrgkqtg.dll.vir Infected: Trojan.Win32.Monder.awh skipped
C:\QooBox\Quarantine\C\Windows\System32\wlbieokk.dll.vir Infected: Trojan.Win32.Monder.awh skipped
C:\QooBox\Quarantine\C\Windows\System32\wucxlhcc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abmm skipped
C:\QooBox\Quarantine\C\Windows\System32\yudesrns.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abso skipped
C:\QooBox\Quarantine\C\Windows\System32\yvscdonv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abmm skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\UsrClass.dat{dcbfacef-46f3-11dd-b05b-001b383e0102}.TM.blf Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\UsrClass.dat{dcbfacef-46f3-11dd-b05b-001b383e0102}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\UsrClass.dat{dcbfacef-46f3-11dd-b05b-001b383e0102}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Mozilla\Firefox\Profiles\3078plh5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Mozilla\Firefox\Profiles\3078plh5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Mozilla\Firefox\Profiles\3078plh5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Ej Davis\AppData\Local\Mozilla\Firefox\Profiles\3078plh5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Microsoft\Windows\qsnothyw.exe Infected: Trojan-Downloader.Win32.Agent.qqn skipped
C:\Users\Ej Davis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3078plh5.default\cert8.db Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3078plh5.default\formhistory.dat Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3078plh5.default\history.dat Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3078plh5.default\key3.db Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3078plh5.default\parent.lock Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3078plh5.default\search.sqlite Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3078plh5.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\1211841676.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\1211855679.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\1212366681.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\1214853685.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\1214856210.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\1216159839.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\1216770005.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\1216771617.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\F_1214853569.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\F_1214856139.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\F_1216159392.zip Object is locked skipped
C:\Users\Ej Davis\AppData\Roaming\Uniblue\Registry Booster2\F_1216159735.zip Object is locked skipped
C:\Users\Ej Davis\Desktop\FS 2004\04ScenPk.zip Object is locked skipped
C:\Users\Ej Davis\Desktop\FS 2004\alitcrd.zip Object is locked skipped
C:\Users\Ej Davis\Desktop\FS 2004\gboaf03.zip Object is locked skipped
C:\Users\Ej Davis\Desktop\FS 2004\Halo.torrent Object is locked skipped
C:\Users\Ej Davis\Desktop\FS 2004\rw12_lib1_v12.zip Object is locked skipped
C:\Users\Ej Davis\Desktop\FS 2004\ssteuro.zip Object is locked skipped
C:\Users\Ej Davis\Desktop\FS 2004\WORLDCLASS_NUDE_PICS....Babes_from_heaven[www.btmon.com].torrent Object is locked skipped
C:\Users\Ej Davis\Desktop\setupeng.exe Object is locked skipped
C:\Users\Ej Davis\Documents\My Albums\fs9 2008-05-24 20-20-26-07.scn Object is locked skipped
C:\Users\Ej Davis\Documents\My Albums\fs9 2008-05-24 21-03-03-60.scn Object is locked skipped
C:\Users\Ej Davis\Documents\My Albums\fs9 2008-05-25 19-42-21-72.scn Object is locked skipped
C:\Users\Ej Davis\Documents\My Albums\Recorded TV Shows.abm Object is locked skipped
C:\Users\Ej Davis\Documents\My Albums\Untitled_1.abm Object is locked skipped
C:\Users\Ej Davis\Documents\My Albums\Untitled_2.abm Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\163_EBOOT_1.50.zip Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\01 Leila Remix.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\02 Sweetest thing.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\05 Freestyle.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\07 Migraine.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\09 Babygirl.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\09 Love u So.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\14 One and Only.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\16 Keep Them Close.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\20 Mind Incarceration.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Apocalypse instr.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Circus Clown.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Gas Price.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Gimme A Mic.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Gossip.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Hush.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Love Is.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Love U So.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Love You So.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Lyrikill.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Rainy Day.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Rainy Day2.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Simplified Love.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\So Nice.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Splashandrun.zip Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Test Me.wma Object is locked skipped
C:\Users\Ej Davis\Music\Jamaica Jams 2007\Matt's Songs\Test We.wma Object is locked skipped
C:\Users\Ej Davis\ntuser.dat Object is locked skipped
C:\Users\Ej Davis\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Ej Davis\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Ej Davis\ntuser.dat{04f061e9-bec0-11dc-8b39-001b383e0102}.TM.blf Object is locked skipped
C:\Users\Ej Davis\ntuser.dat{04f061e9-bec0-11dc-8b39-001b383e0102}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Ej Davis\ntuser.dat{04f061e9-bec0-11dc-8b39-001b383e0102}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Ej Davis\Pictures\AJ Project\ab380snd.zip Object is locked skipped
C:\Users\Ej Davis\Pictures\AJ Project\efajmw06.zip Object is locked skipped
C:\Users\Ej Davis\Pictures\AJ Project\MagicISO.4084091.TPB.torrent Object is locked skipped
C:\Users\Ej Davis\Pictures\AJ Project\McAfee_Total_Protection_2008_(_SiteAdvisor)-HeartBug.4029003.TPB.torrent Object is locked skipped
C:\Users\Ej Davis\Pictures\AJ Project\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT.3583651.TPB.torrent Object is locked skipped
C:\Users\Ej Davis\Pictures\AJ Project\n380nw.zip Object is locked skipped
C:\Users\Ej Davis\Pictures\Lit. Comp. Project\Opera_9.27_International_Setup.exe Object is locked skipped
C:\Users\Ej Davis\Pictures\New Compressed (zipped) Folder.zip Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI2E64.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{48635C04-D82B-44A4-BA02-D395CC876F09}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\components Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\default Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\sam Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\security Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\software Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\system Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\MSFWSVC.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Windows OneCare.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job Object is locked skipped
C:\Windows\temp\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
Scan process completed.
_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!
_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!
_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:45 PM, on 7/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://airliners.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0D2C5F57-FA50-4B51-885E-EB4A31D734C3} - (no file)
O2 - BHO: (no name) - {1CFD902E-B2D7-4618-9528-5578F67BD23E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3BEB21AE-53B2-45E2-B5B6-D22F23F80155} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Ej Davis\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8126 bytes
_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!
_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!
_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!_!
Could not find the date@time.zip file on desktop:sad:
THX FOR YOUR HELP:clown:
Ej Davis
2008-07-29, 00:18
by the way, i could not find: "run as administrator" in the right click options. for internet explorer, although i am administrator. I ran the scan anyways. I hope the kapersky still worked.
THX AGAIN:euro:
ndmmxiaomayi
2008-07-29, 18:31
Sorry, I've got the wrong file.
It should be named something like [4]-Submit_date@time.zip, where date and time are numbers.
Are you also running any programs when running the Kaspersky scan? A lot of files are locked.
Ej Davis
2008-07-29, 21:58
No I was only using explorer.exe. However, for a while i was running fs9, which requires a lot of things (around 12GB or so). Still i do not see the file you are specifying. Is there somewhere else I could find this file? Could remove it with HJT?
Also I will be gone for a few days:snorkle: (ill leave in 2 days, so i can post till' then) and i was hoping that you could make sure that the form is NOT archived.:laugh: Thank you!!!;)
Ej Davis
2008-07-29, 23:19
i was trying to download from a website (avsim.com)
got error messeage:
C:\Windows\temp\x10npdwj.zip could not be saved try changing the name of file. I found out it appears on pretty much anything that i try to download:sad: any ideas would be gladly appreciated!!
Ej Davis
2008-07-30, 00:50
i was trying to download from a website (avsim.com)
got error messeage:
C:\Windows\temp\x10npdwj.zip could not be saved try changing the name of file. I found out it appears on pretty much anything that i try to download:sad: any ideas would be gladly appreciated!!
Fixed that issue
ndmmxiaomayi
2008-07-30, 15:24
You can fix the download issues by saving it to your desktop or your documents folder.
It's caused by Windows UAC. Vista users practically have no privileges to save files anywhere they like except their desktop and a few other locations like Documents folder.
Can you check if the file ([4]-Submit_date@time.zip) is in your Recycle Bin?
If so, please restore this file and upload it to here - http://www.bleepingcomputer.com/submit-malware.php?channel=4
Ej Davis
2008-07-30, 18:32
:laugh: Restored from recycling bin and sent to the link mentioned for reviewing!:laugh:
PS: I will be gone starting tomorrow, plz keep discussion alive until return be back in a week or less)-
EJ DAVIS
ndmmxiaomayi
2008-07-31, 16:50
Thank you very much. :)
I shall see you when you're back.
Ej Davis
2008-08-05, 18:15
Hey I am back!
Here is a fresh HJT log, in case you would like to see it!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:36 PM, on 8/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://airliners.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {0D2C5F57-FA50-4B51-885E-EB4A31D734C3} - (no file)
O2 - BHO: (no name) - {1CFD902E-B2D7-4618-9528-5578F67BD23E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {3BEB21AE-53B2-45E2-B5B6-D22F23F80155} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9284 bytes
ndmmxiaomayi
2008-08-07, 02:20
Hello,
Update Adobe Reader
Please uninstall Adobe Reader 8.1.2 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 8.1.2 and click on Change/Remove to uninstall it.
Click here (http://www.adobe.com/products/acrobat/readstep2.html) to download the latest version of Adobe Acrobat Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.
If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
Close your Internet browser and open it again.
If you don't like Adobe Reader, you can try Foxit PDF Reader (http://downloads.foxitsoftware.com/foxitreader/FoxitReader23_setup.exe). It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Update Java Runtime Environment (JRE)
Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 7.
Click on Start > Control Panel and double click on Add/Remove Programs. Locate Java(TM) 6 Update 5 and click on Change/Remove to uninstall it.
Repeat for these old versions of JRE: Java(TM) SE Runtime Environment 6
Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down and locate Java Runtime Environment (JRE) 6 Update 7. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
Run this installation to update your Java.
Remove orphaned entries
Right click on HijackThis and select Run As Administrator. When UAC prompts, please allow it. Select Do a system scan only.
Put a check (tick) next to these lines:
O2 - BHO: (no name) - {0D2C5F57-FA50-4B51-885E-EB4A31D734C3} - (no file)
O2 - BHO: (no name) - {1CFD902E-B2D7-4618-9528-5578F67BD23E} - (no file)
Click Fix checked. Close HijackThis.
Please post a new HijackThis log in your next reply.
Any other issues?
Ej Davis
2008-08-08, 00:21
EXPLORER.EXE SEEMS TO BE KINDA SLOW.......
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:52 PM, on 8/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://airliners.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {3BEB21AE-53B2-45E2-B5B6-D22F23F80155} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0226691218108085) (0226691218108085mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\022669~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9840 bytes
ndmmxiaomayi
2008-08-08, 13:16
Hello,
What do you mean by explorer.exe is slow?
Does your desktop takes a long time to show?
Or do you mean when you double click on Computer, it takes some time to open?
Ej Davis
2008-08-09, 19:27
well, in start up it seemed to move extremely slow but i removed some unused desktop items, and now it runs a bit faster, so hopefully it wont cause any more issues, thanks for your help!!
ndmmxiaomayi
2008-08-10, 16:19
Okie. If you're still experiencing problems, you can try these sites for help. ;)
Tech Support Forum (http://www.techsupportforum.com/)
What the Tech Forums (http://forums.whatthetech.com/)
I will leave this open for a few more days.
Ej Davis
2008-08-10, 18:19
Thank You for the computer help I really appreciated that!!!:eek::laugh::p::rolleyes::cool:
ndmmxiaomayi
2008-08-16, 07:02
Hello,
Is everything fine so far?