Help! I'm having some crazy issues.

**Wildman0420** · 2009-08-07, 08:28

Hey Forum. I need some help from you guys, I seem to have hit a brick wall.

First off, let me give you some backround on the system I am running. It's a intel core duo 2.6 running windows xp pro service pack 3. For protection I run Spybot s&d, along with avast antivirus, and peerguardian 2. Up until recently I have been safely surfing for almost a year with this configuration. This all changed this morning.
When I logged in this morning, I was greeted by a wonderful fake antivirus program know as windows antivirus pro 2009. It told me that every app on my computer was a know virus and that I needed to give them money to make all the bad things go away. Knowing that something was seriously amis, I attempted to run a scan with spybot. when I tryed to run spybot however, nothing happend. It's still running in my minibar, but I can't run a scan or anything. The same thing with Avast! So I try reinstalling avast, and it gives me the option for a boot scan. I do this, and come back with 10 virus, which I delete all of them. The windows antivirus persists however and I end up having to go into safe mode, and remove all associated files and regedit all associated entries as well. After this was said and done I rebooted and noticed that while the fake AV software was gone, I still couldn't access the higher functions of both spybot or Avast. I then noticed something disturbing. When I try to regedit while logged in normally, it says I haven'y admin privlages. When I try to acess my user accounts in control panel, nothing happens. Same with most of my other control panel actions. Just nothing happens.
I've read a few other forum posts, and know that you guys need the hijack this results, but when I tryed to run it, it got to where the scan should start, and just dissappered!! Now when I click on it again NOTHING HAPPENS!! I'm going insane, please help me!!

... and when logged into safe mode, none of the control panel functions are working as well!

I've gotten Gmer to run. I'll post the results when finished.

Here's what I was able to get. It eventually quit the ap, and now I can't get it to run again.

GMER 1.0.15.15011 [ynnbqzmr.exe] - http://www.gmer.net
Rootkit scan 2009-08-07 05:20:56
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB57366B8]
SSDT 8A1FBEE0 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB5736574]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9F82A20]
SSDT 89FDC220 ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB5736A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB573614C]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9F832A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8E910]
SSDT 8A1B4F00 ZwLoadDriver
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB573664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB573608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB57360F0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9F832C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB573676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB573672E]
SSDT 8A036BC0 ZwResumeThread
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9F8E0B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB57368AE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CE8 80504584 4 Bytes JMP BCEEFF81
? SYMEFA.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMTDI.SYS The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\SYMEVENT.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMNDIS.SYS The system cannot find the path specified. !
? C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMFW.SYS The system cannot find the path specified. !
? C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMIDS.SYS The system cannot find the path specified. !
? C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090206.001\IDSxpx86.sys The system cannot find the file specified. !
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\DOCUME~1\Tim\LOCALS~1\Temp\spoolsv.exe[304] GDI32.DLL!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll
.text C:\DOCUME~1\Tim\LOCALS~1\Temp\spoolsv.exe[304] GDI32.DLL!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll
.text C:\DOCUME~1\Tim\LOCALS~1\Temp\spoolsv.exe[304] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\spoolsv.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\spoolsv.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5EC880

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Udfs \UdfsCdRom 8A262C50
Device \FileSystem\Udfs \UdfsDisk 8A262C50
Device \Driver\USBSTOR \Device\0000008f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS

Device \Driver\Cdrom \Device\CdRom0 8A0120C8
Device \FileSystem\Rdbss \Device\FsWrap 8A2D7578
Device \Driver\Cdrom \Device\CdRom1 8A0120C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89F42E68
Device \Driver\atapi \Device\Ide\IdePort0 89F42E68
Device \Driver\atapi \Device\Ide\IdePort1 89F42E68
Device \Driver\atapi \Device\Ide\IdePort2 89F42E68
Device \Driver\atapi \Device\Ide\IdePort3 89F42E68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 89F42E68
Device \Driver\Cdrom \Device\CdRom2 8A0120C8
Device \Driver\USBSTOR \Device\00000090 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Srv \Device\LanmanServer 89FE62A0

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2E1EE0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2E1EE0
Device \FileSystem\Npfs \Device\NamedPipe 8A154358
Device \FileSystem\Msfs \Device\Mailslot 8A00BFB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 8A04AC70
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8A04AC70
Device \Driver\d347prt \Device\Scsi\d347prt1 8A04AC70
Device \Driver\USBSTOR \Device\0000008d sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A07CE78
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A07CE78
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A07CE78
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A07CE78
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A07CE78
Device \FileSystem\Cdfs \Cdfs 889936A8

---- Modules - GMER 1.0.15 ----

Module _________ B9EE5000-B9EFD000 (98304 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\DOCUME~1\Tim\LOCALS~1\Temp\spoolsv.exe [304] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [372] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\Program Files\uTorrent\uTorrent.exe [916] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1376] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1500] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1600] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1664] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1764] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1956] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\PnkBstrA.exe [2052] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2352] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2392] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3040] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\PnkBstrB.exe [3364] 0x35670000
Library \\?\globalroot\Device\__max++>\ECE3EDCA.x86.dll (*** hidden *** ) @ C:\Program Files\DNA\btdna.exe [3788] 0x35670000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETaafvnklv.sys (*** hidden *** ) [SYSTEM] SKYNETvpmypdwy <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????a??? ?????????????a????(a? ?????????? ?????????????????????????????????????????? ???????a???????????a? ????????N??a???????????a?&????(??a???????e??avast! Mail Scanner??????a?????????????????????????????????s?????????a??????s???LegacyDriver??????N??a????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? (??a??????????????avast! Mail Scanner??????a?a?a?a?a?a????C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\*??S?????????????????????????????????????????9?9??C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\* /s????CurrentControlSet\Services\dmboot\??????????????? ???????e???a???a??HKEY_LOCAL_MACHINE\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SharedDefs\*???????????a???a??????????????CurrentControlSet\Services\NAVEX15\*?CurrentControlSet\Services\NAVENG\*???????????????????????????????a1\???????a???????????????a?????a???????????????????(?)?*?)?+?+?B?-?-?\?????????????(???*?+?,?*?
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x42 0xD1 0xC5 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0xA6 0xD1 0xC5 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0xA6 0xD1 0xC5 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0xA6 0xD1 0xC5 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0xA6 0xD1 0xC5 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43@hj34z0 0x16 0xA4 0x05 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy@imagepath \systemroot\system32\drivers\SKYNETaafvnklv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\main@aid 10020
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaafvnklv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\modules@SKYNETcmd.dll \systemroot\system32\SKYNETalnkpkpm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\modules@SKYNETlog.dat \systemroot\system32\SKYNETbnreabeq.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\modules@SKYNETwsp.dll \systemroot\system32\SKYNEThwymdipu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETvpmypdwy\modules@SKYNET.dat \systemroot\system32\SKYNETqlhmurwu.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy@imagepath \systemroot\system32\drivers\SKYNETaafvnklv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\main@aid 10020
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaafvnklv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\modules@SKYNETcmd.dll \systemroot\system32\SKYNETalnkpkpm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\modules@SKYNETlog.dat \systemroot\system32\SKYNETbnreabeq.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\modules@SKYNETwsp.dll \systemroot\system32\SKYNEThwymdipu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETvpmypdwy\modules@SKYNET.dat \systemroot\system32\SKYNETqlhmurwu.dat

**Blade81** · 2009-08-08, 08:10

Hi,

Download DDS and save it to your desktop (while giving the location, save the file as Wildman.scr) from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

**Wildman0420** · 2009-08-08, 10:28

Hey blade, thanks for coming to help me. I downloaded and named the file as you instructed. However, when I run it, it shows in the process list for a few seconds and then vanishes. Nothing else happens.

**Blade81** · 2009-08-08, 10:55

Hi,

Let's see how it handles this.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

**Wildman0420** · 2009-08-08, 11:13

Ok, we got somthing. However, I was only left with the one text file. Also I cannot run the program agan. Here's what I got.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tim at 2009-08-08 05:09:01
Microsoft Windows XP Professional Service Pack 3
System drive C: has 331 GB (54%) free of 610 GB
Total RAM: 2047 MB (80% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}]
C:\WINDOWS\system32\hs7f3uhduhfukde.dll - C:\WINDOWS\system32\hs7f3uhduhfukde.dll [2009-08-06 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]
{3E9D340B-D614-4854-AE06-4218201F6AAE} - LiveInfoPro - C:\Program Files\Internet Explorer\LiveInfoPro\liveinfopro_v1.9.6-1008.dll [2007-12-27 2306048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-10-21 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-10-21 172032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-10-21 143360]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2008-11-23 548864]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
"nwiz"=nwiz.exe /install []
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-19 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-06-25 1578736]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-07-22 323392]
"Windows System Recover!"=C:\DOCUME~1\Tim\LOCALS~1\Temp\debug.exe [2009-08-08 22532]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bitmeter2.lnk - C:\Program Files\Codebox\BitMeter\BitMeter2.exe
MFWAKeys.lnk - C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Tim\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-10-21 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
LKMSFOIVAMFOMSFVIOSVJASIUENFJNDJV - {BD56A320-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\hs7f3uhduhfukde.dll [2009-08-06 15000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player"
"C:\Program Files\Freelancer\EXE\Freelancer.exe"="C:\Program Files\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\Zultrax P2P\Zultrax.Exe"="C:\Program Files\Zultrax P2P\Zultrax.Exe:*:Enabled:Zultrax"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Disabled:Worms 4 Mayhem"
"C:\Documents and Settings\Tim\My Documents\New Folder\PC_Soldiers.of.Fortune.3 Payback -.modded.-.direct.play.-ToeD\SoF3\SoF-Payback\sof3.exe"="C:\Documents and Settings\Tim\My Documents\New Folder\PC_Soldiers.of.Fortune.3 Payback -.modded.-.direct.play.-ToeD\SoF3\SoF-Payback\sof3.exe:*:Enabled:sof3"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Codemasters\DiRT\DiRT.exe"="C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Disabled:DiRT Executable"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Codemasters\GRID\GRID.exe"="C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
"C:\Documents and Settings\Rob K\Desktop\utorrent.exe"="C:\Documents and Settings\Rob K\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic - Homecinema"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Saints Row 2\SR2_pc.exe"="C:\Program Files\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Activision\EF2\EF2.exe"="C:\Program Files\Activision\EF2\EF2.exe:*:Enabled:Elite Force II"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\Tim\My Documents\New Folder\Warhammer_Dawn_of_War_2-WiCKED\DOW2.exe"="C:\Documents and Settings\Tim\My Documents\New Folder\Warhammer_Dawn_of_War_2-WiCKED\DOW2.exe:*:Enabled:DOW2"
"C:\Documents and Settings\Tim\Desktop\Warhammer_Dawn_of_War_2-WiCKED\WiCKED-DOW2\DOW2.exe"="C:\Documents and Settings\Tim\Desktop\Warhammer_Dawn_of_War_2-WiCKED\WiCKED-DOW2\DOW2.exe:*:Enabled:DOW2"
"C:\Documents and Settings\Tim\Desktop\WiCKED-DOW2\DOW2.exe"="C:\Documents and Settings\Tim\Desktop\WiCKED-DOW2\DOW2.exe:*:Disabled:DOW2"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EA GAMES\Mercenaries 2 World in Flames\Mercenaries2.exe"="C:\Program Files\EA GAMES\Mercenaries 2 World in Flames\Mercenaries2.exe:*:Enabled:Mercenaries 2: World in Flames"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe"="C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe"="C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\CCP\EVE\bin\ExeFile.exe"="C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.exe - open - C:\WINDOWS\system32\desot.exe "%1" %*

======List of files/folders created in the last 2 months======

2009-08-08 05:09:06 ----D---- C:\Program Files\trend micro
2009-08-08 05:09:01 ----D---- C:\rsit
2009-08-08 04:21:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-07 01:58:53 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-07 01:48:30 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-08-07 01:48:29 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-08-07 01:44:22 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-08-07 01:42:56 ----D---- C:\Documents and Settings\Tim\Application Data\GetRightToGo
2009-08-06 17:37:44 ----D---- C:\WINDOWS\CSC
2009-08-06 17:31:48 ----A---- C:\windows-kb890830-v2.12.exe
2009-08-06 17:01:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-06 16:33:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-06 16:08:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-06 16:07:54 ----D---- C:\Documents and Settings\Tim\Application Data\PC Tools
2009-08-06 10:05:27 ----A---- C:\WINDOWS\system32\temp.exe
2009-08-06 10:01:34 ----A---- C:\WINDOWS\system32\desot.exe
2009-08-06 10:01:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-06 10:00:29 ----A---- C:\nnnivl.exe
2009-08-06 10:00:19 ----A---- C:\shbnoqx.exe
2009-08-06 10:00:06 ----A---- C:\WINDOWS\system32\hs7f3uhduhfukde.dll
2009-08-06 10:00:05 ----A---- C:\hbywcp.exe
2009-08-06 10:00:04 ----A---- C:\WINDOWS\system32\SKYNEThwymdipu.dll
2009-08-06 10:00:03 ----A---- C:\WINDOWS\system32\SKYNETalnkpkpm.dll
2009-08-06 09:59:56 ----A---- C:\WINDOWS\system32\samsvc.exe
2009-08-04 12:56:01 ----D---- C:\Program Files\City Interactive
2009-08-04 04:44:49 ----D---- C:\Program Files\Vendetta Online
2009-08-03 02:58:51 ----D---- C:\Program Files\Driving Simulator 2009
2009-07-28 05:18:51 ----D---- C:\Documents and Settings\Tim\Application Data\LucasArts
2009-07-28 05:15:14 ----D---- C:\Program Files\Secret Of Monkey Island SE
2009-07-27 03:05:08 ----A---- C:\WINDOWS\Runservice.exe
2009-07-27 03:05:08 ----A---- C:\WINDOWS\mmfs.dll
2009-07-27 02:55:36 ----D---- C:\Program Files\Battlefront
2009-07-22 02:39:06 ----D---- C:\Program Files\DNA
2009-07-22 02:39:06 ----D---- C:\Documents and Settings\Tim\Application Data\DNA
2009-07-17 03:24:31 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-07-16 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 00:13:49 ----D---- C:\Documents and Settings\Tim\Application Data\vlc
2009-07-13 21:39:13 ----D---- C:\Program Files\Virtual Earth 3D
2009-07-10 01:21:17 ----D---- C:\Program Files\Velvet Assassin
2009-07-08 22:31:52 ----D---- C:\Documents and Settings\Tim\Application Data\Ubisoft
2009-07-08 21:13:35 ----D---- C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-07-03 18:19:57 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-03 02:49:44 ----D---- C:\Program Files\Flagship Studios
2009-07-03 01:55:54 ----HD---- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-07-02 04:27:11 ----D---- C:\WINDOWS\Sins of a Solar Empire
2009-07-02 04:27:11 ----D---- C:\Program Files\Sins of a Solar Empire
2009-07-02 03:50:19 ----D---- C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-07-01 23:38:54 ----D---- C:\Program Files\1C Company
2009-07-01 23:19:32 ----D---- C:\Program Files\Nobilis
2009-07-01 23:03:25 ----D---- C:\Program Files\Strategy First
2009-07-01 22:39:55 ----D---- C:\Program Files\Sierra
2009-07-01 04:16:51 ----D---- C:\Program Files\ZenoClash
2009-07-01 03:32:47 ----A---- C:\WINDOWS\unvise32.exe
2009-07-01 03:30:31 ----D---- C:\Program Files\Postal2STP
2009-06-29 03:57:16 ----D---- C:\Program Files\Common Files\DirectX
2009-06-28 02:28:49 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-06-28 02:28:49 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-06-28 02:28:48 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-06-28 02:28:48 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-06-28 02:28:48 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-06-28 02:28:47 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-06-28 02:28:46 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-06-23 03:19:14 ----D---- C:\Program Files\Mad Scientist Productions
2009-06-21 05:02:03 ----D---- C:\Program Files\Hinterland
2009-06-10 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 03:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 2 months======

2009-08-08 05:09:08 ----D---- C:\Program Files\PeerGuardian2
2009-08-08 05:09:06 ----RD---- C:\Program Files
2009-08-08 05:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Bitmeter2
2009-08-08 04:40:59 ----D---- C:\Program Files\Mozilla Firefox
2009-08-08 04:36:28 ----D---- C:\WINDOWS\Prefetch
2009-08-08 04:36:20 ----D---- C:\Program Files\Paint Shop Pro 6
2009-08-08 04:32:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-08 04:30:14 ----D---- C:\WINDOWS\Temp
2009-08-08 04:30:12 ----D---- C:\WINDOWS
2009-08-07 14:18:28 ----D---- C:\Documents and Settings\Tim\Application Data\uTorrent
2009-08-07 08:23:59 ----D---- C:\Program Files\WinRAR
2009-08-07 08:23:57 ----SHD---- C:\System Volume Information
2009-08-07 08:22:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-07 08:18:48 ----D---- C:\Documents and Settings\Tim\Application Data\WinRAR
2009-08-07 05:27:07 ----D---- C:\Program Files\LimeWire
2009-08-07 04:43:04 ----D---- C:\Program Files\EA GAMES
2009-08-07 04:41:55 ----SHD---- C:\WINDOWS\Installer
2009-08-07 04:40:58 ----D---- C:\Program Files\Ubisoft
2009-08-07 04:40:57 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-07 04:29:17 ----D---- C:\WINDOWS\system32\drivers
2009-08-07 04:28:53 ----D---- C:\WINDOWS\system32
2009-08-07 04:28:53 ----D---- C:\Program Files\Common Files
2009-08-07 04:28:50 ----HD---- C:\WINDOWS\inf
2009-08-07 04:26:17 ----D---- C:\Games
2009-08-07 04:24:10 ----D---- C:\WINDOWS\Debug
2009-08-07 03:57:02 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-08-06 18:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-06 18:12:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-06 17:59:12 ----SD---- C:\WINDOWS\Tasks
2009-08-06 17:58:00 ----D---- C:\WINDOWS\Network Diagnostic
2009-08-06 16:53:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-06 16:52:33 ----D---- C:\WINDOWS\system
2009-08-06 14:28:33 ----SHD---- C:\RECYCLER
2009-08-06 14:24:15 ----D---- C:\Documents and Settings
2009-08-06 12:02:58 ----D---- C:\WINDOWS\system32\config
2009-08-06 10:01:21 ----D---- C:\Program Files\lg_fwupdate
2009-08-06 10:01:20 ----A---- C:\WINDOWS\lgfwup.ini
2009-08-06 10:00:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-06 10:00:20 ----D---- C:\Program Files\Internet Explorer
2009-08-04 13:04:38 ----D---- C:\WINDOWS\system32\DirectX
2009-08-04 13:04:22 ----RSD---- C:\WINDOWS\assembly
2009-08-04 08:54:32 ----D---- C:\Documents and Settings\Tim\Application Data\dvdcss
2009-08-02 02:07:32 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-01 10:34:30 ----D---- C:\Documents and Settings\Tim\Application Data\LimeWire
2009-07-30 08:52:12 ----D---- C:\Program Files\Telltale Games
2009-07-30 01:21:48 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-29 03:00:32 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:00:23 ----D---- C:\WINDOWS\ie7updates
2009-07-29 03:00:16 ----D---- C:\WINDOWS\WinSxS
2009-07-28 05:51:22 ----D---- C:\Program Files\LucasArts
2009-07-22 05:55:30 ----D---- C:\Movies -n- Stuff
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-13 23:27:09 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-13 23:27:07 ----D---- C:\Program Files\Common Files\Adobe
2009-07-13 23:27:05 ----D---- C:\Program Files\Adobe
2009-07-13 21:55:31 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-13 21:39:52 ----SD---- C:\Documents and Settings\Tim\Application Data\Microsoft
2009-07-08 21:13:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-08 20:30:21 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-06 05:40:51 ----D---- C:\Program Files\DivX
2009-07-06 03:13:31 ----D---- C:\Program Files\Codemasters
2009-07-04 17:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\

Thats all I was able to get.

**Blade81** · 2009-08-08, 11:20

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
BitLord
BitTorrent
DNA
eMule
LimeWire
Vuze

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Empty Recycle Bin.

After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log (if you're able to run DDS now).

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**Wildman0420** · 2009-08-08, 11:48

Ok,. I wasn't even aware of any p2p programs except utorrent. I deleted it, best I could. However I couldn't use add/remove programs. When I clicked on it, nothing happened.

Also, I downloaded combofix, read the intructions and disabled all antivirus, and firewalls. When I ran the progran, I get a small progress bar. It fills up and then it disappears. Attempting to re run it gets the same results.

**Blade81** · 2009-08-08, 12:09

Hi,

Let's try this.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Download Combofix from any of the links below. You must*rename it before saving it (use Wildman.exe as name). Save it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on Wildman.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt. See if you're able to make DDS run.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

**Wildman0420** · 2009-08-08, 12:20

Same result. :( Also I just got a virus detected in memory warning when I turned my AV back on.

**Blade81** · 2009-08-08, 13:50

Hi,

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Go to C:\Documents and Settings\All Users\Application Data folder and move folders that have nothing but digits (e.g. 23812491) in their name to your desktop.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

Thread: Help! I'm having some crazy issues.

Thread Tools

Display

Help! I'm having some crazy issues.

nothing

Posting Permissions