post smitfraud-c.toolbar888 clean up?

G

geedees

New member
I "believe" that I have removed smitfraud-c.toolbar888 from my PC as it does not show up on spybot anymore.

But I am no Expert and would like a double check.

Logfile of HijackThis v1.99.1
Scan saved at 5:25:06 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Puter\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks. :)
 
Hello,

I notice that you do not seem to be running Antivirus software or a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them!!

AVG, Avira OR Avast are good FREE antivirus.Some good free firewalls are ZoneAlarm, or Outpost
A tutorial on understanding and using firewalls may be found here.
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

When you've done this, run a full system scan. You are still infected, and this will help with the cleanup. :)

Thanks,
tea
 
Here you go.

Logfile of HijackThis v1.99.1
Scan saved at 12:20:40 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Puter\Desktop\alloallo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
 
Hello,

Thanks for that. :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
 
Combofix

Puter - 07-01-02 22:44:32.63 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Puter\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{388C6779-08A2-1033-0719-060324060001}
C:\Program Files\Common Files\{A88C6779-08A2-1033-0719-060324060001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Puter\Application Data\CROSOF~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-02 to 2007-01-02 ))))))))))))))))))))))))))))))))))


2007-01-02 13:35 <DIR> d-------- C:\Program Files\OpenAL
2007-01-01 15:11 <DIR> d-------- C:\Program Files\StuffPlug3
2007-01-01 02:47 <DIR> d-------- C:\Westwood
2006-12-31 21:18 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-31 19:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-12-31 18:12 <DIR> d-------- C:\Program Files\System Security Suite 1.04
2006-12-31 17:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-31 16:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-31 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-31 12:13 2 --a------ C:\WINDOWS\system32\wcpit.exe
2006-12-31 02:47 <DIR> d--hs---- C:\WINDOWS\RGF2aWQgR2lic29u
2006-12-31 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-12-30 23:40 92,485 --a------ C:\gp.exe
2006-12-30 22:13 <DIR> d--hs---- C:\WINDOWS\system32\umcpdu
2006-12-30 14:38 <DIR> d-------- C:\Games
2006-12-29 11:12 52,224 --a------ C:\WINDOWS\ipuninst.exe
2006-12-29 11:12 <DIR> d-------- C:\Program Files\Interplay
2006-12-28 14:40 <DIR> d-------- C:\DeusEx
2006-12-28 02:45 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-12-28 02:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-12-28 02:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-12-27 21:34 <DIR> d-------- C:\Program Files\Google
2006-12-27 21:34 <DIR> d-------- C:\Documents and Settings\Puter\Application Data\Google
2006-12-26 21:51 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-26 21:51 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-26 21:51 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-26 21:51 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-26 21:51 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-26 21:51 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-26 21:51 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-26 21:51 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-26 21:50 53,248 --a------ C:\WINDOWS\ap561.exe
2006-12-26 21:50 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys
2006-12-26 21:50 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2006-12-26 21:50 <DIR> d-------- C:\WINDOWS\Setup2K
2006-12-19 21:34 <DIR> d-------- C:\Program Files\Octoshape Streaming Services
2006-12-14 16:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-14 16:41 <DIR> d-------- C:\Fraps
2006-12-13 20:23 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-12-13 20:23 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-12-13 20:23 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-12-13 20:22 <DIR> d-------- C:\Sierra
2006-12-10 23:55 <DIR> d-------- C:\Documents and Settings\Puter\Application Data\Ventrilo
2006-12-02 21:14 <DIR> d-------- C:\Documents and Settings\Puter\Application Data\Sierra
2006-12-02 19:04 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-02 22:45 -------- d-------- C:\Program Files\Common Files
2007-01-02 22:39 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-02 13:35 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-01-02 13:35 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-02 13:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-31 18:33 -------- d-------- C:\Program Files\WinRAR
2006-12-31 18:33 -------- d-------- C:\Program Files\Messenger
2006-12-31 18:33 -------- d-------- C:\Program Files\Internet Explorer
2006-12-31 15:51 -------- d-------- C:\Program Files\CureROM
2006-12-31 15:34 -------- d-------- C:\Program Files\a-squared Free
2006-12-31 01:03 -------- d---s---- C:\Documents and Settings\Puter\Application Data\Microsoft
2006-12-30 22:24 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-29 10:25 -------- d-------- C:\Program Files\PeerGuardian2
2006-12-29 10:25 -------- d-------- C:\Documents and Settings\Puter\Application Data\uTorrent
2006-12-29 02:23 -------- d-------- C:\Program Files\uTorrent
2006-12-28 14:03 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-12-22 09:14 -------- d-------- C:\Program Files\World of Warcraft
2006-12-14 12:58 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 12:58 -------- d-------- C:\Program Files\Common Files\System
2006-12-01 16:34 -------- d-------- C:\Program Files\PhotoFiltre
2006-11-29 09:48 -------- d-------- C:\Program Files\Thief2
2006-11-29 01:53 -------- dr-h----- C:\Documents and Settings\Puter\Application Data\SecuROM
2006-11-29 01:51 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-29 01:47 -------- d-------- C:\Program Files\nwn2
2006-11-28 22:51 -------- d-------- C:\Program Files\Atari
2006-11-27 16:44 -------- d-------- C:\Program Files\Microsoft Picture It! 7
2006-11-27 16:44 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-25 10:16 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-25 01:48 -------- d-------- C:\Program Files\BitComet
2006-11-23 21:52 -------- d-------- C:\Documents and Settings\Puter\Application Data\acccore
2006-11-23 21:51 -------- d-------- C:\Program Files\Viewpoint
2006-11-23 21:51 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-11-23 21:51 -------- d-------- C:\Program Files\AIM6
2006-11-23 21:50 -------- d-------- C:\Documents and Settings\Puter\Application Data\Mozilla
2006-11-20 14:40 -------- d-------- C:\Program Files\Java
2006-11-20 14:39 -------- d-------- C:\Program Files\HLSW
2006-11-20 14:37 -------- d-------- C:\Program Files\Batch JPEG Rotator
2006-11-20 00:03 -------- d-------- C:\Program Files\Microsoft Games
2006-11-16 15:29 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-11-14 01:25 -------- d-------- C:\Program Files\Xvid
2006-11-13 02:18 -------- d-------- C:\Documents and Settings\Puter\Application Data\DivX
2006-11-13 01:43 -------- d-------- C:\Program Files\DivX
2006-11-12 20:11 -------- d-------- C:\Program Files\LimeWire
2006-11-12 14:39 -------- d-------- C:\Documents and Settings\Puter\Application Data\Apple Computer
2006-11-12 12:34 -------- d-------- C:\Program Files\iTunes
2006-11-12 12:34 -------- d-------- C:\Program Files\iPod
2006-11-12 12:33 -------- d-------- C:\Program Files\Apple Software Update
2006-11-12 12:09 -------- d-------- C:\Program Files\Common Files\Macromedia Shared
2006-11-12 12:09 -------- d-------- C:\Documents and Settings\Puter\Application Data\Macromedia
2006-11-12 12:08 -------- d-------- C:\Program Files\Macromedia
2006-11-12 12:08 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-11-10 08:32 -------- d---s---- C:\Program Files\Xfire
2006-11-10 01:36 -------- d-------- C:\Documents and Settings\Puter\Application Data\Xfire
2006-11-08 10:38 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-06 01:24 -------- d-------- C:\Documents and Settings\Puter\Application Data\Creative
2006-11-06 00:08 -------- d-------- C:\Program Files\Qtracker
2006-11-06 00:04 -------- d-------- C:\Program Files\Windows Media Player
2006-11-06 00:04 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-11-02 19:46 -------- d-------- C:\Documents and Settings\Puter\Application Data\Atari
2006-11-02 19:45 -------- d-------- C:\Program Files\Common Files\PocketSoft
2006-11-02 19:45 -------- d-------- C:\Documents and Settings\Puter\Application Data\Leadertech
2006-11-01 14:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-01 14:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-21 16:41 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-21 16:41 286720 --------- C:\WINDOWS\Setup1.exe
2006-10-20 19:59 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-10 17:04 0 -rahs---- C:\MSDOS.SYS
2006-10-10 17:04 0 -rahs---- C:\IO.SYS
2006-10-10 17:04 0 --a------ C:\CONFIG.SYS
2006-10-10 17:04 0 --a------ C:\AUTOEXEC.BAT
2006-10-10 12:52 62 --ahs---- C:\Documents and Settings\Puter\Application Data\desktop.ini
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
 
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy4\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MsnVirRem.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MsnVirRem.exe"
"backup"="C:\\WINDOWS\\pss\\MsnVirRem.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MsnVirRem.exe"
"item"="MsnVirRem"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Puter^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
"path"="C:\\Documents and Settings\\Puter\\Start Menu\\Programs\\Startup\\RollerCoaster Tycoon 3 Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\RollerCoaster Tycoon 3 Registration.lnkStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Puter\\Local Settings\\Temp\\{B8CB12C2-88CE-469C-A2D8-4F4C8386BC9B}\\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\\ATR1.exe /remind /language=ENU /PRNM=\"RollerCoaster Tycoon 3\"/PRMP=\"RCT3\"/SKUN=\"PCXX\"/GTYP=\"STRY\""
"item"="RollerCoaster Tycoon 3 Registration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Puter^Start Menu^Programs^Startup^winlogon.lnk]
"path"="C:\\Documents and Settings\\Puter\\Start Menu\\Programs\\Startup\\winlogon.lnk"
"backup"="C:\\WINDOWS\\pss\\winlogon.lnkStartup"
"location"="Startup"
"command"=" "
"item"="winlogon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwzo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="stub_109_4_0_4_0"
"hkey"="HKCU"
"command"="C:\\Program Files\\InetGet2\\stub_109_4_0_4_0.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OctoshapeClient"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Octoshape Streaming Services\\Puter\\OctoshapeClient.exe\" -inv:bootrun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shareaza"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A88C6779-08A2-1033-0719-060324060001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{A88C6779-08A2-1033-0719-060324060001}\\Update.exe\" te-110-12-0000282"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-02 22:45:14.90
C:\ComboFix.txt ... 07-01-02 22:45
 
Logfile of HijackThis v1.99.1
Scan saved at 12:33:05 AM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Picture It! 7\dw15.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Puter\Desktop\HJT.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
 
Hello,

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.

Thanks,
tea
 
I forgot to save a report, but dug up the report file.

and found the scan.
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-02-01, 02:26:47 [COMPUTERHA][Puter]
Command-line: "C:\DOCUME~1\Puter\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
[Scan path] C:\
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\inst.exe probably infected with BACKDOOR.Trojan
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Puter\NTUSER.DAT - read error
C:\Documents and Settings\Puter\NTUSER~1.LOG - read error
C:\Documents and Settings\Puter\Application Data\Mozilla\Firefox\Profiles\l667vie7.default\PARENT~1.LOC - read error
C:\Documents and Settings\Puter\Application Data\SecuROM\UserData\*.* - read error
C:\Documents and Settings\Puter\Application Data\SecuROM\UserData\*.* - read error
C:\Documents and Settings\Puter\Desktop\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Puter\Desktop\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11

Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\leeroyfoxbibble@hotmail.com\SharingMetadata\is_bradley_me@hotmail.com\DFSR\Staging\CS{4D362170-49AF-A1DA-6381-F14C124CE25A}\01\10-{4D362170-49AF-A1DA-6381-F14C124CE25A}-v1-{B3489EC4-6CD0-4794-8830-18929E24B178}-v10-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\littlegangster_24_7@hotmail.com\SharingMetadata\gangsta_warrior9@hotmail.com\DFSR\Staging\CS{60DFB5A7-A32F-6A1E-8D2D-A2F8E35CAA3C}\01\10-{60DFB5A7-A32F-6A1E-8D2D-A2F8E35CAA3C}-v1-{AF1E929F-A3D8-4EC8-B25E-86FA73F46BA7}-v10-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\01\12-{AC85144B-715B-527A-F3EE-5E91DF578025}-v1-{5E4949C2-2860-410D-B71C-7E35D55FE90B}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\12\12-{15E3B4D4-5D3F-45D8-9729-E236F0244A85}-v12-{15E3B4D4-5D3F-45D8-9729-E236F0244A85}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\12\12-{B7BD9FE2-30C1-4E19-A183-CF8A0BC6D4A0}-v12-{B7BD9FE2-30C1-4E19-A183-CF8A0BC6D4A0}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\13\13-{15E3B4D4-5D3F-45D8-9729-E236F0244A85}-v13-{15E3B4D4-5D3F-45D8-9729-E236F0244A85}-v13-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\16\16-{5E4949C2-2860-410D-B71C-7E35D55FE90B}-v16-{5E4949C2-2860-410D-B71C-7E35D55FE90B}-v16-Downloaded.frx
C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7\aolsetup.exe probably infected with BACKDOOR.Trojan
C:\Program Files\StuffPlug3\StuffPlug3.dll probably infected with DLOADER.Trojan
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP12\A0005615.exe - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP12\A0005616.exe - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP12\A0005617.dll - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003368.exe - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003422.dll - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003436.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003437.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003438.exe is adware program Adware.IWantSearch
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003439.exe - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003444.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003445.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003446.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003447.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003448.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003449.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003450.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003451.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003452.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003453.exe infected with Trojan.DownLoader.17040 - deleted
C:\WINDOWS\SoftwareDistribution\EventCache\{7F28E~1.BIN - read error
C:\WINDOWS\system32\actskn45.ocx infected with Trojan.Isbar.439 - deleted
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\WINDOWS\system32\drivers\sptd.sys - read error

[Scan path] E:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 105026
Infected objects found: 13
Objects with modifications found: 0
Suspicious objects found: 3
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 2
Objects cured: 0
Objects deleted: 13
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1854 Kb/s
Scan time: 00:35:47
-----------------------------------------------------------------------------

C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\inst.exe - incurable - moved
C:\Documents and Settings\Puter\Desktop\SmitfraudFix\Process.exe - incurable - moved
C:\Documents and Settings\Puter\Desktop\SmitfraudFix\restart.exe - incurable - moved
C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7\aolsetup.exe - incurable - moved
C:\Program Files\StuffPlug3\StuffPlug3.dll - incurable - moved
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003438.exe - incurable - moved

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 105341
Infected objects found: 13
Objects with modifications found: 0
Suspicious objects found: 3
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 2
Objects cured: 0
Objects deleted: 13
Objects renamed: 0
Objects moved: 6
Objects ignored: 0
Scan speed: 1894 Kb/s
Scan time: 00:35:53
=============================================================================

Logfile of HijackThis v1.99.1
Scan saved at 6:24:09 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Puter\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
 
Hello,

I'd like to have another run with ComboFix, please. Delete the version of ComboFix you have, as it's been updated, and download a new one, please.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
 
Puter" - 07-02-09 2:25:38 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Puter\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-09 to 2007-02-09 ))))))))))))))))))))))))))))))))))


2007-02-08 04:03 872 --a------ C:\WINDOWS\relation.dat
2007-02-07 23:26 <DIR> d-------- C:\Program Files\GameArena
2007-02-01 02:54 <DIR> d-------- C:\Program Files\Java
2007-02-01 02:54 <DIR> d-------- C:\Program Files\Common Files\Java
2007-02-01 02:26 <DIR> d-------- C:\DOCUME~1\Puter\DoctorWeb
2007-01-28 12:56 40,960 --a------ C:\WINDOWS\system32\psfind.dll
2007-01-28 12:56 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-01-28 12:52 <DIR> d-------- C:\Program Files\THQ
2007-01-27 14:17 <DIR> d-------- C:\Program Files\LimeWire
2007-01-26 23:26 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2007-01-26 23:26 <DIR> d-------- C:\Program Files\Agnitum
2007-01-26 23:22 34,304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2007-01-26 23:22 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2007-01-26 23:22 <DIR> d-------- C:\Program Files\AntiVir PersonalEdition Classic
2007-01-26 23:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AntiVir PersonalEdition Classic
2007-01-25 02:57 2,004 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-24 21:27 28,800 --a------ C:\WINDOWS\snap.dat
2007-01-24 15:50 <DIR> d-------- C:\fixwareout
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-08 22:19 -------- d-------- C:\Program Files\mozilla firefox
2007-02-08 17:12 -------- d-------- C:\Program Files\msn messenger
2007-02-07 16:05 -------- d-------- C:\DOCUME~1\Puter\Application Data\utorrent
2007-01-28 12:52 -------- d--h----- C:\Program Files\installshield installation information
2007-01-24 17:17 -------- d-------- C:\DOCUME~1\Puter\Application Data\shareaza
2007-01-24 15:33 -------- d-------- C:\Program Files\a-squared free
2007-01-23 12:20 -------- d-------- C:\Program Files\world of warcraft
2007-01-21 11:28 -------- d-------- C:\Program Files\utorrent
2007-01-17 20:25 -------- d-------- C:\Program Files\peerguardian2
2007-01-07 11:26 -------- d-------- C:\DOCUME~1\Puter\Application Data\dvdcss
2007-01-02 13:35 86016 --a------ C:\WINDOWS\system32\openal32.dll
2007-01-02 13:35 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-02 13:35 -------- d-------- C:\Program Files\openal
2007-01-01 15:11 -------- d-------- C:\Program Files\stuffplug3
2006-12-31 18:33 -------- d-------- C:\Program Files\messenger
2006-12-31 15:51 -------- d-------- C:\Program Files\octoshape streaming services
2006-12-31 15:51 -------- d-------- C:\Program Files\curerom
2006-12-31 01:03 -------- d---s---- C:\DOCUME~1\Puter\Application Data\microsoft
2006-12-30 22:24 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-29 11:12 52224 --a------ C:\WINDOWS\ipuninst.exe
2006-12-29 11:12 -------- d-------- C:\Program Files\interplay
2006-12-28 14:03 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-12-27 21:34 -------- d-------- C:\Program Files\google
2006-12-27 21:34 -------- d-------- C:\DOCUME~1\Puter\Application Data\google
2006-12-14 21:59 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll
2006-12-14 21:59 17212 --a----t- C:\WINDOWS\system32\sintf32.dll
2006-12-14 21:59 12067 --a----t- C:\WINDOWS\system32\sintf16.dll
2006-12-10 23:55 -------- d-------- C:\DOCUME~1\Puter\Application Data\ventrilo
2006-11-23 21:50 335 --a------ C:\WINDOWS\nsreg.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy4\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Outpost Firewall"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\outpost.exe /waitservice"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MsnVirRem.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MsnVirRem.exe"
"backup"="C:\\WINDOWS\\pss\\MsnVirRem.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MsnVirRem.exe"
"item"="MsnVirRem"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Puter^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
"path"="C:\\Documents and Settings\\Puter\\Start Menu\\Programs\\Startup\\RollerCoaster Tycoon 3 Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\RollerCoaster Tycoon 3 Registration.lnkStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Puter\\Local Settings\\Temp\\{B8CB12C2-88CE-469C-A2D8-4F4C8386BC9B}\\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\\ATR1.exe /remind /language=ENU /PRNM=\"RollerCoaster Tycoon 3\"/PRMP=\"RCT3\"/SKUN=\"PCXX\"/GTYP=\"STRY\""
"item"="RollerCoaster Tycoon 3 Registration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OctoshapeClient"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Octoshape Streaming Services\\Puter\\OctoshapeClient.exe\" -inv:bootrun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shareaza"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlog"
"hkey"="HKLM"
"command"="winlog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Client IP-IPX"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\autorun\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f341606-6f3f-11db-9a02-000acd11b1ef}]
Shell\AutoRun\command F:\autorun\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4672fe17-587f-11db-b661-806d6172696f}]
Shell\AutoRun\command D:\Autorun.exe root.ini

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7645827e-58b3-11db-a7ec-806d6172696f}]
Shell\AutoRun\command D:\Autorun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-09 2:27:31
 
Hello,

Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Please also let me know how your computer is running now. :)

Thanks,
tea
 
DFix: Version 1.64

Run by: Puter - Thu 02/15/2007 @ 22:23:50.62

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found..




ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"E:\\Program Files\\Shareaza\\Shareaza.exe"="E:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\Sharing Folders\riley.clarke@gmail.com\Thumbs.db
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Downloads\mariof.zip

Finished
------

Logfile of HijackThis v1.99.1
Scan saved at 10:35:58 PM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Puter\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
 
Hello,

Let's look here:

Download the trial version of Spy Sweeper from
Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

Thanks,
tea
 
9:30 PM: ApplicationMinimized - EXIT
9:30 PM: ApplicationMinimized - ENTER
9:30 PM: ApplicationMinimized - EXIT
9:30 PM: ApplicationMinimized - ENTER
9:30 PM: ApplicationMinimized - EXIT
9:30 PM: ApplicationMinimized - ENTER
9:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:29 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:28 PM: Warning: Failed to open file "c:\documents and settings\puter\application data\mozilla\firefox\profiles\l667vie7.default\parent.lock". The operation completed successfully
9:28 PM: Warning: Failed to open file "c:\documents and settings\puter\local settings\application data\microsoft\messenger\leeroyfoxbibble@hotmail.com\sharingmetadata\pending.dat". The operation completed successfully
9:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:26 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - ENTER
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - ENTER
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - ENTER
9:24 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:24 PM: ApplicationMinimized - EXIT
9:24 PM: ApplicationMinimized - ENTER
9:24 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:23 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:22 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Starting File Sweep
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
9:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:21 PM: c:\documents and settings\puter\cookies\puter@zedo[1].txt (ID = 3762)
9:21 PM: Found Spy Cookie: zedo cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@xiti[1].txt (ID = 3717)
9:21 PM: Found Spy Cookie: xiti cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@web.tickle[1].txt (ID = 3530)
9:21 PM: c:\documents and settings\puter\cookies\puter@tripod[1].txt (ID = 3591)
9:21 PM: Found Spy Cookie: tripod cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@tribalfusion[2].txt (ID = 3589)
9:21 PM: Found Spy Cookie: tribalfusion cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@trafficmp[2].txt (ID = 3581)
9:21 PM: Found Spy Cookie: trafficmp cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@tradedoubler[1].txt (ID = 3575)
9:21 PM: Found Spy Cookie: tradedoubler cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@tickle[1].txt (ID = 3529)
9:21 PM: Found Spy Cookie: tickle cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@tacoda[2].txt (ID = 6444)
9:21 PM: Found Spy Cookie: tacoda cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@serving-sys[2].txt (ID = 3343)
9:21 PM: Found Spy Cookie: serving-sys cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@realmedia[2].txt (ID = 3235)
9:21 PM: Found Spy Cookie: realmedia cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@questionmarket[2].txt (ID = 3217)
9:21 PM: Found Spy Cookie: questionmarket cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@perf.overture[1].txt (ID = 3106)
9:21 PM: c:\documents and settings\puter\cookies\puter@overture[1].txt (ID = 3105)
9:21 PM: Found Spy Cookie: overture cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@nextag[2].txt (ID = 5014)
9:21 PM: Found Spy Cookie: nextag cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@msnportal.112.2o7[1].txt (ID = 1958)
9:21 PM: c:\documents and settings\puter\cookies\puter@mediaplex[1].txt (ID = 6442)
9:21 PM: Found Spy Cookie: mediaplex cookie
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: c:\documents and settings\puter\cookies\puter@edge.ru4[2].txt (ID = 3269)
9:21 PM: Found Spy Cookie: ru4 cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@dist.belnk[2].txt (ID = 2293)
9:21 PM: c:\documents and settings\puter\cookies\puter@devart.adbureau[2].txt (ID = 2060)
9:21 PM: Found Spy Cookie: adbureau cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@customer[1].txt (ID = 2481)
9:21 PM: Found Spy Cookie: customer cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@cnn.122.2o7[1].txt (ID = 1958)
9:21 PM: c:\documents and settings\puter\cookies\puter@casalemedia[2].txt (ID = 2354)
9:21 PM: Found Spy Cookie: casalemedia cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@bs.serving-sys[2].txt (ID = 2330)
9:21 PM: Found Spy Cookie: bs.serving-sys cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@belnk[1].txt (ID = 2292)
9:21 PM: Found Spy Cookie: belnk cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@azjmp[2].txt (ID = 2270)
9:21 PM: Found Spy Cookie: azjmp cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@atwola[2].txt (ID = 2255)
9:21 PM: Found Spy Cookie: atwola cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@atdmt[2].txt (ID = 2253)
9:21 PM: Found Spy Cookie: atlas dmt cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@as-eu.falkag[2].txt (ID = 2650)
9:21 PM: Found Spy Cookie: falkag cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adviva[1].txt (ID = 2177)
9:21 PM: Found Spy Cookie: adviva cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@advertising[1].txt (ID = 2175)
9:21 PM: Found Spy Cookie: advertising cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adtech[2].txt (ID = 2155)
9:21 PM: Found Spy Cookie: adtech cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adserver[1].txt (ID = 2141)
9:21 PM: Found Spy Cookie: adserver cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@ads.pointroll[2].txt (ID = 3148)
9:21 PM: Found Spy Cookie: pointroll cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@ads.addynamix[1].txt (ID = 2062)
9:21 PM: Found Spy Cookie: addynamix cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adrevolver[3].txt (ID = 2088)
9:21 PM: c:\documents and settings\puter\cookies\puter@adrevolver[2].txt (ID = 2088)
9:21 PM: Found Spy Cookie: adrevolver cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adopt.specificclick[2].txt (ID = 3400)
9:21 PM: Found Spy Cookie: specificclick.com cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adlegend[1].txt (ID = 2074)
9:21 PM: Found Spy Cookie: adlegend cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@ad.yieldmanager[2].txt (ID = 3751)
9:21 PM: Found Spy Cookie: yieldmanager cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@a.websponsors[2].txt (ID = 3665)
9:21 PM: Found Spy Cookie: websponsors cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@2o7[2].txt (ID = 1957)
9:21 PM: Found Spy Cookie: 2o7.net cookie
9:21 PM: Starting Cookie Sweep
9:21 PM: Registry Sweep Complete, Elapsed Time:00:00:07
9:21 PM: HKU\S-1-5-21-1645522239-926492609-839522115-1003\software\idl\ (ID = 1351285)
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Found Adware: targetsaver
9:21 PM: ApplicationMinimized - EXIT
9:21 PM: ApplicationMinimized - ENTER
9:21 PM: ApplicationMinimized - EXIT
9:21 PM: ApplicationMinimized - ENTER
9:21 PM: ApplicationMinimized - EXIT
9:21 PM: ApplicationMinimized - ENTER
9:21 PM: Starting Registry Sweep
9:21 PM: Memory Sweep Complete, Elapsed Time: 00:02:12
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:20 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:19 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:19 PM: Starting Memory Sweep
9:19 PM: ApplicationMinimized - EXIT
9:19 PM: ApplicationMinimized - EXIT
9:19 PM: ApplicationMinimized - ENTER
9:19 PM: ApplicationMinimized - ENTER
9:19 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:19 PM: Start Full Sweep
 
You must log in or register to reply here.
Back
Top