Unsure what i have..

slash_tbh · May 29, 2008

Yea i opened some program and i dunno what the heck is goin on. I can't list a Hijackthis log cause i get this error that say "hijackthis.exe is not a valid Win32 Application" I also get this with a few other programs. Since i can't run hijackthis what should i do?

Rorschach112 · May 29, 2008

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

slash_tbh · May 30, 2008

here is the combo fix log, And i still can't post a hijackthis log getting "this is not a valid win32 application"

ComboFix 08-05-29.1 - Owner 2008-05-30 9:08:03.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\m
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\662343.exe
C:\WINDOWS\system32\drivers\downld\676890.exe
C:\WINDOWS\system32\drivers\downld\691500.exe
C:\WINDOWS\system32\drivers\downld\693843.exe
C:\WINDOWS\system32\drivers\downld\716390.exe
C:\WINDOWS\system32\drivers\downld\729625.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 09:14 . 2008-05-30 09:14 <DIR> d-------- C:\WINDOWS\system32\drivers\downld
2008-05-29 03:44 . 2008-05-29 03:52 <DIR> d-------- C:\Soldat
2008-05-29 03:26 . 2008-05-29 03:26 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 01:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 01:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 10:06 . 2008-05-27 10:16 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-27 09:58 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-05-27 09:58 . 2008-05-27 09:58 1,347 --a------ C:\WINDOWS\ST6UNST.001
2008-05-27 09:57 . 2008-05-27 10:16 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-27 09:57 . 2008-05-27 09:57 342 --a------ C:\WINDOWS\ST6UNST.000
2008-05-16 03:40 . 2008-05-17 17:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-05-16 03:40 . 2008-05-12 20:53 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-16 03:40 . 2008-05-12 20:53 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-16 03:39 . 2008-05-16 03:40 <DIR> d-------- C:\Program Files\DivX
2008-05-14 09:18 . 2008-05-14 09:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-05-14 09:18 . 2008-05-14 09:18 <DIR> d-------- C:\Program Files\FLV Player
2008-05-13 13:51 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-13 13:51 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-12 20:53 . 2008-05-12 20:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 20:53 . 2008-05-12 20:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-12 20:53 . 2008-05-12 20:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-12 20:51 . 2008-05-12 20:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 20:51 . 2008-05-12 20:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-12 20:49 . 2008-05-12 20:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-12 20:49 . 2008-05-12 20:49 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-12 20:49 . 2008-05-12 20:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-12 20:49 . 2008-05-12 20:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 03:57 . 2008-05-12 16:33 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-07 04:20 . 2008-05-07 04:20 <DIR> d-------- C:\Logs
2008-05-06 20:25 . 2008-05-06 20:25 32 --ahs---- C:\WINDOWS\system32\{E7022AC0-C745-4CB7-8691-2A3DED902CA6}.dat
2008-05-06 20:25 . 2008-05-06 20:25 32 --ahs---- C:\WINDOWS\{BECC9981-C01D-4114-9BFF-6F1F16D4E9D9}.dat
2008-05-06 20:22 . 2008-05-06 20:27 <DIR> d-------- C:\Program Files\Norton Personal Firewall
2008-05-06 20:22 . 2008-05-06 20:22 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-05-06 20:04 . 2008-05-08 04:00 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-02 01:37 . 2008-05-30 08:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-05-02 01:37 . 2008-05-02 01:37 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Program Files\Skype
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-02 01:06 . 2008-05-30 09:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-01 03:45 . 2008-05-01 03:45 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-01 03:45 . 2003-07-20 13:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-01 03:45 . 2005-01-04 04:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-01 01:31 . 2008-05-28 19:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-05-01 01:30 . 2008-05-01 01:30 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-30 23:14 . 2008-04-30 23:14 <DIR> d-------- C:\Documents and Settings\Owner\workspace
2008-04-30 22:39 . 2008-04-30 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-30 16:57 . 2008-04-30 16:57 0 --a------ C:\WINDOWS\iPlayer.INI
2008-04-30 16:39 . 2008-04-30 16:40 <DIR> d-------- C:\Program Files\InterActual
2008-04-28 22:25 . 2008-04-28 22:26 <DIR> d-------- C:\Program Files\SpywareGuard
2008-04-28 22:20 . 2008-04-28 22:20 <DIR> d-------- C:\ie-spyad
2008-04-28 22:20 . 1999-12-21 10:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-04-28 22:06 . 2008-05-28 18:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-28 22:06 . 2008-05-28 18:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 21:02 . 2004-11-02 11:58 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-28 17:30 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-28 17:30 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-28 17:30 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-28 17:30 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-28 17:30 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-28 17:30 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-28 17:30 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-28 17:30 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-28 17:30 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-28 17:21 . 2007-08-13 21:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-27 09:41 . 2008-05-28 02:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 09:41 . 2008-04-27 09:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-27 09:41 . 2008-04-27 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-04-26 17:31 . 2002-04-11 23:21 13,335 --a------ C:\WINDOWS\system32\drivers\usbcm.sys
2008-04-26 17:04 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-26 17:04 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-26 17:04 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-26 16:59 . 2008-04-26 16:59 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-26 12:23 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-26 06:57 . 2008-04-26 06:57 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-26 06:57 . 2008-04-26 06:57 <DIR> d-------- C:\WINDOWS\peernet
2008-04-26 06:54 . 2008-04-26 06:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-26 06:41 . 2008-04-26 06:41 <DIR> d-------- C:\WINDOWS\EHome
2008-04-26 05:30 . 2004-08-04 01:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-26 05:30 . 2004-08-04 01:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-25 06:01 . 2008-04-25 06:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 06:01 . 2008-04-25 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 05:49 . 2008-05-12 02:03 <DIR> d-------- C:\Documents and Settings\Owner\dwhelper
2008-04-25 05:12 . 2008-04-25 05:12 <DIR> d-------- C:\Program Files\Safer Networking
2008-04-25 01:27 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-24 23:28 . 2008-04-24 23:28 136 --ah----- C:\sqmnoopt02.sqm
2008-04-24 23:28 . 2008-04-24 23:28 136 --ah----- C:\sqmdata02.sqm
2008-04-24 15:37 . 2008-04-24 15:37 268 --ah----- C:\sqmdata01.sqm
2008-04-24 15:37 . 2008-04-24 15:37 244 --ah----- C:\sqmnoopt01.sqm
2008-04-24 15:13 . 2008-04-24 15:16 543 --a------ C:\WINDOWS\wininit.ini
2008-04-24 14:20 . 2008-04-24 14:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-24 14:20 . 2008-04-24 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 05:21 . 2008-04-24 05:21 268 --ah----- C:\sqmdata00.sqm
2008-04-24 05:21 . 2008-04-24 05:21 244 --ah----- C:\sqmnoopt00.sqm
2008-04-23 17:55 . 2007-07-30 21:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-23 17:55 . 2007-07-30 21:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-23 09:06 . 2008-04-23 09:10 <DIR> d-------- C:\Program Files\BitLord
2008-04-23 08:30 . 2008-05-27 10:22 <DIR> d-------- C:\Program Files\eMule
2008-04-23 06:40 . 2008-04-23 06:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Soldat
2008-04-23 06:40 . 2008-04-23 06:40 0 -ra------ C:\logwmemory.bin
2008-04-23 06:36 . 2008-04-23 06:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-23 06:35 . 2008-04-23 06:35 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-23 06:30 . 2008-04-23 06:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-04-23 06:29 . 2008-04-23 06:30 <DIR> d-------- C:\Program Files\Viewpoint
2008-04-23 06:29 . 2008-04-23 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-23 06:29 . 2008-04-23 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-23 06:29 . 2008-04-23 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-23 06:28 . 2008-04-23 06:28 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-23 06:28 . 2008-04-23 06:30 <DIR> d-------- C:\Program Files\AIM6
2008-04-23 06:28 . 2008-04-23 06:30 450 --ah----- C:\IPH.PH
2008-04-23 06:08 . 2007-03-07 18:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-23 06:08 . 2007-03-07 18:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-23 06:07 . 2008-04-23 06:12 <DIR> d-------- C:\Program Files\Winamp
2008-04-23 06:07 . 2008-05-12 02:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-04-23 06:07 . 2008-05-12 20:53 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-04-23 05:23 . 2008-04-23 05:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nexon
2008-04-23 04:59 . 2008-04-23 04:59 <DIR> d-------- C:\Nexon
2008-04-23 03:54 . 2008-04-23 03:55 <DIR> d-------- C:\Program Files\Unlocker
2008-04-22 23:53 . 2008-04-22 23:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\.clamwin
2008-04-22 23:52 . 2008-04-22 23:52 <DIR> d-------- C:\Program Files\ClamWin
2008-04-22 23:52 . 2008-04-22 23:52 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
2008-04-22 23:41 . 2003-03-03 12:24 33,792 --a------ C:\WINDOWS\ieuninst.exe
2008-04-22 23:31 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-22 23:28 . 2008-05-01 01:30 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 16:54 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-27 15:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 22:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-07 01:24 --------- d-----w C:\Program Files\Symantec
2008-05-07 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-27 17:10 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-04-26 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21 50528]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 20:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59 126976]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2005-10-24 02:01 659456]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 23:58 151597]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-05-30 09:10 70816]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 22:11 139264]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 18:37 53248]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-05-30 09:10 77824]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 00:10 15872]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 15:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 12:03 155648]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-14 19:29 59072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 13:49 36352]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08 53248]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52 557056]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 22:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40 233472]
Norton Personal Firewall.lnk - C:\Program Files\Norton Personal Firewall\nisfirst.exe [2002-11-15 12:48:14 644744]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 00:26:40 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 01:09:13 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-25 06:29:47 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 09:15:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-30 9:22:24 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-05-30 14:22:16
ComboFix2.txt 2008-04-27 00:07:41

Pre-Run: 89,633,525,760 bytes free
Post-Run: 89,530,494,976 bytes free

258 --- E O F --- 2008-05-16 08:24:27

Rorschach112 · May 30, 2008

Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Click here to use the F-Secure Online Scanner

Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.

slash_tbh · Jun 1, 2008

after the online scan logs

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-31 19:51
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/05/2008
Kaspersky Anti-Virus database records: 818915
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 83325
Number of viruses found: 9
Number of infected objects: 106
Number of suspicious objects: 0
Duration of the scan process: 01:42:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\call256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chat256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chat512.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatsync\1b\1b15fff6be787699.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatsync\ad\ad1a83814214b550.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\index2.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\user1024.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\user32768.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\OdinMS\MapleStory\OdinMS.exe Infected: Trojan-PSW.Win32.Mapler.ak skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_73c.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4201.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC028.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCEB7.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Nexon\MapleStory\localhost.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\Nexon\MapleStory\MapleCrusade.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip/Technitium MAC Address Changer 4.0.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip ZIP: infected - 1 skipped
C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\Program Files\Mozilla Firefox\MapleCrusade.exe Infected: Trojan-PSW.Win32.Mapler.ah skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\123062.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\138109.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\143578.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14860000.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14904984.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14905640.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14937703.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14975250.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14983906.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15107187.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15134828.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15145296.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15175031.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\158328.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\161437.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\171187.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\199953.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\201640.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\203781.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\235187.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\247046.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29857656.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29967421.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\33264984.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\379484.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\44558593.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\47829906.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\47905937.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\catchme2008-05-30_ 91136.71.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\QooBox\Quarantine\catchme2008-05-30_ 91136.71.zip/mdelk.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\QooBox\Quarantine\catchme2008-05-30_ 91136.71.zip ZIP: infected - 2 skipped
C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP137\A0007296.exe Infected: Trojan-PSW.Win32.Mapler.ah skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP143\A0007420.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP145\A0008184.exe/MapleCrusade.exe Infected: Trojan-PSW.Win32.Mapler.ah skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP145\A0008184.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP145\A0008186.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP155\A0009210.exe Infected: Trojan-PSW.Win32.Mapler.aj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010257.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010259.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010261.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010262.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010407.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010420.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010435.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010482.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010485.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010514.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160\A0010575.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160\A0010597.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160\A0010598.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161\A0010617.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161\A0010618.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161\A0010650.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162\A0010667.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162\A0010668.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162\A0010698.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163\A0010729.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163\A0010730.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163\A0010756.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164\A0010777.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164\A0010778.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164\A0010804.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0010825.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0010826.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0010852.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0010874.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0011140.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0012118.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012129.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012130.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012131.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012132.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012133.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012134.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012135.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012136.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012138.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012144.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012147.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012148.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012151.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012164.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012166.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012167.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012173.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012174.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012175.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012180.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012181.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012182.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012183.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012190.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012198.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012209.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012222.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012223.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0013118.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0013211.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP168\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BFBEE614-CCD7-4859-AC56-57C67DD8E049}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Rorschach112 · Jun 1, 2008

Post the F-Secure log

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\OdinMS\MapleStory\OdinMS.exe
C:\Nexon\MapleStory\localhost.exe
C:\Nexon\MapleStory\MapleCrusade.exe
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Mozilla Firefox\MapleCrusade.exe

Folder::
C:\WINDOWS\system32\drivers\downld
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip

DirLook::
C:\Program Files\eMule\Incoming

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"=-

SysRst::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

slash_tbh · Jun 1, 2008

Oh sorry! i thought you meant for me to pick of one of those two scanners. i didn't do the F-secure. i'll post it after i do the scan, not sure if you want me to do the combo fix yet.

Rorschach112 · Jun 1, 2008

Do the ComboFix, then go do the F-Secure scan

slash_tbh · Jun 1, 2008

ComboFix 08-05-29.1 - Owner 2008-06-01 16:33:28.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.306 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\OdinMS\MapleStory\OdinMS.exe
C:\Nexon\MapleStory\localhost.exe
C:\Nexon\MapleStory\MapleCrusade.exe
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip
c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Mozilla Firefox\MapleCrusade.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\OdinMS\MapleStory\OdinMS.exe
C:\Nexon\MapleStory\localhost.exe
C:\Nexon\MapleStory\MapleCrusade.exe
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip\
c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
C:\Program Files\Mozilla Firefox\MapleCrusade.exe
C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-29 03:44 . 2008-05-29 03:52 <DIR> d-------- C:\Soldat
2008-05-29 03:26 . 2008-05-29 03:26 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 01:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 01:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 10:06 . 2008-05-27 10:16 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-27 09:58 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-05-27 09:58 . 2008-05-27 09:58 1,347 --a------ C:\WINDOWS\ST6UNST.001
2008-05-27 09:57 . 2008-05-27 10:16 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-27 09:57 . 2008-05-27 09:57 342 --a------ C:\WINDOWS\ST6UNST.000
2008-05-16 03:40 . 2008-05-17 17:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-05-16 03:40 . 2008-05-12 20:53 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-16 03:40 . 2008-05-12 20:53 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-16 03:39 . 2008-05-16 03:40 <DIR> d-------- C:\Program Files\DivX
2008-05-14 09:18 . 2008-05-14 09:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-05-14 09:18 . 2008-05-14 09:18 <DIR> d-------- C:\Program Files\FLV Player
2008-05-13 13:51 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-13 13:51 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-12 20:53 . 2008-05-12 20:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 20:53 . 2008-05-12 20:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-12 20:53 . 2008-05-12 20:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-12 20:51 . 2008-05-12 20:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 20:51 . 2008-05-12 20:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-12 20:49 . 2008-05-12 20:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-12 20:49 . 2008-05-12 20:49 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-12 20:49 . 2008-05-12 20:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-12 20:49 . 2008-05-12 20:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 03:57 . 2008-05-12 16:33 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-07 04:20 . 2008-05-07 04:20 <DIR> d-------- C:\Logs
2008-05-06 20:25 . 2008-05-06 20:25 32 --ahs---- C:\WINDOWS\system32\{E7022AC0-C745-4CB7-8691-2A3DED902CA6}.dat
2008-05-06 20:25 . 2008-05-06 20:25 32 --ahs---- C:\WINDOWS\{BECC9981-C01D-4114-9BFF-6F1F16D4E9D9}.dat
2008-05-06 20:22 . 2008-05-06 20:27 <DIR> d-------- C:\Program Files\Norton Personal Firewall
2008-05-06 20:22 . 2008-05-06 20:22 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-05-06 20:04 . 2008-05-08 04:00 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-02 01:37 . 2008-06-01 16:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-05-02 01:37 . 2008-05-02 01:37 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Program Files\Skype
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-02 01:06 . 2008-06-01 16:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-01 03:45 . 2008-05-01 03:45 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-01 03:45 . 2003-07-20 13:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-01 03:45 . 2005-01-04 04:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-01 01:31 . 2008-05-28 19:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-05-01 01:30 . 2008-05-01 01:30 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 23:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 23:49 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-28 07:00 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 16:54 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-27 15:22 --------- d-----w C:\Program Files\eMule
2008-05-27 15:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 22:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-12 07:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-07 01:24 --------- d-----w C:\Program Files\Symantec
2008-05-07 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-01 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-30 21:40 --------- d-----w C:\Program Files\InterActual
2008-04-29 03:26 --------- d-----w C:\Program Files\SpywareGuard
2008-04-27 17:10 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-04-27 14:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-27 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 14:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-04-26 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 21:59 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-25 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 10:12 --------- d-----w C:\Program Files\Safer Networking
2008-04-24 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 19:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 14:10 --------- d-----w C:\Program Files\BitLord
2008-04-23 11:40 0 ----a-r C:\logwmemory.bin
2008-04-23 11:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Soldat
2008-04-23 11:35 --------- d-----w C:\Program Files\MSN Messenger
2008-04-23 11:30 --------- d-----w C:\Program Files\Viewpoint
2008-04-23 11:30 --------- d-----w C:\Program Files\AIM6
2008-04-23 11:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\acccore
2008-04-23 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-23 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-23 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-23 11:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-23 11:12 --------- d-----w C:\Program Files\Winamp
2008-04-23 10:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nexon
2008-04-23 08:55 --------- d-----w C:\Program Files\Unlocker
2008-04-23 04:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\.clamwin
2008-04-23 04:52 --------- d-----w C:\Program Files\ClamWin
2008-04-23 01:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-04-23 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-23 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-23 00:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-23 00:21 3,884 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-23 00:14 4,158 --sha-r C:\WINDOWS\system32\drivers\HP_DQ174A-ABA A410N_YC_Pavi_QMXK349_E41NAheBLU4_4_IMS-6577_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.02_T031031_WXH1_L409_M504_J123_7Intel_8Celeron_92.8_111063044_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
2008-04-23 00:10 --------- d-----w C:\Program Files\ArcSoft
2008-04-23 00:09 --------- d-----w C:\Program Files\Multimedia Card Reader
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\eMule\Incoming ----

2008-05-27 10:22 667521 --a------ C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip
2008-05-18 05:04 16896 --ahs---- C:\Program Files\eMule\Incoming\Thumbs.db
2008-05-17 19:56 215022644 --a------ C:\Program Files\eMule\Incoming\Animal Sex - Zoofilia Dog Brutal.avi
2008-05-16 22:02 65376256 --a------ C:\Program Files\eMule\Incoming\Animal - Dog - Caes Do Sexo (Excellent Fuck And Cum Inside Cunt).avi
2008-05-16 21:35 8614900 --a------ C:\Program Files\eMule\Incoming\Zoo Animal Sex - Teenage Girl Fucked By Her Dog - 1.mpeg
2008-05-14 18:13 44847900 --a------ C:\Program Files\eMule\Incoming\Petlust Animal Beastiality - Black Pony Horse Fucks Woman Hard Doggie Style (4m18S).mpg

((((((((((((((((((((((((((((( snapshot@2008-05-30_ 9.19.28.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 02:45:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
- 2008-05-30 14:14:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 21:37:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-08-14 02:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
- 2004-08-04 07:56:41 35,328 ------w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 23:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2008-02-26 11:59:50 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 23:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2004-08-04 07:56:42 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2006-09-07 01:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 22:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\23f7ceac0c43a07ec2743f7a\idndl.dll
2006-06-29 08:05 26112 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013373.dll

C:\23f7ceac0c43a07ec2743f7a\normaliz.dll
2006-06-29 08:05 23552 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013372.dll

C:\23f7ceac0c43a07ec2743f7a\spmsg.dll
2006-05-25 10:29 14048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013371.dll

C:\23f7ceac0c43a07ec2743f7a\spuninst.exe
2006-05-25 10:29 213216 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013370.exe

C:\23f7ceac0c43a07ec2743f7a\spupdsvc.exe
2006-05-25 10:29 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013369.exe

C:\23f7ceac0c43a07ec2743f7a\update\spcustom.dll
2006-05-25 10:29 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013367.dll

C:\23f7ceac0c43a07ec2743f7a\update\update.exe
2006-05-25 10:29 716000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013365.exe

C:\23f7ceac0c43a07ec2743f7a\update\updspapi.dll
2006-05-25 10:29 371424 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013366.dll

C:\721b268685871161c33d36\nlsdl.dll
2006-06-28 17:59 24576 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013354.dll

C:\721b268685871161c33d36\spmsg.dll
2006-05-24 12:32 14048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013353.dll

C:\721b268685871161c33d36\spuninst.exe
2006-05-24 12:32 213216 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013352.exe

C:\721b268685871161c33d36\spupdsvc.exe
2006-05-24 12:32 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013351.exe

C:\721b268685871161c33d36\update\spcustom.dll
2006-05-24 12:32 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013349.dll

C:\721b268685871161c33d36\update\update.exe
2006-05-24 12:32 716000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013347.exe

C:\721b268685871161c33d36\update\updspapi.dll
2006-05-24 12:32 371424 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013348.dll

C:\8996d1c1c61811f28a5b\SP2GDR\xmllite.dll
2006-07-14 10:51 121856 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013329.dll

C:\8996d1c1c61811f28a5b\SP2QFE\xmllite.dll
2006-07-14 10:52 121856 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013328.dll

C:\8996d1c1c61811f28a5b\spmsg.dll
2005-10-12 18:12 14048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013327.dll

C:\8996d1c1c61811f28a5b\spuninst.exe
2005-10-12 18:12 213216 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013334.exe

C:\8996d1c1c61811f28a5b\update\spcustom.dll
2005-10-12 18:12 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013324.dll

C:\8996d1c1c61811f28a5b\update\update.exe
2005-10-12 18:12 716000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013335.exe

C:\8996d1c1c61811f28a5b\update\updspapi.dll
2005-10-12 18:12 371424 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013330.dll

C:\Combo-Fix\Combobatch.bat
2000-08-31 08:00 7414 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013496.bat
2008-06-01 16:36 7504 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013505.bat

C:\Combo-Fix\Comspec.bat
2000-08-31 08:00 149 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013483.bat

C:\Combo-Fix\Disclaimer.bat
{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP166\A0012127.batC:\WINDOWS\inf\_000000_.tmp.dll
2008-03-27 22:49 705 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP168\A0013282.dll

2008-06-01 16:36 65096 C:\Combo-Fix\Lang.bat
2000-08-31 08:00 65098 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013497.bat

C:\Combo-Fix\List-C.bat
2000-08-31 08:00 200169 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013495.bat

C:\Combo-Fix\restore_pt.vbs
2000-08-31 08:00 232 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013489.vbs

C:\dfafd4ba2f6f078ef441921851170327\admparse.dll
2007-08-13 18:39 71680 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013465.dll

C:\dfafd4ba2f6f078ef441921851170327\advpack.dll
2007-08-13 18:39 123904 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013464.dll

C:\dfafd4ba2f6f078ef441921851170327\browseui.dll
2006-09-23 13:12 1022976 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013463.dll

C:\dfafd4ba2f6f078ef441921851170327\corpol.dll
2007-08-13 18:42 17408 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013462.dll

C:\dfafd4ba2f6f078ef441921851170327\custsat.dll
2007-08-13 18:54 33792 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013461.dll

C:\dfafd4ba2f6f078ef441921851170327\dxtmsft.dll
2007-08-13 18:35 346624 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013460.dll

C:\dfafd4ba2f6f078ef441921851170327\dxtrans.dll
2007-08-13 18:35 214528 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013459.dll

C:\dfafd4ba2f6f078ef441921851170327\extmgr.dll
2007-08-13 18:54 131584 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013458.dll

C:\dfafd4ba2f6f078ef441921851170327\hmmapi.dll
2007-08-13 18:18 60416 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013457.dll

C:\dfafd4ba2f6f078ef441921851170327\icardie.dll
2007-08-13 18:36 61952 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013456.dll

C:\dfafd4ba2f6f078ef441921851170327\ie4uinit.exe
2007-08-13 18:39 54784 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013418.exe

C:\dfafd4ba2f6f078ef441921851170327\ieakeng.dll
2007-08-13 18:39 152064 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013455.dll

C:\dfafd4ba2f6f078ef441921851170327\ieaksie.dll
2007-08-13 18:39 229376 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013454.dll

C:\dfafd4ba2f6f078ef441921851170327\ieakui.dll
2007-08-13 17:56 161792 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013453.dll

C:\dfafd4ba2f6f078ef441921851170327\ieapfltr.dll
2007-07-11 12:27 383488 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013452.dll

C:\dfafd4ba2f6f078ef441921851170327\iedkcs32.dll
2007-08-13 18:39 382976 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013451.dll

C:\dfafd4ba2f6f078ef441921851170327\iedw.exe
2007-08-13 18:44 69120 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013417.exe

C:\dfafd4ba2f6f078ef441921851170327\ieencode.dll
2007-08-13 18:45 78336 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013450.dll

C:\dfafd4ba2f6f078ef441921851170327\ieframe.dll
2007-08-13 18:54 6049280 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013449.dll

C:\dfafd4ba2f6f078ef441921851170327\iepeers.dll
2007-08-13 18:54 191488 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013448.dll

C:\dfafd4ba2f6f078ef441921851170327\ieproxy.dll
2007-08-13 18:54 287744 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013447.dll

C:\dfafd4ba2f6f078ef441921851170327\iernonce.dll
2007-08-13 18:39 43008 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013446.dll

C:\dfafd4ba2f6f078ef441921851170327\iertutil.dll
2007-08-13 18:34 266752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013445.dll

C:\dfafd4ba2f6f078ef441921851170327\iesetup.dll
2007-08-13 18:39 55296 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013444.dll

C:\dfafd4ba2f6f078ef441921851170327\ieudinit.exe
2007-08-13 18:39 13312 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013416.exe

C:\dfafd4ba2f6f078ef441921851170327\ieui.dll
2007-08-13 18:54 180736 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013443.dll

C:\dfafd4ba2f6f078ef441921851170327\iexplore.exe
2007-08-13 18:43 622080 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013415.exe

C:\dfafd4ba2f6f078ef441921851170327\imgutil.dll
2007-08-13 18:36 36352 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013442.dll

C:\dfafd4ba2f6f078ef441921851170327\inseng.dll
2007-08-13 18:39 92672 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013441.dll

C:\dfafd4ba2f6f078ef441921851170327\jscript.dll
2007-08-13 18:38 491520 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013440.dll

C:\dfafd4ba2f6f078ef441921851170327\jsproxy.dll
2007-08-13 18:54 27136 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013439.dll

C:\dfafd4ba2f6f078ef441921851170327\licmgr10.dll
2007-08-13 18:44 40960 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013438.dll

C:\dfafd4ba2f6f078ef441921851170327\msfeeds.dll
2007-08-13 18:54 458752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013437.dll

C:\dfafd4ba2f6f078ef441921851170327\msfeedsbs.dll
2007-08-13 18:54 50688 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013436.dll

C:\dfafd4ba2f6f078ef441921851170327\msfeedssync.exe
2007-08-13 18:36 12288 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013414.exe

C:\dfafd4ba2f6f078ef441921851170327\mshta.exe
2007-08-13 18:32 45568 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013413.exe

C:\dfafd4ba2f6f078ef441921851170327\mshtml.dll
2007-08-13 18:54 3578368 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013435.dll

C:\dfafd4ba2f6f078ef441921851170327\mshtmled.dll
2007-08-13 18:54 475648 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013434.dll

C:\dfafd4ba2f6f078ef441921851170327\mshtmler.dll
2007-08-13 18:01 48128 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013433.dll

C:\dfafd4ba2f6f078ef441921851170327\msls31.dll
2007-08-13 18:54 156160 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013432.dll

C:\dfafd4ba2f6f078ef441921851170327\msrating.dll
2007-08-13 18:44 192000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013431.dll

C:\dfafd4ba2f6f078ef441921851170327\mstime.dll
2007-08-13 18:54 670720 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013430.dll

C:\dfafd4ba2f6f078ef441921851170327\occache.dll
2007-08-13 18:44 101376 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013429.dll

C:\dfafd4ba2f6f078ef441921851170327\pngfilt.dll
2007-08-13 18:36 44544 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013428.dll

C:\dfafd4ba2f6f078ef441921851170327\shdocvw.dll
2006-09-23 13:12 1497088 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013427.dll

C:\dfafd4ba2f6f078ef441921851170327\shlwapi.dll
2006-09-23 13:12 474112 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013426.dll

C:\dfafd4ba2f6f078ef441921851170327\spmsg.dll
2006-09-06 17:43 14048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013425.dll

C:\dfafd4ba2f6f078ef441921851170327\spuninst.exe
2006-09-06 17:43 213216 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013412.exe

C:\dfafd4ba2f6f078ef441921851170327\spupdsvc.exe
2006-09-06 17:43 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013411.exe

C:\dfafd4ba2f6f078ef441921851170327\update\idndl.exe
2006-09-06 17:42 589672 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013395.exe

C:\dfafd4ba2f6f078ef441921851170327\update\iecustom.dll
2007-08-13 18:54 32960 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013398.dll

C:\dfafd4ba2f6f078ef441921851170327\update\iereseticons.exe
2007-08-13 18:52 66048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013394.exe

C:\dfafd4ba2f6f078ef441921851170327\update\iesetup.exe
2007-08-13 18:54 1084096 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013393.exe

C:\dfafd4ba2f6f078ef441921851170327\update\legitlibm.dll
2007-02-12 16:10 635696 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013397.dll

C:\dfafd4ba2f6f078ef441921851170327\update\nlsdl.exe
2006-09-06 17:42 498016 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013392.exe

C:\dfafd4ba2f6f078ef441921851170327\update\update.exe
2006-09-06 17:43 716000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013391.exe

C:\dfafd4ba2f6f078ef441921851170327\update\updspapi.dll
2006-09-06 17:43 371424 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013396.dll

C:\dfafd4ba2f6f078ef441921851170327\update\xmllitesetup.exe
{CD53596A-5812-49DB-AF84-A
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21 50528]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 20:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59 126976]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 23:58 151597]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-05-30 09:10 70816]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 22:11 139264]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 18:37 53248]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-05-30 09:10 77824]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 00:10 15872]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 15:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 12:03 155648]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-14 19:29 59072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 13:49 36352]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52 557056]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 22:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40 233472]
Norton Personal Firewall.lnk - C:\Program Files\Norton Personal Firewall\nisfirst.exe [2002-11-15 12:48:14 644744]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 00:26:40 16384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-25 06:29:47 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 16:38:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-06-01 16:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 21:43:45
ComboFix2.txt 2008-05-30 14:22:25
ComboFix3.txt 2008-04-27 00:07:41

Pre-Run: 89,606,701,056 bytes free
Post-Run: 89,592,696,832 bytes free

428 --- E O F --- 2008-05-31 08:07:19

Rorschach112 · Jun 1, 2008

Ok post the F-Secure and a new HijackThis log

slash_tbh · Jun 2, 2008

Still can't run hijackthis here are some screens of what i'm getting...

Rorschach112 · Jun 2, 2008

Post the F-Secure log and tell me how your PC is running

slash_tbh · Jun 2, 2008

as shown from the screen shot, i can't run F-secure.

Rorschach112 · Jun 2, 2008

Hello

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Also tell me how your PC is running

slash_tbh · Jun 3, 2008

KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;
videotype.vbs;C:\hp\patches\41NA0BLU\WinDVD;Probably SCRIPT.Virus;Incurable.Moved.;
HpqCmon.exe.vir;C:\QooBox\Quarantine\C\Program Files\HP\Digital Imaging\Unload;Win32.HLLM.Beagle.219;Deleted.;
123062.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Trojan.PWS.Kone.2;Deleted.;
138109.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
143578.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Trojan.PWS.Kone.2;Deleted.;
14860000.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Trojan.PWS.Kone.2;Deleted.;
14904984.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
14905640.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
14937703.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
14975250.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
14983906.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
15107187.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Trojan.PWS.Kone.2;Deleted.;
15134828.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
15145296.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
15175031.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
158328.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Trojan.PWS.Kone.2;Deleted.;
161437.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Trojan.PWS.Kone.2;Deleted.;
171187.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
199953.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
201640.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
203781.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
235187.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Trojan.PWS.Kone.2;Deleted.;
247046.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
29857656.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Trojan.PWS.Kone.2;Deleted.;
29967421.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
33264984.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
379484.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
44558593.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
47829906.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
47905937.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld;Win32.HLLM.Beagle;Deleted.;
A0010257.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010259.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010261.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010262.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010407.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010420.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Trojan.PWS.Kone.2;Deleted.;
A0010435.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010482.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010485.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010514.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159;Win32.HLLM.Beagle.219;Deleted.;
A0010575.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160;Trojan.PWS.Kone.2;Deleted.;
A0010597.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160;Win32.HLLM.Beagle.219;Deleted.;
A0010598.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160;Win32.HLLM.Beagle.219;Deleted.;
A0010617.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161;Win32.HLLM.Beagle.219;Deleted.;
A0010618.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161;Win32.HLLM.Beagle.219;Deleted.;
A0010650.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161;Trojan.PWS.Kone.2;Deleted.;
A0010667.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162;Win32.HLLM.Beagle.219;Deleted.;
A0010668.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162;Win32.HLLM.Beagle.219;Deleted.;
A0010698.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162;Trojan.PWS.Kone.2;Deleted.;
A0010729.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163;Win32.HLLM.Beagle.219;Deleted.;
A0010730.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163;Win32.HLLM.Beagle.219;Deleted.;
A0010756.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163;Trojan.PWS.Kone.2;Deleted.;
A0010777.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164;Win32.HLLM.Beagle.219;Deleted.;
A0010778.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164;Win32.HLLM.Beagle.219;Deleted.;
A0010804.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164;Trojan.PWS.Kone.2;Deleted.;
A0010825.sys;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165;Win32.HLLM.Beagle.219;Deleted.;
A0010826.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165;Win32.HLLM.Beagle.219;Deleted.;
A0010852.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165;Trojan.PWS.Kone.2;Deleted.;
A0010874.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165;Win32.HLLM.Beagle.219;Deleted.;
A0011140.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165;Win32.HLLM.Beagle.219;Deleted.;
A0012118.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165;Win32.HLLM.Beagle.219;Deleted.;
A0012129.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Trojan.PWS.Kone.2;Deleted.;
A0012130.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012131.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Trojan.PWS.Kone.2;Deleted.;
A0012132.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Trojan.PWS.Kone.2;Deleted.;
A0012133.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012134.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012135.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012136.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012138.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012144.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Trojan.PWS.Kone.2;Deleted.;
A0012147.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012148.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012151.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012164.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Trojan.PWS.Kone.2;Deleted.;
A0012166.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Trojan.PWS.Kone.2;Deleted.;
A0012167.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012173.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012174.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012175.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012180.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Trojan.PWS.Kone.2;Deleted.;
A0012181.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012182.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Trojan.PWS.Kone.2;Deleted.;
A0012183.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012190.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012198.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012209.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012222.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0012223.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0013118.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle.219;Deleted.;
A0013138.bat;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Probably SCRIPT.Virus;Incurable.Moved.;
A0013211.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Win32.HLLM.Beagle;Deleted.;
A0013251.EXE;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Program.PsExec.170;Incurable.Moved.;
A0013261.bat;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167;Probably SCRIPT.Virus;Incurable.Moved.;
A0013493.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174;Win32.HLLM.Beagle.219;Deleted.;
A0013514.EXE;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174;Program.PsExec.170;Incurable.Moved.;
A0013523.bat;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174;Probably SCRIPT.Virus;Incurable.Moved.;
A0013569.exe;C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP175;Trojan.KillApp.30208;Deleted.;

slash_tbh · Jun 3, 2008

sorry for the double post, but forgot to add that i still can't run hijackthis i still get a " this isn't a valid Win32 application " For certain programs

Rorschach112 · Jun 3, 2008

That is just a result of the rootkit

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

slash_tbh · Jun 4, 2008

The Main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-04 05:02:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
47: 2008-06-04 10:02:50 UTC - RP178 - Deckard's System Scanner Restore Point
46: 2008-06-04 09:26:52 UTC - RP177 - System Checkpoint
45: 2008-06-03 08:20:05 UTC - RP176 - Software Distribution Service 3.0
44: 2008-06-03 01:39:55 UTC - RP175 - System Checkpoint
43: 2008-06-01 21:32:51 UTC - RP174 - ComboFix created restore point

-- First Restore Point --
1: 2008-04-29 00:56:16 UTC - RP132 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-04 05:04:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\ltmsg.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Delta AutoLoad.lnk = C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\Delta\delta.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: http://support.f-secure.com (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208915641656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208916465093
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10084 bytes

-- HijackThis Fixed Entries (C:\Documents and Settings\Owner\Desktop\backups\) -

backup-20080426-155631-426 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
backup-20080426-155631-584 O2 - BHO: (no name) - {F6759C9B-BF22-40AF-BB88-E9A24968B967} - C:\WINDOWS\System32\nnnmjheB.dll (file missing)
backup-20080426-155631-667 O2 - BHO: (no name) - {83955744-3395-48D8-848B-10BEFB2BC81A} - C:\WINDOWS\System32\opnLCUli.dll (file missing)
backup-20080426-155631-821 O20 - Winlogon Notify: ljJcyVon - ljJcyVon.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\documents and settings\owner\desktop\gaming stuffs\odinms\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S4 NISUM (Norton Personal Firewall Accounts Manager) - "c:\program files\norton personal firewall\nisum.exe" <Not Verified; Symantec Corporation; Norton Internet Security>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-30 20:00:00 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-04-25 01:29:47 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job

-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-03 16:01:55 0 d-------- C:\Program Files\Gravity
2008-06-03 16:00:43 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-06-03 03:20:18 0 d-------- C:\WINDOWS\LastGood
2008-06-02 23:01:49 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-02 22:54:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-02 21:59:18 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-05-30 05:06:41 68096 --a------ C:\WINDOWS\zip.exe
2008-05-30 05:06:41 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-30 05:06:41 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-30 05:06:41 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-30 05:06:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-30 05:06:41 98816 --a------ C:\WINDOWS\sed.exe
2008-05-30 05:06:41 80412 --a------ C:\WINDOWS\grep.exe
2008-05-30 05:06:41 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-29 03:44:29 0 d-------- C:\Soldat
2008-05-29 03:31:33 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-05-29 03:26:43 0 d-------- C:\Program Files\CCleaner
2008-05-27 09:58:51 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-27 09:57:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-16 03:40:25 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-05-16 03:39:43 0 d-------- C:\Program Files\DivX
2008-05-14 09:18:11 0 d-------- C:\WINDOWS\Applian FLV Player
2008-05-14 09:18:11 0 d-------- C:\Program Files\FLV Player
2008-05-12 20:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 20:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 20:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 20:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-09 11:59:25 6553600 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-05-08 03:57:24 0 d-------- C:\Program Files\World of Warcraft
2008-05-07 04:20:33 0 d-------- C:\Logs
2008-05-06 20:25:43 32 --ahs---- C:\WINDOWS\system32\{E7022AC0-C745-4CB7-8691-2A3DED902CA6}.dat
2008-05-06 20:25:43 32 --ahs---- C:\WINDOWS\{BECC9981-C01D-4114-9BFF-6F1F16D4E9D9}.dat
2008-05-06 20:22:47 0 d-------- C:\Program Files\Norton Personal Firewall
2008-05-06 20:22:24 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-05-06 20:04:25 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment

-- Find3M Report ---------------------------------------------------------------

2008-06-04 05:02:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-06-04 00:00:05 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-06-02 22:54:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-02 22:54:50 0 d-------- C:\Program Files\Common Files
2008-05-28 19:22:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-05-28 18:49:59 0 d-------- C:\Program Files\SpywareBlaster
2008-05-28 02:00:08 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 11:54:56 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-27 10:22:27 0 d-------- C:\Program Files\eMule
2008-05-27 10:02:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-22 17:19:11 0 d-------- C:\Program Files\Easy Internet signup
2008-05-12 02:28:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-10 20:07:45 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-06 20:24:06 0 d-------- C:\Program Files\Symantec
2008-05-02 01:37:26 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 01:06:37 0 d-------- C:\Program Files\Skype
2008-05-02 01:06:33 0 d-------- C:\Program Files\Common Files\Skype
2008-05-01 03:45:16 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-30 16:40:13 0 d-------- C:\Program Files\InterActual
2008-04-28 22:26:06 0 d-------- C:\Program Files\SpywareGuard
2008-04-27 09:41:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-27 09:21:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-04-26 17:31:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 17:07:22 0 d-------- C:\Program Files\Messenger
2008-04-26 16:59:28 0 d-------- C:\Program Files\MSXML 4.0
2008-04-26 06:57:05 0 d-------- C:\Program Files\Movie Maker
2008-04-26 06:54:05 0 d-------- C:\Program Files\Windows NT
2008-04-25 05:12:33 0 d-------- C:\Program Files\Safer Networking
2008-04-25 01:27:13 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-04-23 09:10:32 0 d-------- C:\Program Files\BitLord
2008-04-23 06:40:54 0 -ra------ C:\logwmemory.bin
2008-04-23 06:40:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Soldat
2008-04-23 06:35:19 0 d-------- C:\Program Files\MSN Messenger
2008-04-23 06:30:54 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-04-23 06:30:20 0 d-------- C:\Program Files\AIM6
2008-04-23 06:30:01 0 d-------- C:\Program Files\Viewpoint
2008-04-23 06:28:48 0 d-------- C:\Program Files\Common Files\AOL
2008-04-23 06:12:40 0 d-------- C:\Program Files\Winamp
2008-04-23 05:23:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Nexon
2008-04-23 05:20:18 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-04-22 23:54:52 0 d-------- C:\Documents and Settings\Owner\Application Data\.clamwin
2008-04-22 23:52:57 0 d-------- C:\Program Files\ClamWin
2008-04-22 20:53:35 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-22 20:46:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-04-22 19:34:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-04-22 19:32:59 0 d-------- C:\Program Files\Yahoo!
2008-04-22 19:24:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-22 19:24:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-22 19:21:19 3884 --a------ C:\WINDOWS\viassary-hp.reg
2008-04-22 19:10:50 0 d-------- C:\Program Files\ArcSoft
2008-04-22 19:09:29 0 d-------- C:\Program Files\Multimedia Card Reader

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 23:58]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-05-30 09:10]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 22:11]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 18:37]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-05-30 09:10]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 00:10]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 15:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 12:03]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-14 19:29]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 13:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 19:43]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 20:45]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Delta AutoLoad.lnk - C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\Delta\delta.exe [2005-05-22 16:43:52]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 22:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40]
Norton Personal Firewall.lnk - C:\Program Files\Norton Personal Firewall\nisfirst.exe [2002-11-15 12:48:14]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 00:26:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-06-04 05:05:56 ------------

slash_tbh · Jun 4, 2008

The Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.80GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 503.48 MiB / 205.02 MiB
Pagefile Memory (total/avail): 1230.72 MiB / 951.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.71 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 108.98 GiB total, 78.02 GiB free.
D: is Fixed (FAT32) - 5.5 GiB total, 0.95 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y120L0 - 114.5 GiB - 2 partitions
\PARTITION0 - Unknown - 5.52 GiB - D:
\PARTITION1 (bootable) - Installable File System - 108.98 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HAVOC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HAVOC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=HAVOC
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Owner (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Applian FLV Player --> "C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Blackhawk Striker from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Canon S520 --> C:\WINDOWS\System32\CNMCP3m.exe "-PRINTERNAMECanon S520" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst2\cnmi0409.dll"
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClamWin Free Antivirus 0.93 --> "C:\Program Files\ClamWin\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EssenceRO 2.1 --> C:\Program Files\Gravity\RO\uninst.exe
Excavation from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C56C66C3-3462-4A3F-8661-9E18362A5E7C\Uninstall.exe"
Five Card Frenzy from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HPIZ311 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{9B40FEE5-85E8-4851-89AD-66E2A1B4DC04}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Personal Firewall --> MsiExec.exe /I{15BFECE8-A100-4861-B92B-1EFF76683C23}
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
Ragnarok Online --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU9D.inf
Ragnarok Sakray --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFUA4.inf
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Soldat 1.4.2 --> "C:\Soldat\unins000.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
toolkit --> c:\Windows\HPTK\unhptkit.exe
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

-- Application Event Log -------------------------------------------------------

Event Record #/Type357 / Error
Event Submitted/Written: 06/03/2008 03:28:48 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application delta.exe, version 1.0.0.1, faulting module mfc70.dll, version 7.0.9466.0, fault address 0x0001c4c4.
Processing media-specific event for [delta.exe!ws!]

Event Record #/Type352 / Error
Event Submitted/Written: 06/01/2008 04:40:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nisfirst.exe, version 6.0.2.23, faulting module wrapum.dll, version 6.0.2.1015, fault address 0x00008977.
Processing media-specific event for [nisfirst.exe!ws!]

Event Record #/Type348 / Error
Event Submitted/Written: 06/01/2008 04:15:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nisfirst.exe, version 6.0.2.23, faulting module wrapum.dll, version 6.0.2.1015, fault address 0x00008977.
Processing media-specific event for [nisfirst.exe!ws!]

Event Record #/Type343 / Error
Event Submitted/Written: 05/31/2008 04:37:50 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nisfirst.exe, version 6.0.2.23, faulting module wrapum.dll, version 6.0.2.1015, fault address 0x00008977.
Processing media-specific event for [nisfirst.exe!ws!]

Event Record #/Type339 / Error
Event Submitted/Written: 05/30/2008 09:16:36 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nisfirst.exe, version 6.0.2.23, faulting module wrapum.dll, version 6.0.2.1015, fault address 0x00008977.
Processing media-specific event for [nisfirst.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type2351 / Error
Event Submitted/Written: 06/04/2008 03:29:41 AM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Event Record #/Type2350 / Error
Event Submitted/Written: 06/04/2008 03:29:17 AM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Event Record #/Type2349 / Error
Event Submitted/Written: 06/03/2008 08:50:05 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer CNF7223ZKQ
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C79F8A60-D703-493.
The master browser is stopping or an election is being forced.

Event Record #/Type2348 / Warning
Event Submitted/Written: 06/03/2008 03:56:54 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2346 / Error
Event Submitted/Written: 06/03/2008 03:57:28 AM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

-- End of Deckard's System Scanner: finished at 2008-06-04 05:05:56 ------------

Rorschach112 · Jun 4, 2008

Hello

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

[kill explorer]
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\{E7022AC0-C745-4CB7-8691-2A3DED902CA6}.dat
C:\WINDOWS\{BECC9981-C01D-4114-9BFF-6F1F16D4E9D9}.dat
purity 
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log and tell me how your PC is running

Unsure what i have..

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

New member

Retired Security Volunteer

New member

New member

Retired Security Volunteer