1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Urgent Help Needed

Discussion in 'Virus & Other Malware Removal' started by Vandatta, Feb 24, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    my computer changed its background to a warning symbol and says my privacy is in danger, when i try and click anything on my desktop it takes me to a page on the internet that is expired. if i try and right click my desktop and click properties to change my desktop it shows me the file path file:///C:/WINDOWS/privacy_danger/images/spacer.gif


    its messing up my entire computer and i need to get rid of this virus now, please someone hel p
     
  2. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    here is a hijack this log :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:49:21 AM, on 2/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\SDRNSE~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\program files\valve\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
    C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\QuickTime\QuickTimePlayer.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Johnny Hayes\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{9857D721-0D87-1033-1220-041124040001}] "C:\Program Files\Common Files\{9857D721-0D87-1033-1220-041124040001}\Update.exe" mc-110-12-0000272
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191012425000
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O21 - SSODL: admgcx - {992139FD-65A4-467F-9FBA-117BD5625104} - C:\WINDOWS\admgcx.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bdnt6terdcd99 - ALWIL Software - (no file)
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SDRN Service - JenykSoft - C:\WINDOWS\system32\SDRNSE~1.EXE
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 11298 bytes
     
  3. Jintan

    Jintan

    Joined:
    Oct 3, 2007
    Messages:
    1,164
    Hello Vandatta,

    What occurred in your first request for this same problem is you literally bumped your way out of receiving a response, as requests without replies are the ones checked first. But please do not start new ones - just adds to the workload here.

    Infection is there, so let's start some repairs.


    Please do the following steps in the following order (as they apply) to disable SpyBot's TeaTimer, as this will interfere with repairs.


    Right click on the SpyBot Resident icon in the Taskbar (looks like a lock), and click Exit SpyBot-S&D Resident. Next:

    1) Run Spybot-S&D
    2) Go to the Mode menu, and make sure "Advanced Mode" is selected
    3) On the left hand side, choose Tools -> Resident
    4) Uncheck "Resident TeaTimer" and OK any prompts
    5) Restart your computer (important).
    You can re-enable TeaTimer once your system is clean (when all repairs are made).
    A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop, however given the infection there ComboFix will likely cause a reboot in order to complete it's repairs.

    -----------------------------------


    Then to keep them from interfering with the repairs, be sure to temporarily disable all other antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Like TeaTimer, Avast is know to interfere, so take the time to disable that.

    Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

    When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.

    ComboFix will also change the drive autoplay settings there as it's own added security measure. When we have completed all repairs here we will return the default Windows settings.

    (ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver)

    Post back the C:\ComboFix.txt log as well as a new HijackThis log please.
     
  4. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    thanks for the help so far. i did the combo fix, and here is the log :

    Combo Fix log :

    ComboFix 08-02-25.3 - Johnny Hayes 2008-02-25 22:19:02.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.538 [GMT -5:00]
    Running from: C:\Documents and Settings\Johnny Hayes\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Johnny Hayes\Favorites\Error Cleaner.url
    C:\Documents and Settings\Johnny Hayes\Favorites\Privacy Protector.url
    C:\Documents and Settings\Johnny Hayes\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\Johnny Hayes\My Documents\FNTS~1
    C:\WINDOWS\system32\components

    ----- BITS: Possible infected sites -----

    hxxp://softworldnetwork.com
    hxxp://onsafepro.com
    hxxp://softworldnetwork2.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SFSYNC02
    -------\sfsync02


    ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
    .

    2008-02-24 19:48 . 2008-02-24 19:48 <DIR> d-------- C:\Program Files\AviSynth 2.5
    2008-02-24 19:48 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-02-24 19:48 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
    2008-02-24 19:48 . 2007-11-13 09:31 399,360 --a------ C:\WINDOWS\system32\Smab.dll
    2008-02-24 19:48 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
    2008-02-24 19:48 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
    2008-02-24 19:48 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
    2008-02-24 19:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-02-24 19:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
    2008-02-24 19:48 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
    2008-02-24 19:48 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
    2008-02-24 19:47 . 2008-02-24 19:47 <DIR> d-------- C:\Program Files\eRightSoft
    2008-02-24 19:47 . 2005-02-12 18:00 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
    2008-02-24 19:47 . 2005-01-17 18:26 179,200 -r-hs---- C:\WINDOWS\system32\DiracSplitter.ax
    2008-02-24 19:47 . 2006-08-16 09:53 175,104 -r-hs---- C:\WINDOWS\system32\CoreAAC.ax
    2008-02-24 19:47 . 2005-02-05 18:00 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
    2008-02-24 19:47 . 2005-02-22 11:55 81,920 -r-hs---- C:\WINDOWS\system32\aac_parser.ax
    2008-02-24 19:47 . 2005-02-12 18:00 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
    2008-02-24 19:47 . 2005-02-12 18:00 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
    2008-02-24 19:19 . 2008-02-24 19:24 <DIR> d-------- C:\Program Files\Free FLV Converter
    2008-02-24 19:19 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
    2008-02-24 19:19 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
    2008-02-24 19:19 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-02-24 19:19 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2008-02-24 19:19 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
    2008-02-24 19:19 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
    2008-02-24 19:19 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2008-02-24 19:19 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
    2008-02-24 19:19 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
    2008-02-24 19:19 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
    2008-02-24 01:10 . 2008-02-24 01:10 <DIR> d-------- C:\Program Files\Windows Sidebar
    2008-02-24 01:09 . 2008-02-24 01:11 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-02-24 01:09 . 2008-02-24 01:11 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-02-24 01:09 . 2008-02-24 01:11 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-02-24 01:09 . 2008-02-24 01:11 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-02-24 01:08 . 2008-02-24 01:11 <DIR> d-------- C:\Program Files\Symantec
    2008-02-20 20:57 . 2008-02-20 20:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-02-16 22:26 . 2008-02-16 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-16 20:50 . 2008-02-16 20:47 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-16 20:50 . 2008-02-16 20:50 3,450 --a------ C:\WINDOWS\unins000.dat
    2008-02-16 13:03 . 2008-02-16 12:56 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-02-16 13:02 . 2008-02-16 13:02 <DIR> d-------- C:\Program Files\Alwil Software
    2008-02-16 12:56 . 2008-02-24 01:06 <DIR> d-------- C:\Documents and Settings\Johnny Hayes\.housecall6.6
    2008-02-16 01:00 . 2008-02-15 23:23 266,240 --a------ C:\WINDOWS\admgcx.dll
    2008-02-16 01:00 . 2008-02-15 23:23 90,112 --a------ C:\WINDOWS\fsxloqf.exe
    2008-02-06 16:43 . 2008-02-06 16:43 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
    2008-02-06 16:43 . 2008-02-06 16:43 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
    2008-02-06 16:43 . 2008-02-06 16:43 31,408 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
    2008-02-06 16:43 . 2008-02-06 16:43 13,021 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
    2008-02-05 14:34 . 2008-02-05 14:34 188,464 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
    2008-02-05 14:34 . 2008-02-05 14:34 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
    2008-02-05 14:34 . 2008-02-05 14:34 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
    2008-02-05 14:34 . 2008-02-05 14:34 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
    2008-02-05 14:34 . 2008-02-05 14:34 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
    2008-02-05 14:34 . 2008-02-05 14:34 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
    2008-02-05 14:34 . 2008-02-05 14:34 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
    2008-02-05 14:34 . 2008-02-05 14:34 1,612 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
    2008-02-04 15:27 . 2008-02-04 15:27 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
    2008-02-04 15:27 . 2008-02-04 15:27 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
    2008-02-04 15:27 . 2008-02-04 15:27 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
    2008-02-01 17:55 . 2008-02-01 17:55 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
    2008-02-01 17:55 . 2008-02-01 17:55 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
    2008-02-01 17:55 . 2008-02-01 17:55 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
    2008-01-31 20:51 . 2008-01-31 20:51 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
    2008-01-31 20:51 . 2008-01-31 20:51 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
    2008-01-31 20:51 . 2008-01-31 20:51 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-26 03:17 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Xfire
    2008-02-26 03:13 --------- d-s---w C:\Program Files\Xfire
    2008-02-26 03:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-24 20:21 --------- d-----w C:\Program Files\Common Files\Real
    2008-02-24 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-24 06:19 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-02-24 06:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-02-19 16:38 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Azureus
    2008-02-18 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-17 03:27 --------- d-----w C:\Program Files\Lavasoft
    2008-02-17 03:27 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Lavasoft
    2008-02-17 03:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-17 01:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-01-27 22:15 --------- d-----w C:\Program Files\Azureus
    2008-01-20 17:20 --------- d-----w C:\Program Files\QuickTime
    2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
    2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-12 17:44 --------- d-----w C:\Program Files\LimeWire
    2008-01-05 21:28 --------- d-----w C:\Program Files\Last.fm
    2007-12-30 22:08 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Image Zone Express
    2007-12-30 04:45 --------- d-----w C:\Program Files\iTunes
    2007-12-29 23:04 --------- d-----w C:\Program Files\Truck Dismount
    2007-12-28 19:31 --------- d-----w C:\Program Files\Java
    2007-12-28 09:36 --------- d-----w C:\Program Files\MSXML 6.0
    2007-12-28 09:30 --------- d-----w C:\Program Files\MSBuild
    2007-12-28 09:25 --------- d-----w C:\Program Files\Reference Assemblies
    2007-12-28 09:02 --------- d-----w C:\Program Files\America's Army
    2007-12-28 08:55 --------- d-----w C:\Program Files\backburner 2
    2007-12-28 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2007-12-28 08:34 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Nexon
    2007-12-06 03:56 101,096 ----a-w C:\Documents and Settings\Johnny Hayes\Application Data\GDIPFONTCACHEV1.DAT
    2006-10-24 20:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2005-10-27 23:34 56 --sh--r C:\WINDOWS\system32\395441B38B.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 12:47 135168]
    "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 15:32 1266936]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 04:00 45056]
    "CTHelper"="CTHELPER.EXE" [2003-06-19 22:55 24576 C:\WINDOWS\system32\CTHELPER.EXE]
    "AsioReg"="REGSVR32.exe" [2004-08-04 07:00 11776 C:\WINDOWS\system32\regsvr32.exe]
    "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 21:06 45056]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 04:00 90112]
    "ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [2004-09-13 13:37 1695827]
    "GuruClock"="C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe" [2004-09-29 11:18 4489280]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51 172032]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 07:00 143360]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
    "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-06-28 18:47 230976]
    "A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 12:20 50744]
    "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2005-04-13 18:51 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 20:47 51048]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 01:49 718704]

    C:\Documents and Settings\Johnny Hayes\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-08 19:43:49 106496]
    Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-02-20 20:57:28 2945872]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-11 07:10:30 113664]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "{9857D721-0D87-1033-1220-041124040001}"= "C:\Program Files\Common Files\{9857D721-0D87-1033-1220-041124040001}\Update.exe" mc-110-12-0000272

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "admgcx"= {992139FD-65A4-467F-9FBA-117BD5625104} - C:\WINDOWS\admgcx.dll [2008-02-15 23:23 266240]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-04-03 17:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SuperAdBlocker"=C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PrevxHome"=C:\Program Files\Prevx Home\SAGUI.exe
    "nHancer"="C:\Program Files\KSE\nHancer\nHancer.exe" /tray
    "Shut Down or Restart Now Eval"=C:\PROGRA~1\SHUTDO~1\Shut Down or Restart Now Evaluation Version.exe
    "AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\S2(1)\\LFS.exe"=
    "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\LFSRacingGuard.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Cheetah Clicker.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Xentare.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:UDP"= 6881:UDP:eek:pen
    "33333:TCP"= 33333:TCP:lfs raceguard
    "33333:UDP"= 33333:UDP:rg
    "24532:TCP"= 24532:TCP:insim
    "24532:UDP"= 24532:UDP:f
    "49173:TCP"= 49173:TCP:azuerues
    "49173:UDP"= 49173:UDP:azurz
    "63392:TCP"= 63392:TCP:LFS
    "63392:UDP"= 63392:UDP:LFS 2

    R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-08-04 13:56]
    R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2005-10-14 23:18]
    R2 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2004-01-08 00:32]
    R2 bwcdrv;BUFFALO Wireless Configuration;C:\WINDOWS\system32\DRIVERS\bwcdrv.sys [2004-05-18 06:56]
    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-25 20:47]
    R2 SDRN Service;SDRN Service;C:\WINDOWS\system32\SDRNSE~1.EXE [2004-10-30 13:26]
    R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 16:43]
    S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
    S2 AsUsbDrv;AsUsbDrv;C:\WINDOWS\system32\DRIVERS\AsUsbDrvXP.sys []
    S2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [2005-11-07 07:33]
    S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-06-25 13:05]
    S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys []
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 21:32]
    S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2004-08-16 08:36]
    S3 Memctl;Memctl;C:\Program Files\ABIT\ABIT uGuru\Memctl.sys [2001-11-29 04:49]
    S3 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 14:36]
    S3 PortTalk;PortTalk;C:\WINDOWS\system32\Drivers\PortTalk.sys []
    S3 SaiHFFB5;SaiHFFB5;C:\WINDOWS\system32\DRIVERS\SaiHFFB5.sys [2004-08-16 08:36]
    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 16:43]
    S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 22:45]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-22 21:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-25 06:42:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-02-26 01:01:51 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Johnny Hayes.job"
    - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-25 22:27:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
    C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-25 22:33:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-26 03:33:17
    .
    2008-02-17 09:17:34 --- E O F ---
     
  5. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    had to make two posts, as both logs together is too long, so here is the new hijackthis log :

    New hijack this log :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:34:25 PM, on 2/25/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\SDRNSE~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Johnny Hayes\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{9857D721-0D87-1033-1220-041124040001}] "C:\Program Files\Common Files\{9857D721-0D87-1033-1220-041124040001}\Update.exe" mc-110-12-0000272
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191012425000
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O21 - SSODL: admgcx - {992139FD-65A4-467F-9FBA-117BD5625104} - C:\WINDOWS\admgcx.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bdnt6terdcd99 - Symantec Corporation - (no file)
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
    O23 - Service: Httd_sapp - HP - (no file)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SDRN Service - JenykSoft - C:\WINDOWS\system32\SDRNSE~1.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 11245 bytes


    it was pretty weird earlier, the virus seemed to have tapped into my sound system, and it was playing some rap station with ads for strippers. lol. i am waiting eagerly for a reply.
     
  6. Jintan

    Jintan

    Joined:
    Oct 3, 2007
    Messages:
    1,164
    TeaTimer is still as a startup and running there, so you will need to do the steps to disable that entirely. Some items removed, and some more to go, but it is looking good right now.


    Be sure to again temporarily disable any protective software when running the scan tools we use here.


    Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

    Code:
    File::
    C:\WINDOWS\admgcx.dll
    C:\WINDOWS\fsxloqf.exe
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "admgcx"=-
    [-HKEY_CLASSES_ROOT\CLSID\{992139FD-65A4-467F-9FBA-117BD5625104}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{992139FD-65A4-467F-9FBA-117BD5625104}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{992139FD-65A4-467F-9FBA-117BD5625104}]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "{9857D721-0D87-1033-1220-041124040001}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{9857D721-0D87-1033-1220-041124040001}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9857D721-0D87-1033-1220-041124040001}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9857D721-0D87-1033-1220-041124040001}]
    Save this to your desktop as "CFScript"

    (include the "quotation marks" with the name)


    You should now have ComboFix and CFScript on your desktop. Just left click on CFScript and drag it into ComboFix to start the scan again.

    ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

    A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    -----------------------

    Also Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE).

    To use the scan, once the download has completed click Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click My Computer to begin the scan. Save the Report as a text file and post that back here.

    To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)".

    Post back that log along with the ComboFix log and a new HijackThis log please.
     
  7. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    i tried the kespersky scan but everytime i do it, Internet Explorer will give me an error after 10 or so minutes. anyway, here is the combo fix log :

    ComboFix 08-02-25.3 - Johnny Hayes 2008-02-25 22:19:02.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.538 [GMT -5:00]
    Running from: C:\Documents and Settings\Johnny Hayes\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Johnny Hayes\Favorites\Error Cleaner.url
    C:\Documents and Settings\Johnny Hayes\Favorites\Privacy Protector.url
    C:\Documents and Settings\Johnny Hayes\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\Johnny Hayes\My Documents\FNTS~1
    C:\WINDOWS\system32\components

    ----- BITS: Possible infected sites -----

    hxxp://softworldnetwork.com
    hxxp://onsafepro.com
    hxxp://softworldnetwork2.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SFSYNC02
    -------\sfsync02


    ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
    .

    2008-02-24 19:48 . 2008-02-24 19:48 <DIR> d-------- C:\Program Files\AviSynth 2.5
    2008-02-24 19:48 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-02-24 19:48 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
    2008-02-24 19:48 . 2007-11-13 09:31 399,360 --a------ C:\WINDOWS\system32\Smab.dll
    2008-02-24 19:48 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
    2008-02-24 19:48 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
    2008-02-24 19:48 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
    2008-02-24 19:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-02-24 19:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
    2008-02-24 19:48 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
    2008-02-24 19:48 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
    2008-02-24 19:47 . 2008-02-24 19:47 <DIR> d-------- C:\Program Files\eRightSoft
    2008-02-24 19:47 . 2005-02-12 18:00 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
    2008-02-24 19:47 . 2005-01-17 18:26 179,200 -r-hs---- C:\WINDOWS\system32\DiracSplitter.ax
    2008-02-24 19:47 . 2006-08-16 09:53 175,104 -r-hs---- C:\WINDOWS\system32\CoreAAC.ax
    2008-02-24 19:47 . 2005-02-05 18:00 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
    2008-02-24 19:47 . 2005-02-22 11:55 81,920 -r-hs---- C:\WINDOWS\system32\aac_parser.ax
    2008-02-24 19:47 . 2005-02-12 18:00 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
    2008-02-24 19:47 . 2005-02-12 18:00 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
    2008-02-24 19:19 . 2008-02-24 19:24 <DIR> d-------- C:\Program Files\Free FLV Converter
    2008-02-24 19:19 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
    2008-02-24 19:19 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
    2008-02-24 19:19 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-02-24 19:19 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2008-02-24 19:19 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
    2008-02-24 19:19 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
    2008-02-24 19:19 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2008-02-24 19:19 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
    2008-02-24 19:19 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
    2008-02-24 19:19 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
    2008-02-24 01:10 . 2008-02-24 01:10 <DIR> d-------- C:\Program Files\Windows Sidebar
    2008-02-24 01:09 . 2008-02-24 01:11 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-02-24 01:09 . 2008-02-24 01:11 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-02-24 01:09 . 2008-02-24 01:11 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-02-24 01:09 . 2008-02-24 01:11 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-02-24 01:08 . 2008-02-24 01:11 <DIR> d-------- C:\Program Files\Symantec
    2008-02-20 20:57 . 2008-02-20 20:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-02-16 22:26 . 2008-02-16 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-16 20:50 . 2008-02-16 20:47 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-16 20:50 . 2008-02-16 20:50 3,450 --a------ C:\WINDOWS\unins000.dat
    2008-02-16 13:03 . 2008-02-16 12:56 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-02-16 13:02 . 2008-02-16 13:02 <DIR> d-------- C:\Program Files\Alwil Software
    2008-02-16 12:56 . 2008-02-24 01:06 <DIR> d-------- C:\Documents and Settings\Johnny Hayes\.housecall6.6
    2008-02-16 01:00 . 2008-02-15 23:23 266,240 --a------ C:\WINDOWS\admgcx.dll
    2008-02-16 01:00 . 2008-02-15 23:23 90,112 --a------ C:\WINDOWS\fsxloqf.exe
    2008-02-06 16:43 . 2008-02-06 16:43 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
    2008-02-06 16:43 . 2008-02-06 16:43 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
    2008-02-06 16:43 . 2008-02-06 16:43 31,408 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
    2008-02-06 16:43 . 2008-02-06 16:43 13,021 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
    2008-02-05 14:34 . 2008-02-05 14:34 188,464 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
    2008-02-05 14:34 . 2008-02-05 14:34 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
    2008-02-05 14:34 . 2008-02-05 14:34 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
    2008-02-05 14:34 . 2008-02-05 14:34 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
    2008-02-05 14:34 . 2008-02-05 14:34 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
    2008-02-05 14:34 . 2008-02-05 14:34 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
    2008-02-05 14:34 . 2008-02-05 14:34 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
    2008-02-05 14:34 . 2008-02-05 14:34 1,612 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
    2008-02-04 15:27 . 2008-02-04 15:27 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
    2008-02-04 15:27 . 2008-02-04 15:27 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
    2008-02-04 15:27 . 2008-02-04 15:27 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
    2008-02-01 17:55 . 2008-02-01 17:55 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
    2008-02-01 17:55 . 2008-02-01 17:55 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
    2008-02-01 17:55 . 2008-02-01 17:55 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
    2008-01-31 20:51 . 2008-01-31 20:51 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
    2008-01-31 20:51 . 2008-01-31 20:51 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
    2008-01-31 20:51 . 2008-01-31 20:51 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-26 03:17 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Xfire
    2008-02-26 03:13 --------- d-s---w C:\Program Files\Xfire
    2008-02-26 03:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-24 20:21 --------- d-----w C:\Program Files\Common Files\Real
    2008-02-24 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-24 06:19 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-02-24 06:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-02-19 16:38 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Azureus
    2008-02-18 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-17 03:27 --------- d-----w C:\Program Files\Lavasoft
    2008-02-17 03:27 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Lavasoft
    2008-02-17 03:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-17 01:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-01-27 22:15 --------- d-----w C:\Program Files\Azureus
    2008-01-20 17:20 --------- d-----w C:\Program Files\QuickTime
    2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
    2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-12 17:44 --------- d-----w C:\Program Files\LimeWire
    2008-01-05 21:28 --------- d-----w C:\Program Files\Last.fm
    2007-12-30 22:08 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Image Zone Express
    2007-12-30 04:45 --------- d-----w C:\Program Files\iTunes
    2007-12-29 23:04 --------- d-----w C:\Program Files\Truck Dismount
    2007-12-28 19:31 --------- d-----w C:\Program Files\Java
    2007-12-28 09:36 --------- d-----w C:\Program Files\MSXML 6.0
    2007-12-28 09:30 --------- d-----w C:\Program Files\MSBuild
    2007-12-28 09:25 --------- d-----w C:\Program Files\Reference Assemblies
    2007-12-28 09:02 --------- d-----w C:\Program Files\America's Army
    2007-12-28 08:55 --------- d-----w C:\Program Files\backburner 2
    2007-12-28 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2007-12-28 08:34 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Nexon
    2007-12-06 03:56 101,096 ----a-w C:\Documents and Settings\Johnny Hayes\Application Data\GDIPFONTCACHEV1.DAT
    2006-10-24 20:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2005-10-27 23:34 56 --sh--r C:\WINDOWS\system32\395441B38B.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 12:47 135168]
    "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 15:32 1266936]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 04:00 45056]
    "CTHelper"="CTHELPER.EXE" [2003-06-19 22:55 24576 C:\WINDOWS\system32\CTHELPER.EXE]
    "AsioReg"="REGSVR32.exe" [2004-08-04 07:00 11776 C:\WINDOWS\system32\regsvr32.exe]
    "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 21:06 45056]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 04:00 90112]
    "ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [2004-09-13 13:37 1695827]
    "GuruClock"="C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe" [2004-09-29 11:18 4489280]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51 172032]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 07:00 143360]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
    "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-06-28 18:47 230976]
    "A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 12:20 50744]
    "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2005-04-13 18:51 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 20:47 51048]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 01:49 718704]

    C:\Documents and Settings\Johnny Hayes\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-08 19:43:49 106496]
    Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-02-20 20:57:28 2945872]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-11 07:10:30 113664]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "{9857D721-0D87-1033-1220-041124040001}"= "C:\Program Files\Common Files\{9857D721-0D87-1033-1220-041124040001}\Update.exe" mc-110-12-0000272

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "admgcx"= {992139FD-65A4-467F-9FBA-117BD5625104} - C:\WINDOWS\admgcx.dll [2008-02-15 23:23 266240]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-04-03 17:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SuperAdBlocker"=C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PrevxHome"=C:\Program Files\Prevx Home\SAGUI.exe
    "nHancer"="C:\Program Files\KSE\nHancer\nHancer.exe" /tray
    "Shut Down or Restart Now Eval"=C:\PROGRA~1\SHUTDO~1\Shut Down or Restart Now Evaluation Version.exe
    "AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\S2(1)\\LFS.exe"=
    "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\LFSRacingGuard.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Cheetah Clicker.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Xentare.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:UDP"= 6881:UDP:eek:pen
    "33333:TCP"= 33333:TCP:lfs raceguard
    "33333:UDP"= 33333:UDP:rg
    "24532:TCP"= 24532:TCP:insim
    "24532:UDP"= 24532:UDP:f
    "49173:TCP"= 49173:TCP:azuerues
    "49173:UDP"= 49173:UDP:azurz
    "63392:TCP"= 63392:TCP:LFS
    "63392:UDP"= 63392:UDP:LFS 2

    R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-08-04 13:56]
    R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2005-10-14 23:18]
    R2 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2004-01-08 00:32]
    R2 bwcdrv;BUFFALO Wireless Configuration;C:\WINDOWS\system32\DRIVERS\bwcdrv.sys [2004-05-18 06:56]
    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-25 20:47]
    R2 SDRN Service;SDRN Service;C:\WINDOWS\system32\SDRNSE~1.EXE [2004-10-30 13:26]
    R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 16:43]
    S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
    S2 AsUsbDrv;AsUsbDrv;C:\WINDOWS\system32\DRIVERS\AsUsbDrvXP.sys []
    S2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [2005-11-07 07:33]
    S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-06-25 13:05]
    S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys []
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 21:32]
    S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2004-08-16 08:36]
    S3 Memctl;Memctl;C:\Program Files\ABIT\ABIT uGuru\Memctl.sys [2001-11-29 04:49]
    S3 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 14:36]
    S3 PortTalk;PortTalk;C:\WINDOWS\system32\Drivers\PortTalk.sys []
    S3 SaiHFFB5;SaiHFFB5;C:\WINDOWS\system32\DRIVERS\SaiHFFB5.sys [2004-08-16 08:36]
    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 16:43]
    S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 22:45]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-22 21:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-25 06:42:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-02-26 01:01:51 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Johnny Hayes.job"
    - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-25 22:27:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
    C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-25 22:33:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-26 03:33:17
    .
    2008-02-17 09:17:34 --- E O F ---
     
  8. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    heres a new hijack this log :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 5:51:57 PM, on 2/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\SDRNSE~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\ABIT\ABIT uGuru\ABITEQ.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Johnny Hayes\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: BHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191012425000
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bdnt6terdcd99 - Symantec Corporation - (no file)
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
    O23 - Service: Httd_sapp - HP - (no file)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SDRN Service - JenykSoft - C:\WINDOWS\system32\SDRNSE~1.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 10763 bytes
     
  9. Jintan

    Jintan

    Joined:
    Oct 3, 2007
    Messages:
    1,164
    Unusual - something is creating a random named service(s) there, and I can see in a search this has been doing that for quite some time now. And something is blocking our repairs a bit as well. be very sure all security software is completely disabled, and disabled from starting on reboots as well, while doing these steps.


    Download The Avenger from here to your Desktop and unzip it. Then rename the Avenger.exe file to Van.exe, to bypass any malware name tricks.

    Copy all the text contained in the code box below by highlighting it and right clicking and selecting "Copy"

    Code:
    Drivers to unload:
    Bdnt6terdcd99
    Httd_sapp
    Files to delete:
    C:\WINDOWS\admgcx.dll
    C:\WINDOWS\fsxloqf.exe
    Registry values to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | admgcx
    Now, start The Avenger program by clicking on Van.exe on your desktop. Look under "Script file to execute" and click on "Input Script Manually". Next click on the Magnifying Glass icon and a blank dialogue box will open called "View/Edit script". Position your mouse inside the box, rightclick and choose Paste. All the text above in the code box should now appear there. Click Done and click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.

    The Avenger will restart your computer. (if the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)

    When you have rebooted, a black command window briefly opens on your desktop, this is normal. A logfile will be created that records all actions that The Avenger performed. This log file is saved to C:\avenger.txt. The deleted files will be backed up and saved to C:\avenger\backup.zip.

    -----------------------------------

    Then run a new ComboFix scan, and post that back here along with the C:\avenger.txt log and a new HijackThis log please.
     
  10. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    "Unusual - something is creating a random named service(s) there, and I can see in a search this has been doing that for quite some time now. And something is blocking our repairs a bit as well. be very sure all security software is completely disabled, and disabled from starting on reboots as well, while doing these steps."

    i forgot to mention i have a trial of norton anti virus on my computer. unfortunately, norton doesnt have a quit button. should i go ahead and uninstall it?
     
  11. Jintan

    Jintan

    Joined:
    Oct 3, 2007
    Messages:
    1,164
    If you right click the Norton icon in the Taskbar:

    *Select "Disable Auto-Protect"
    *Select a duration of a time to allow scans to complete. Realistically this should be one hour minimum, but know if Norton interferes with progress then of course, progress is not made.
    *Click OK.
     
  12. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    Avenger Log :

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\bubdaskw

    *******************

    Script file located at: \??\C:\mxuvsrhh.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver Bdnt6terdcd99 unloaded successfully.
    Driver Httd_sapp unloaded successfully.


    File C:\WINDOWS\admgcx.dll not found!
    Deletion of file C:\WINDOWS\admgcx.dll failed!

    Could not process line:
    C:\WINDOWS\admgcx.dll
    Status: 0xc0000034



    File C:\WINDOWS\fsxloqf.exe not found!
    Deletion of file C:\WINDOWS\fsxloqf.exe failed!

    Could not process line:
    C:\WINDOWS\fsxloqf.exe
    Status: 0xc0000034



    Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|admgcx
    Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|admgcx failed!
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.
     
  13. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    New combofix log :

    ComboFix 08-02-25.3 - Johnny Hayes 2008-02-27 18:29:22.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.639 [GMT -5:00]
    Running from: C:\Documents and Settings\Johnny Hayes\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
    .

    2008-02-26 22:33 . 2008-02-27 17:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-26 22:33 . 2008-02-26 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-26 16:21 . 2008-02-26 16:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-02-26 16:21 . 2008-02-26 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-02-24 19:48 . 2008-02-24 19:48 <DIR> d-------- C:\Program Files\AviSynth 2.5
    2008-02-24 19:48 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-02-24 19:48 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
    2008-02-24 19:48 . 2007-11-13 09:31 399,360 --a------ C:\WINDOWS\system32\Smab.dll
    2008-02-24 19:48 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
    2008-02-24 19:48 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
    2008-02-24 19:48 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
    2008-02-24 19:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-02-24 19:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
    2008-02-24 19:48 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
    2008-02-24 19:48 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
    2008-02-24 19:47 . 2008-02-24 19:47 <DIR> d-------- C:\Program Files\eRightSoft
    2008-02-24 19:47 . 2005-02-12 18:00 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
    2008-02-24 19:47 . 2005-01-17 18:26 179,200 -r-hs---- C:\WINDOWS\system32\DiracSplitter.ax
    2008-02-24 19:47 . 2006-08-16 09:53 175,104 -r-hs---- C:\WINDOWS\system32\CoreAAC.ax
    2008-02-24 19:47 . 2005-02-05 18:00 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
    2008-02-24 19:47 . 2005-02-22 11:55 81,920 -r-hs---- C:\WINDOWS\system32\aac_parser.ax
    2008-02-24 19:47 . 2005-02-12 18:00 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
    2008-02-24 19:47 . 2005-02-12 18:00 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
    2008-02-24 19:19 . 2008-02-24 19:24 <DIR> d-------- C:\Program Files\Free FLV Converter
    2008-02-24 19:19 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
    2008-02-24 19:19 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
    2008-02-24 19:19 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-02-24 19:19 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2008-02-24 19:19 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
    2008-02-24 19:19 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
    2008-02-24 19:19 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2008-02-24 19:19 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
    2008-02-24 19:19 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
    2008-02-24 19:19 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
    2008-02-20 20:57 . 2008-02-20 20:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-02-16 22:26 . 2008-02-16 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-16 20:50 . 2008-02-16 20:47 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-16 20:50 . 2008-02-16 20:50 3,450 --a------ C:\WINDOWS\unins000.dat
    2008-02-16 13:03 . 2008-02-16 12:56 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-02-16 13:02 . 2008-02-16 13:02 <DIR> d-------- C:\Program Files\Alwil Software
    2008-02-16 12:56 . 2008-02-24 01:06 <DIR> d-------- C:\Documents and Settings\Johnny Hayes\.housecall6.6

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-27 03:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-27 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-02-26 21:06 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Xfire
    2008-02-26 03:13 --------- d-s---w C:\Program Files\Xfire
    2008-02-24 20:21 --------- d-----w C:\Program Files\Common Files\Real
    2008-02-24 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-19 16:38 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Azureus
    2008-02-18 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-17 03:27 --------- d-----w C:\Program Files\Lavasoft
    2008-02-17 03:27 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Lavasoft
    2008-02-17 03:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-17 01:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-01-27 22:15 --------- d-----w C:\Program Files\Azureus
    2008-01-20 17:20 --------- d-----w C:\Program Files\QuickTime
    2008-01-12 17:44 --------- d-----w C:\Program Files\LimeWire
    2008-01-05 21:28 --------- d-----w C:\Program Files\Last.fm
    2007-12-30 22:08 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Image Zone Express
    2007-12-30 04:45 --------- d-----w C:\Program Files\iTunes
    2007-12-29 23:04 --------- d-----w C:\Program Files\Truck Dismount
    2007-12-28 19:31 --------- d-----w C:\Program Files\Java
    2007-12-28 09:36 --------- d-----w C:\Program Files\MSXML 6.0
    2007-12-28 09:30 --------- d-----w C:\Program Files\MSBuild
    2007-12-28 09:25 --------- d-----w C:\Program Files\Reference Assemblies
    2007-12-28 09:02 --------- d-----w C:\Program Files\America's Army
    2007-12-28 08:55 --------- d-----w C:\Program Files\backburner 2
    2007-12-28 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2007-12-28 08:34 --------- d-----w C:\Documents and Settings\Johnny Hayes\Application Data\Nexon
    2007-12-15 11:48 90,112 ----a-w C:\WINDOWS\system32\XCoreLib.dll
    2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-06 03:56 101,096 ----a-w C:\Documents and Settings\Johnny Hayes\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2006-10-24 20:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2005-10-27 23:34 56 --sh--r C:\WINDOWS\system32\395441B38B.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 12:47 135168]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 04:00 45056]
    "CTHelper"="CTHELPER.EXE" [2003-06-19 22:55 24576 C:\WINDOWS\system32\CTHELPER.EXE]
    "AsioReg"="REGSVR32.exe" [2004-08-04 07:00 11776 C:\WINDOWS\system32\regsvr32.exe]
    "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 21:06 45056]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 04:00 90112]
    "ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [2004-09-13 13:37 1695827]
    "GuruClock"="C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe" [2004-09-29 11:18 4489280]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51 172032]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 07:00 143360]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
    "A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 12:20 50744]
    "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2005-04-13 18:51 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

    C:\Documents and Settings\Johnny Hayes\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-08 19:43:49 106496]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-11 07:10:30 113664]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-04-03 17:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SuperAdBlocker"=C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PrevxHome"=C:\Program Files\Prevx Home\SAGUI.exe
    "nHancer"="C:\Program Files\KSE\nHancer\nHancer.exe" /tray
    "Shut Down or Restart Now Eval"=C:\PROGRA~1\SHUTDO~1\Shut Down or Restart Now Evaluation Version.exe
    "AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\S2(1)\\LFS.exe"=
    "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\LFSRacingGuard.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Cheetah Clicker.exe"=
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Xentare.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:UDP"= 6881:UDP:eek:pen
    "33333:TCP"= 33333:TCP:lfs raceguard
    "33333:UDP"= 33333:UDP:rg
    "24532:TCP"= 24532:TCP:insim
    "24532:UDP"= 24532:UDP:f
    "49173:TCP"= 49173:TCP:azuerues
    "49173:UDP"= 49173:UDP:azurz
    "63392:TCP"= 63392:TCP:LFS
    "63392:UDP"= 63392:UDP:LFS 2

    R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-08-04 13:56]
    R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2005-10-14 23:18]
    R2 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2004-01-08 00:32]
    R2 bwcdrv;BUFFALO Wireless Configuration;C:\WINDOWS\system32\DRIVERS\bwcdrv.sys [2004-05-18 06:56]
    R2 SDRN Service;SDRN Service;C:\WINDOWS\system32\SDRNSE~1.EXE [2004-10-30 13:26]
    S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
    S2 AsUsbDrv;AsUsbDrv;C:\WINDOWS\system32\DRIVERS\AsUsbDrvXP.sys []
    S2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [2005-11-07 07:33]
    S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-06-25 13:05]
    S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys []
    S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2004-08-16 08:36]
    S3 Memctl;Memctl;C:\Program Files\ABIT\ABIT uGuru\Memctl.sys [2001-11-29 04:49]
    S3 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 14:36]
    S3 PortTalk;PortTalk;C:\WINDOWS\system32\Drivers\PortTalk.sys []
    S3 SaiHFFB5;SaiHFFB5;C:\WINDOWS\system32\DRIVERS\SaiHFFB5.sys [2004-08-16 08:36]
    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
    S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
    S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 22:45]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-22 21:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-26 06:42:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-27 18:33:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-27 18:35:25
    ComboFix-quarantined-files.txt 2008-02-27 23:35:23
    ComboFix2.txt 2008-02-26 21:17:57
    ComboFix3.txt 2008-02-26 03:33:22
    .
    2008-02-17 09:17:34 --- E O F ---
     
  14. Jintan

    Jintan

    Joined:
    Oct 3, 2007
    Messages:
    1,164
    Was expecting that requested HijackThis log, but based on those Avenger results we can go ahead with an additional repair step here without it.


    Before I forget let's correct a registry item.


    Code:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications"=0
    Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it fixfw.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry. This will return the firewall on/off notifications there.

    -------------------------------

    Then Download SDFix.exe and save it to your desktop.

    ===================================================


    Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


    In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

    Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

    When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

    Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.


    After the reboot also run and post back new ComboFix and HijackThis logs please.
     
  15. Vandatta

    Vandatta Thread Starter

    Joined:
    Jul 31, 2007
    Messages:
    34
    ok, i did all the scans. ill post each log in a different post. first, here is the SD Fix log :


    SDFix: Version 1.148

    Run by Johnny Hayes on Wed 02/27/2008 at 11:23 PM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\DOCUME~1\JOHNNY~1\Desktop\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-27 23:35:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
    "EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
    "CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62C3CD8A-BD4F-037D-5411-49BB00B54328}]
    "abiidlmkgpgahpiofhpoocakbamljfpjlj"=hex:64,61,62,63,65,65,62,61,00,00
    "bbiidlmkgpgahpiofhcpmkcmmbhoanahpaha"=hex:64,61,62,63,65,65,62,61,00,00

    scanning hidden files ...

    C:\Documents and Settings\Johnny Hayes\Desktop\LFS\S2(1)\data\drv\hi :).drv 28 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\S2(1)\\LFS.exe"="C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\S2(1)\\LFS.exe:*:Enabled:LFS"
    "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\LFSRacingGuard.exe"="C:\\Documents and Settings\\Johnny Hayes\\Desktop\\LFS\\LFSRacingGuard.exe:*:Enabled:LFSRacingGuard.exe"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Cheetah Clicker.exe"="C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Cheetah Clicker.exe:*:Enabled:Cheetah Clicker.exe"
    "C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Xentare.exe"="C:\\Documents and Settings\\Johnny Hayes\\Desktop\\Maplestory\\Xentare.exe:*:Enabled:Xentare.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :



    Files with Hidden Attributes :

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 27 Oct 2005 56 ..SHR --- "C:\WINDOWS\system32\395441B38B.sys"
    Wed 17 Jan 2007 27,648 A..H. --- "C:\Documents and Settings\Johnny Hayes\My Documents\~WRL0004.tmp"
    Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT11.tmp"
    Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT7.tmp"
    Mon 25 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BITC.tmp"
    Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT10.tmp"
    Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT6.tmp"
    Mon 25 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BITB.tmp"
    Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT5.tmp"
    Mon 25 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BITA.tmp"
    Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BITF.tmp"

    Finished!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/686555

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice