Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I need help fixing "buffer overrun detected"


  • This topic is locked This topic is locked
95 replies to this topic

#61 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 02:14 PM

Systemscan isn't responding at all, and since I'm not certain it's running in the background I will use your second suggestion.

    Advertisements

Register to Remove


#62 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 February 2007 - 02:17 PM

:thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#63 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 02:26 PM

ComboScan v20070221.16 run by Byron L. Perkins on 2007-02-25 at 15:15:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Byron L. Perkins.exe) -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:16:53 PM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Multimedia\main\ATIMMC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\Byron\Desktop\byron\PRESARIO \Desktop\comboscan.exe
C:\Program Files\Analyzer.exe\Byron L. Perkins.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: (no name) - {75D8EEC3-B8CE-4425-B8DD-E7FFAC3B3EA6} - C:\WINDOWS\system32\jkhhe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - Winlogon Notify: byxvuvv - byxvuvv.dll (file missing)
O20 - Winlogon Notify: gatexkey - gatexkey.dll (file missing)
O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


-- HijackThis Fixed Entries (C:\Program Files\Analyzer.exe\backups\) ------------

backup-20070223-230858-138 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20070223-230858-149 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20070223-230858-228 O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
backup-20070223-230858-232 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
backup-20070223-230858-324 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070223-230858-427 O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
backup-20070223-230858-843 O16 - DPF: {01C6ACBE-85E8-4F51-1E52-50AE31F8BAC9} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230858-929 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070223-230858-961 O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
backup-20070223-230859-619 O16 - DPF: {05495DE3-9451-64B3-BD73-58E87781935F} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230859-726 O16 - DPF: {06F847D6-2AE2-1011-47B9-604F01D9574A} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230859-748 O16 - DPF: {0AC3E69A-7FEE-507A-42C8-7D4E0874A596} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230859-893 O16 - DPF: {06170979-4EE4-7F7F-977D-4BA7217225CC} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230900-144 O16 - DPF: {0F5C78A2-B171-19B4-05C5-54DD60A286BE} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230900-228 O16 - DPF: {0F1746E6-1394-60D8-CA16-53FA1013C8BF} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230900-391 O16 - DPF: {0E99F3C2-8F0E-30AD-7F9A-19097303670B} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230900-596 O16 - DPF: {0B226311-294D-0887-DBAA-0B3C07D8788F} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230901-186 O16 - DPF: {1417DEA1-77E0-6027-9C29-581835051785} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230901-324 O16 - DPF: {14A6C04F-1FA4-27CC-AC12-54AD5891FE51} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230901-730 O16 - DPF: {125CBE25-C5F4-0603-B7A2-4EC40C793CF2} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230901-975 O16 - DPF: {12984656-65E9-1DF8-0FAA-3A465FA323D4} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230902-258 O16 - DPF: {1DEA0F8E-0F50-6B1C-6329-6F9D3814745A} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230902-345 O16 - DPF: {19D10BEA-9D52-2FA4-BF45-7DC1225AC12B} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230902-714 O16 - DPF: {19366F5E-B978-437A-F18B-7E8F1D3FAF92} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230902-883 O16 - DPF: {1F0A77C6-7353-3171-D51A-004D43168698} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230903-188 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
backup-20070223-230903-467 O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.h...staller_gmn.cab
backup-20070223-230904-240 O16 - DPF: {20529E12-6E58-7496-7F71-0C6849DDBA23} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230904-497 O16 - DPF: {27784EF3-BB6D-4D01-C18A-416936D7BEDC} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230904-708 O16 - DPF: {24275FB7-54A5-741B-7647-0C4877B9FBE8} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230904-895 O16 - DPF: {26300E7F-67C0-11D2-A437-3A4214A6A239} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230905-371 O16 - DPF: {2B4BF3C5-10FC-7671-57FF-480A350A96A3} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230905-458 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20070223-230905-680 O16 - DPF: {282B2BA7-658D-6484-945F-63383FC12D6E} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230905-688 O16 - DPF: {27C03186-FAAB-3710-F39A-0DD219764BA7} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230906-223 O16 - DPF: {38358994-49AF-1367-F11D-5DB03744319B} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230906-361 O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec....rl/SymAData.cab
backup-20070223-230906-439 O16 - DPF: {34117E7D-D6EE-152D-C47D-50192CBD983F} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230907-221 O16 - DPF: {41F7F494-556A-26FC-2F36-7A183B1187F2} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230907-407 O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsi.cab
backup-20070223-230907-611 O16 - DPF: {442D2E5F-AF3E-7196-7FDB-2C94439BF3E5} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230907-868 O16 - DPF: {3D3B8B27-D65A-366F-00BB-3CBB6226771A} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230907-989 O16 - DPF: {401E4EEC-DE40-3BDE-FFC7-4CBC36132711} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230908-223 O16 - DPF: {460BF001-41AE-765A-A59B-036D24C18B52} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230908-402 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsr.cab
backup-20070223-230908-971 O16 - DPF: {47CAEC69-DF1F-44B2-E73D-35CF5B52A3A9} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230909-258 O16 - DPF: {53F31714-3333-5693-6407-638B627B3D93} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230909-503 O16 - DPF: {508096DF-BB75-48DD-9135-436D729371AE} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230909-637 O16 - DPF: {4DC33E14-F02F-1DC6-539E-6EA73C6B8F76} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230909-932 O16 - DPF: {5136410F-00D4-59F8-C35E-2B601A36F38F} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230910-119 O16 - DPF: {5C03CC0C-9394-3B1C-2C6F-23A208CA2610} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230910-471 O16 - DPF: {5AD5423C-2A42-0765-6212-432F78B36FE3} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230910-473 O16 - DPF: {5876DE71-B789-0385-DE5C-1C0841F19D01} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230910-551 O16 - DPF: {5B35C7E5-5358-5C42-D7B1-239B4C979653} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230911-259 O16 - DPF: {5EAF09CB-9496-67FD-A299-42AB38E84702} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230911-391 O16 - DPF: {5C39C101-1835-4A33-7AA6-5BC923A5C6AA} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230911-679 O16 - DPF: {5C1B8635-5A61-614B-B818-64BA626739A9} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230911-780 O16 - DPF: {5DCC2D7B-D670-7CDE-DC70-6FA1610968AC} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230912-128 O16 - DPF: {65E38762-3B10-13AA-4998-69AF4015FCB1} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230912-217 O16 - DPF: {6050A679-638E-3A62-385A-4BB9359610AF} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230912-219 O16 - DPF: {68039F33-DD5F-14DB-6FD1-2926043885FE} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230912-451 O16 - DPF: {699DC4D8-2ECD-426E-C206-30E12584402A} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230913-302 O16 - DPF: {6F3F5D3A-A281-68BC-62FB-071902AEC784} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230913-354 O16 - DPF: {6B770DB8-16DA-1CAB-B8CE-12D5170886C4} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230913-650 O16 - DPF: {6DFBC284-F54D-6D68-8AA5-5A22405CE4C3} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230913-756 O16 - DPF: {6F64921E-A2B2-1515-3407-61460C03B84F} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230914-584 O16 - DPF: {747EAF72-6AF0-77F0-6733-3091457EC0EF} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230914-777 O16 - DPF: {73018773-062B-3E15-6E3E-0D592F39E59B} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230914-846 O16 - DPF: {76E39110-D55D-4378-26E0-298A56AABA82} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230915-269 O16 - DPF: {7C3A6634-57F3-6F63-447A-08DB268F7614} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230915-614 O16 - DPF: {788ED2C1-C30D-4C0A-908B-2F9758DA6766} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230915-792 O16 - DPF: {7AD29D72-FF65-7279-EF70-54B810A1B0E7} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230915-997 O16 - DPF: {7E361FF2-39B5-4DA1-6F7E-5C8933822956} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070223-230916-148 O16 - DPF: {7F87BC76-89A0-0FF7-3961-29442CFF1F1F} - http://85.255.113.214/1/gdnUS2218.exe
backup-20070224-115523-597 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
backup-20070224-120341-659 O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
backup-20070224-120341-763 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
backup-20070224-141114-130 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
backup-20070224-141114-309 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070224-141114-351 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070224-160751-284 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - NOTEPAD.EXE %1
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - NOTEPAD.EXE %1
.scr - scrfile - NOTEPAD.EXE %1
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0R a347bus - C:\WINDOWS\system32\drivers\a347bus.sys
0R a347scsi - C:\WINDOWS\system32\drivers\a347scsi.sys
3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ATICXCAP (ATI TV Wonder Pro A/V Capture) - C:\WINDOWS\system32\drivers\aticxcap.sys
3R ATICXTUN (ATI TV Wonder Pro Tuner (Philips 1236 MK3)) - C:\WINDOWS\system32\drivers\aticxtun.sys
3R ATICXXBR (ATI TV Wonder Pro A/V Crossbar) - C:\WINDOWS\system32\drivers\aticxxbr.sys
3R bdfdll - C:\Program Files\Softwin\BitDefender10\bdfdll.sys
3R BDFSDRV - C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
2R BDRSDRV - C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
3R CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
3R Dot4 (IEEE-1284.4 Driver) - C:\WINDOWS\system32\drivers\Dot4.sys
3R Dot4Print (Print Class Driver for IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Prt.sys
0R gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - C:\WINDOWS\system32\drivers\gagp30kx.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2R HPOPAR05 - C:\WINDOWS\system32\drivers\HPOPAR05.SYS
1R kbfilter (Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\kbfilter.sys
3R MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3S RimUsb (BlackBerry Device) - C:\WINDOWS\system32\drivers\RimUsb.sys
3R RimVSerPort (RIM Virtual Serial Port v2) - C:\WINDOWS\system32\drivers\RimSerial.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
2R SbcpHid - C:\WINDOWS\system32\drivers\SbcpHid.sys
3R SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3R SISNIC (SiS PCI Fast Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\sisnic.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3S SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3S SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3S SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
3S SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3S SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1S SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3S wceusbsh (Windows CE USB Serial Host Driver) - C:\WINDOWS\system32\drivers\wceusbsh.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
1R BANTExt (Belarc SMBios Access) - C:\WINDOWS\system32\drivers\BANTExt.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3S ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R bdss (BitDefender Scan Server) - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
3R BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HDDSvc (HDD Information Service) - C:\WINDOWS\system32\HDDSvc.exe
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
3S iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LIVESRV (BitDefender Desktop Update Service) - "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\System32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S NMIndexingService - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ScsiAccess - C:\WINDOWS\system32\ScsiAccess.EXE
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{B5399551-8B21-4736-A214-5ECF5020A304}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R VSSERV (BitDefender Virus Shield) - "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
3S WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
4S wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WSearch (Windows Search Service) - C:\WINDOWS\system32\SearchIndexer.exe /Embedding
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R XCOMM (BitDefender Communicator) - "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2007-02-25 15:00:00 300 --ah----- C:\WINDOWS\Tasks\ADE4E14E91379ECA.job<ADE4E1~1.JOB>
2007-02-25 04:00:41 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-18 21:39:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-25 and 2007-02-25 ------------------------------

2007-02-25 13:55:35 0 d-------- C:\suspectfile<SUSPEC~1>
2007-02-25 03:01:08 0 d-------- C:\WINDOWS\LastGood
2007-02-24 22:50:50 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-02-24 22:50:50 0 d-------- C:\Program Files\Belarc
2007-02-24 21:32:00 229376 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-24 15:48:56 877473 ---hs---- C:\WINDOWS\system32\ehhkj.ini2<EHHKJ~1.INI>
2007-02-24 11:33:20 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Bitdefender<BITDEF~1>
2007-02-24 10:52:23 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender<BITDEF~1>
2007-02-23 21:54:35 0 d-------- C:\fixwareout<FIXWAR~1>
2007-02-23 16:53:58 0 d-------- C:\Program Files\Analyzer.exe
2007-02-23 08:46:02 0 d-------- C:\Program Files\Hard Drive Inspector<HARDDR~1>
2007-02-23 01:54:43 0 d-------- C:\Program Files\RegistryFix<REGIST~2>
2007-02-22 18:58:24 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-02-21 14:34:47 0 d-------- C:\Program Files\Common Files\Intuit
2007-02-21 14:34:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PAS
2007-02-21 01:31:22 196608 --a------ C:\WINDOWS\system32\HDDSvc.exe
2007-02-21 01:00:56 0 d-------- C:\Program Files\ErrorKiller<ERRORK~1>
2007-02-19 23:46:43 57344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL<CGZIPL~1.DLL>
2007-02-19 23:46:41 0 d-------- C:\Program Files\RegDoctor<REGDOC~1>
2007-02-19 22:34:22 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-02-19 18:54:40 0 d-------- C:\Program Files\Windows Installer Clean Up<WI91E2~1>
2007-02-19 18:53:51 0 d-------- C:\Program Files\MSECACHE
2007-02-19 17:31:03 50848 -ra------ C:\WINDOWS\system32\hpousd05.dll
2007-02-18 23:29:01 0 d-------- C:\Program Files\%systemtool%<%SYSTE~1>
2007-02-18 22:08:09 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-02-18 22:08:08 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2007-02-18 21:47:35 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\iolo
2007-02-18 21:47:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2007-02-18 21:11:21 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-02-18 21:11:21 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab<KASPER~1>
2007-02-18 21:08:36 0 d-------- C:\KAV
2007-02-15 04:32:45 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\SearchToolbarCorp<SEARCH~1>
2007-02-15 03:19:28 1023623 ---hs---- C:\WINDOWS\system32\ehhkj.bak1<EHHKJ~1.BAK>
2007-02-15 03:18:58 277628 ---hs---- C:\WINDOWS\system32\jkhhe.dll
2007-02-15 03:13:12 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-15 03:13:03 6637696 --a------ C:\WINDOWS\system32\exec1.exe
2007-02-15 01:55:32 0 d-------- C:\My Downloads<MYDOWN~1>
2007-02-15 01:47:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InsideBoltWinBold<INSIDE~1>
2007-02-15 01:46:50 0 d-------- C:\Program Files\knobrdrroad<KNOBRD~1>
2007-02-13 02:35:01 0 d-------- C:\Program Files\??crosoft.NET
2007-02-06 22:12:59 4388 --a------ C:\WINDOWS\smproflt.dll
2007-02-06 11:24:28 0 d-------- C:\WINDOWS\?icrosoft
2007-02-01 09:31:06 0 d-------- C:\Program Files\Common Files\??mbols
2007-01-30 13:59:16 0 d-------- C:\Program Files\Common Files\{F4E94CE9-0710-1033-0420-050624040001}<{F4E94~1>
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-29 03:02:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WholeSecurity<WHOLES~1>
2007-01-29 02:54:56 0 d-------- C:\WINDOWS\WBEM
2007-01-29 02:48:51 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-01-29 00:08:43 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Google
2007-01-28 18:06:52 0 d-------- C:\WINDOWS\system32\??pPatch


-- Find3M Report ----------------------------------------------------------------

2007-02-24 17:58:17 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-24 17:50:06 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-24 17:31:29 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Registry Booster<REGIST~1>
2007-02-24 16:49:35 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-24 00:53:29 9264 --a------ C:\WINDOWS\system32\msqtvcap.dat
2007-02-23 01:20:00 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\LimeWire
2007-02-22 04:15:42 0 d---s---- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Microsoft<MICROS~1>
2007-02-20 01:15:00 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Palo Alto Software<PALOAL~1>
2007-02-19 20:27:57 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-02-19 07:19:37 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\knobrdrroad<KNOBRD~1>
2007-02-19 01:56:01 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Ahead
2007-02-18 22:07:55 0 d-------- C:\Program Files\iolo
2007-02-18 11:03:20 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-17 21:01:03 0 d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-02-13 02:35:10 2 --a------ C:\WINDOWS\system32\wcpcc.exe
2007-02-12 21:12:43 0 d-------- C:\Program Files\Google
2007-02-09 02:09:04 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\AdobeUM
2007-01-30 02:11:08 0 d-------- C:\Program Files\Common Files\{34E94CE9-0710-1033-0420-050624040001}<{34E94~1>
2007-01-29 02:45:00 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\WholeSecurity<WHOLES~1>
2007-01-29 00:15:52 0 dr-h----- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\yahoo!
2007-01-28 19:24:19 0 d-------- C:\Program Files\Common Files\{F4E94CE9-070F-1033-0420-050624040001}<{F4E94~2>
2007-01-26 20:40:13 1089 --a----c- C:\WINDOWS\checkip.dat
2007-01-23 15:15:22 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL>
2007-01-21 14:35:20 16 --ah----- C:\Global.sys
2007-01-21 14:34:52 0 d-------- C:\Program Files\Alibaba
2007-01-21 05:17:11 0 d-------- C:\Program Files\Yahoo!
2007-01-19 20:41:10 0 d-------- C:\Program Files\??pPatch
2007-01-18 18:43:59 0 d-------- C:\Program Files\MSBuild
2007-01-18 15:35:13 0 d-------- C:\Program Files\LimeWire
2007-01-17 19:43:57 0 d-------- C:\Program Files\??sks
2007-01-15 15:07:34 0 d--hs---- C:\Program Files\outlook
2007-01-13 04:59:47 0 d-------- C:\Program Files\eBay
2007-01-10 12:16:11 0 d-------- C:\Program Files\Java
2007-01-10 03:10:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-08 16:13:32 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
2007-01-08 16:13:32 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2007-01-06 19:25:59 0 d-------- C:\Program Files\Microsoft Works<MICROS~3>
2007-01-06 19:14:31 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Azureus
2007-01-04 16:03:34 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\??sembly
2007-01-02 23:43:20 0 d-------- C:\Program Files\support.com
2006-12-31 22:23:00 0 d-------- C:\Program Files\Smart Projects<SMARTP~1>
2006-12-31 17:13:12 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\dvdcss
2006-12-29 22:02:55 0 d-------- C:\Program Files\Common Files\Real
2006-12-29 22:01:00 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Real
2006-12-27 22:58:04 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\ATI MMC<ATIMMC~1>
2006-12-26 14:26:46 0 d-------- C:\Program Files\Ahead
2006-12-26 14:20:41 0 d-------- C:\Documents and Settings\Byron L. Perkins.BYRON\Application Data\Nero
2006-12-26 13:01:28 0 d-------- C:\Program Files\Nero
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 16:47:00 422504 --a------ C:\WINDOWS\system32\Incinerator.dll<INCINE~1.DLL>
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll
2006-11-25 16:39:48 25264 --a------ C:\WINDOWS\system32\smrgdf.exe
2006-11-25 16:39:48 41472 --a------ C:\WINDOWS\system32\iolobtdfg.exe<IOLOBT~1.EXE>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Desktop Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\Desktop Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\RESEAR~1\\BLACKB~1\\DESKTO~1.EXE "
"item"="Desktop Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Google Updater.lnk]
"location"="Common Startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^LNSS Status Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\LNSS Status Monitor.lnkCommon Startup"
"location"="Common Startup"
"item"="LNSS Status Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk]
"backup"="C:\\WINDOWS\\pss\\Palo Alto Software Update Manager 8.0.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\PALOAL~1\\8.0\\PAS8_U~1.EXE "
"item"="Palo Alto Software Update Manager 8.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
"backup"="C:\\WINDOWS\\pss\\Palo Alto Software Update Manager 9.0.lnkCommon Startup"
"location"="Common Startup"
"item"="Palo Alto Software Update Manager 9.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATIDtct"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bits up]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="phoneinside"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegDoctor"
"hkey"="HKLM"
"command"="C:\\Program Files\\RegDoctor\\RegDoctor.exe -Quick"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Blocker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PopupBlocker"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SystemGuardAlerter"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TradeManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TradeManager -hideframe"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryBooster"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Byron\\Desktop\\byron\\PRESARIO \\Desktop\\RegistryBooster.exe /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"item"="Windows Defender"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gnotify"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{a0c51615-738a-4542-801a-5af61614e182}"="bedimples"
"{62eb0924-19d2-4226-b4b9-8ad1f70904c1}"="bronchovascular"
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvuvv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gatexkey
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{295b5b3b-f2b2-11d9-a8da-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_BANTEXT


-- End of ComboScan: finished at 2007-02-25 at 15:17:41 -------------------------



I don't know how to attach the supplementary.txt so I'll just cut and paste here.

ComboScan v20070221.16 run by Byron L. Perkins on 2007-02-25 at 15:15:59
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 3100+
Percentage of Memory in Use: 92%
Physical Memory (total/avail): 383.48 MiB / 28.24 MiB
Pagefile Memory (total/avail): 920.66 MiB / 493.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1994.63 MiB

C: is Fixed (NTFS) - 71.26 GiB total, 44.82 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Fixed (FAT32) - 5.42 GiB total, 0.92 GiB free.
I: is Removable (FAT32)
J: is Removable (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: BitDefender Antivirus Plus v10 v7.2 (Softwin)
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: B

Edited by Perk, 25 February 2007 - 02:29 PM.


#64 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 February 2007 - 02:50 PM

Delete these Files if listed:
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\ehhkj. <--ALL like this
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhe. <--ALL like this
C:\WINDOWS\system32\exec1.exe




Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
and any other programs you didn't install or don't recognize - if your not sure please ask first


Next..........

Download and run this uninstaller:
http://www.outerinfo...Uninstaller.exe

Tutorial for the uninstaller if needed

Don't reboot!

---------------

Next install MVPS HOSTS, please read more about what we are doing.

Download and unzip hosts.zip from HERE to a folder (hosts).

Here's a Tutorial on how to install it, but it's installed like this:

Open up the hosts folder and double-click on the mvps.bat file, it will rename your present HOSTS file to HOSTS.MVP, then it will copy the new HOSTS file to the correct location on your machine. It happens very quickly so don't blink!

-------------------

Please note that a large HOSTS file (over 135 kb) may slow down the machine. This only occurs in W2K and XP.

To fix this:Go to Start > Run (type) services.msc > OK
Scroll down to DNS Client, Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, click Apply/Ok and restart.
----------------------

Reboot when done and........

Next.........

Please download and install the 30 day trial version of AVG Anti-Spyware 7.5 here:
http://www.ewido.net/en/download/

After it's installed...Check for updates:
Double click on the AVG Anti-Spyware 7.5 icon in the system tray or on the desktop> this will bring up the main program if it's not already up.

On the Main Page click the Update Tab and then Start Update.
Download and install any updates if available.

Select the Scanner icon at the top of the screen, then select the Settings tab.
Once in the Settings screen click on Recommended actions and then select Quarantine.
Under Reports:
Select > Automatically generate report after every scan
Un-Select > Only if threats were found

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
Now click the Scanner Icon on top
Click on Complete System Scan
Be patient - it takes a while to run.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?


Once the scan is complete do the following:
If you have any infections you will prompted, then select Apply All Actions

Next select the Reports icon at the top.
Copy and paste the scan report in your next reply.
Close AVG Anti-Spyware 7.5

Reboot and post a fresh HJT log, and the log from AVG Anti-Spyware 7.5.

(please let us know that you already have followed these instructions)

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#65 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 03:19 PM

How do I find the first items you want me to delete? I don't have a System32 folder in my WINDOWS directory.

#66 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 February 2007 - 03:30 PM

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Now see if you can see the system32 folder.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#67 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 04:33 PM

I was able to delete the ''ehhkj" files. i could not find the ''j'' file. i am still working.

#68 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 05:33 PM

Still working!

#69 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 06:04 PM

I don't get this. I have antivirus software, yet so far the AVG scan has discovered 850 infected objects. I'll post once the scan is complete. This post is via my blackberry.

#70 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 07:29 PM

Now that the scan is complete, there are many many errors while deleting. I've quarantined what I could. What will I do about the list of those not quarantined? How can I submit the report? I can no longer access the internet from my computer. Help!

    Advertisements

Register to Remove


#71 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 February 2007 - 07:33 PM

What will I do about the list of those not quarantined?

Can you delete them?

Lets see if we can get the PC back on the internet. This file will fit on a floppy or thumb drive.

Get a copy of winsockxpfix.exe You just run it and
things should work OK after it reboots your system.

http://www.snapfiles...nsockxpfix.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#72 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 07:52 PM

Don't have a floppy or thumb drive so I can't download winsock. If I reboot, will the quarantined items still be there?

#73 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 February 2007 - 08:02 PM

Don't have a floppy or thumb drive so I can't download winsock. If I reboot, will the quarantined items still be there?

Yes, but they'll be harmless.
If you can't get on the internet in Normal Mode, try Safe Mode with networking.

Restart your computer in Safe Mode.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode with networking option from the Windows Advanced Options Menu then press Enter.
This can take several miniutes to load.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#74 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 25 February 2007 - 08:24 PM

I am in safe mode. I still cannot access the internet. There are many things quarantined. What next?

#75 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 February 2007 - 08:26 PM

Can you post a new HijackThis log?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users