Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Having Problems With Hanonvt.ini


  • Please log in to reply
48 replies to this topic

#31 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 27 August 2007 - 08:56 PM

Here is the log from the DiagHelp:

DiagHelp version v1.1.2 - http://www.malekal.com
excute le Mon 08/27/2007 à 21:21:15.31


Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\gmer.sys -->8/26/2007 5:01:54 PM
C:\WINDOWS\System32/drivers\ohciusb.zip -->8/24/2007 8:13:16 AM
C:\WINDOWS\System32/drivers\ohciusb.sys -->8/23/2007 8:51:53 PM
C:\WINDOWS\System32/drivers\kcom.sys -->8/14/2007 5:02:06 PM
C:\WINDOWS\System32/drivers\iksyssec.sys -->8/14/2007 5:02:04 PM
C:\WINDOWS\System32/drivers\iksysflt.sys -->8/14/2007 5:02:02 PM
C:\WINDOWS\System32/drivers\ikfilesec.sys -->8/14/2007 5:02:00 PM

C:\WINDOWS\System32\SpoonUninstall.exe -->8/26/2007 9:47:10 AM
C:\WINDOWS\System32\SpoonUninstall-Pink Calendar & Day Planner.dat -->8/26/2007 9:47:10 AM
C:\WINDOWS\System32\SpoonUninstall-Pink Calendar & Day Planner.bmp -->8/26/2007 9:47:04 AM
C:\WINDOWS\System32\tmp.txt -->8/23/2007 11:53:41 PM
C:\WINDOWS\System32\tmp.reg -->8/23/2007 11:53:41 PM
C:\WINDOWS\System32\PERFH009.DAT -->8/23/2007 12:58:46 AM
C:\WINDOWS\System32\PERFC009.DAT -->8/23/2007 12:58:45 AM
C:\WINDOWS\System32\PerfStringBackup.INI -->8/23/2007 12:58:42 AM
C:\WINDOWS\System32\WPA.DBL -->8/17/2007 11:33:20 PM
C:\WINDOWS\System32\MRT.exe -->8/2/2007 9:34:12 PM
C:\WINDOWS\System32\wuaueng.dll -->7/30/2007 7:19:42 PM
C:\WINDOWS\System32\wuapi.dll -->7/30/2007 7:19:36 PM
C:\WINDOWS\System32\wucltui.dll -->7/30/2007 7:19:32 PM
C:\WINDOWS\System32\wuaucpl.cpl.mui -->7/30/2007 7:19:32 PM
C:\WINDOWS\System32\wuweb.dll -->7/30/2007 7:19:28 PM
C:\WINDOWS\System32\wuaucpl.cpl -->7/30/2007 7:19:28 PM
C:\WINDOWS\System32\cdm.dll -->7/30/2007 7:19:20 PM
C:\WINDOWS\System32\wuauclt.exe -->7/30/2007 7:19:16 PM
C:\WINDOWS\System32\wups2.dll -->7/30/2007 7:19:12 PM
C:\WINDOWS\System32\wuapi.dll.mui -->7/30/2007 7:19:02 PM
C:\WINDOWS\System32\wucltui.dll.mui -->7/30/2007 7:18:44 PM
C:\WINDOWS\System32\wups.dll -->7/30/2007 7:18:40 PM
C:\WINDOWS\System32\wuaueng.dll.mui -->7/30/2007 7:18:14 PM
C:\WINDOWS\System32\swreg.exe -->7/22/2007 6:39:27 PM
C:\WINDOWS\System32\FNTCACHE.DAT -->7/5/2007 1:57:31 PM

C:\WINDOWS\gmer.log -->8/27/2007 9:21:16 PM
C:\WINDOWS\DELLSTAT.INI -->8/27/2007 8:51:05 PM
C:\WINDOWS.LOG -->8/27/2007 8:43:29 PM
C:\WINDOWS\WindowsUpdate.log -->8/27/2007 8:41:52 PM
C:\WINDOWS\WIADEBUG.LOG -->8/27/2007 8:41:50 PM
C:\WINDOWS\WIASERVC.LOG -->8/27/2007 8:41:49 PM
C:\WINDOWS\BOOTSTAT.DAT -->8/27/2007 8:41:39 PM
C:\WINDOWS\ntbtlog.txt -->8/27/2007 8:40:06 PM
C:\WINDOWS\gmer.ini -->8/27/2007 8:39:52 PM
C:\WINDOWS\SchedLgU.Txt -->8/27/2007 7:51:21 PM
C:\WINDOWS\TMFilter.log -->8/26/2007 8:43:41 PM
C:\WINDOWS\setupapi.log -->8/26/2007 6:18:39 PM
C:\WINDOWS\gmer_uninstall.cmd -->8/26/2007 5:01:54 PM
C:\WINDOWS\gmer.dll -->8/26/2007 5:01:54 PM
C:\WINDOWS\MEMORY.DMP -->8/24/2007 10:02:22 PM


Volume in drive C has no label.
Volume Serial Number is 98E4-1DFC

Directory of C:\WINDOWS\system

09/11/2000 07:00 AM 9,597 RDB16.EXE
1 File(s) 9,597 bytes
0 Dir(s) 10,390,851,584 bytes free
Volume in drive C has no label.
Volume Serial Number is 98E4-1DFC

Directory of C:\WINDOWS\system32

08/29/2002 05:00 AM 4,096 csrss.exe
1 File(s) 4,096 bytes
0 Dir(s) 10,390,851,584 bytes free

Contenu de Downloaded Program Files
Volume in drive C has no label.
Volume Serial Number is 98E4-1DFC

Directory of C:\WINDOWS\Downloaded Program Files

08/25/2007 07:43 PM <DIR> .
08/25/2007 07:43 PM <DIR> ..
03/19/2003 05:39 PM 118,784 activate.dll
01/07/2003 04:06 PM 233 activate.inf
09/03/2002 08:57 AM 65 DESKTOP.INI
10/14/1997 06:52 PM 697 DirectAnimation Java Classes.osd
01/07/2004 11:01 PM 59,556 Doremi.ttf
07/25/2002 05:13 PM 24,576 dwusplay.dll
07/25/2002 05:13 PM 196,608 dwusplay.exe
06/15/2006 06:33 PM 1,132,192 EPUWALcontrol.dll
07/14/2005 06:28 PM 365 f3initialsetup1.0.0.15.inf
07/15/2003 12:15 PM 282,624 isusweb.dll
01/07/2007 11:55 AM 2,305 kavwebscan.inf
02/22/2003 11:27 AM 1,608 lexico.inf
01/20/2000 03:25 PM 1,162 Microsoft XML Parser for Java.osd
09/05/2006 05:06 PM 4,100,096 NPSibelius.dll
03/17/2004 02:29 AM 595 OSD406.OSD
03/17/2004 02:27 AM 578,624 ppctl.dll
02/23/2007 05:45 PM 122 pxplay.inf
02/14/2007 04:30 PM 144 setup.inf
08/27/2005 02:30 PM 5,065 swflash.inf
04/16/2007 05:30 PM 206 VE3DInstall.inf
20 File(s) 6,505,627 bytes

Total Files Listed:
20 File(s) 6,505,627 bytes
2 Dir(s) 10,390,851,584 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2



Export de la clef SharedTaskScheduler

[SharedTaskScheduler]

Rechercher adresses sensibles dans le fichier HOSTS...



catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-27 21:21:49
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
232 - Tmntsrv.exe
636 - TmPfw.exe
692 - PcCtlCom.exe
884 - csrss.exe
908 - winlogon.exe
952 - services.exe
964 - lsass.exe
1172 - svchost.exe
1220 - svcntaux.exe
1284 - svchost.exe
1636 - swdsvc.exe
1752 - explorer.exe
1972 - SDTrayApp.exe
2144 - cmd.exe
2600 - fpdisp5a.exe
2636 - BCMSMMSG.exe
2660 - pccguide.exe
2668 - Belkinwcui.exe
2684 - Weather.exe
2692 - GoogleToolbarNo
2728 - Dllcmd32.exe

Total number of processes = 22
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806CA000 - \WINDOWS\system32\hal.dll
F7A63000 - \WINDOWS\system32\KDCOM.DLL
F7973000 - \WINDOWS\system32\BOOTVID.dll
F7516000 - ACPI.sys
F7A65000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F7563000 - pci.sys
F7573000 - isapnp.sys
F7B2B000 - pciide.sys
F77E3000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F7583000 - MountMgr.sys
F74F7000 - ftdisk.sys
F77EB000 - PartMgr.sys
F7593000 - VolSnap.sys
F74E1000 - atapi.sys
F75A3000 - disk.sys
F75B3000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F74D0000 - sr.sys
F74BC000 - KSecDD.sys
F7432000 - Ntfs.sys
F7409000 - NDIS.sys
F73D3000 - timntr.sys
F73BB000 - snapman.sys
F73A1000 - Mup.sys
F78FB000 - \SystemRoot\System32\DRIVERS\processr.sys
F6BAB000 - \SystemRoot\System32\DRIVERS\ialmnt5.sys
F6B99000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F7903000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F6B77000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F790B000 - \SystemRoot\System32\DRIVERS\usbehci.sys
F6A6A000 - \SystemRoot\System32\DRIVERS\BCMSM.sys
F6A4A000 - \SystemRoot\System32\DRIVERS\ks.sys
F7913000 - \SystemRoot\System32\Drivers\Modem.SYS
F731D000 - \??\C:\WINDOWS\System32\drivers\pfc.sys
F76F3000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F7703000 - \SystemRoot\System32\DRIVERS\redbook.sys
F791B000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
F7923000 - \SystemRoot\System32\DRIVERS\InCDPass.sys
F792B000 - \SystemRoot\System32\Drivers\incdrm.SYS
F7713000 - \SystemRoot\System32\DRIVERS\imapi.sys
F69C6000 - \SystemRoot\system32\drivers\smwdm.sys
F69A5000 - \SystemRoot\system32\drivers\portcls.sys
F7723000 - \SystemRoot\system32\drivers\drmk.sys
F7A9D000 - \SystemRoot\system32\drivers\aeaudio.sys
F7933000 - \SystemRoot\System32\DRIVERS\fdc.sys
F7733000 - \SystemRoot\System32\DRIVERS\serial.sys
F6E6F000 - \SystemRoot\System32\DRIVERS\serenum.sys
F6992000 - \SystemRoot\System32\DRIVERS\parport.sys
F7743000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F793B000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7943000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7C61000 - \SystemRoot\System32\DRIVERS\audstub.sys
F7753000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F6E6B000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F697C000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F7763000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F7773000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F6E67000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F696B000 - \SystemRoot\System32\DRIVERS\psched.sys
F7783000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F794B000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7953000 - \SystemRoot\System32\DRIVERS\raspti.sys
F7793000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7C66000 - \SystemRoot\System32\DRIVERS\swenum.sys
F6938000 - \SystemRoot\System32\DRIVERS\update.sys
F795B000 - \SystemRoot\System32\DRIVERS\omci.sys
F7963000 - \SystemRoot\System32\DRIVERS\ss.sys
F77A3000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F77D3000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7AA3000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F7803000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
EE7FA000 - \SystemRoot\system32\drivers\iksysflt.sys
F6CF0000 - \SystemRoot\system32\drivers\KCOM.SYS
EE7E3000 - \SystemRoot\system32\drivers\iksyssec.sys
F7AA7000 - \SystemRoot\System32\Drivers\i2omgmt.SYS
F7A5F000 - \SystemRoot\System32\DRIVERS\hidusb.sys
F6CD0000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
F781B000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
F7B5E000 - \SystemRoot\System32\Drivers\Cdr4_xp.SYS
F7B6B000 - \SystemRoot\System32\Drivers\Cdralw2k.SYS
F7AAB000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B71000 - \SystemRoot\System32\Drivers\Null.SYS
B93A8000 - \SystemRoot\System32\DRIVERS\gmer.sys
B771C000 - \SystemRoot\System32\DRIVERS\rt73.sys
F7AAF000 - \SystemRoot\System32\Drivers\Beep.SYS
F782B000 - \SystemRoot\System32\drivers\vga.sys
F7AB1000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7AB3000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7AB5000 - \SystemRoot\System32\Drivers\InCDrec.SYS
F7833000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
B76E4000 - \SystemRoot\System32\Drivers\InCDfs.SYS
F783B000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7843000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7379000 - \SystemRoot\System32\DRIVERS\rasacd.sys
B76D1000 - \SystemRoot\System32\DRIVERS\ipsec.sys
B767D000 - \SystemRoot\System32\DRIVERS\tcpip.sys
B7658000 - \SystemRoot\System32\DRIVERS\netbt.sys
F6CC0000 - \SystemRoot\System32\DRIVERS\netbios.sys
B7647000 - \SystemRoot\System32\Drivers\tmtdi.sys
F6CA0000 - \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
F784B000 - \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
F6C90000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F785B000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
B75E0000 - \SystemRoot\System32\DRIVERS\rdbss.sys
B7576000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F6C80000 - \SystemRoot\System32\Drivers\Fips.SYS
F7329000 - \SystemRoot\System32\DRIVERS\usbscan.sys
F786B000 - \SystemRoot\System32\DRIVERS\usbprint.sys
B7178000 - \SystemRoot\System32\Drivers\Fastfat.SYS
B7162000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B03000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B7566000 - \SystemRoot\System32\drivers\Dxapi.sys
B7562000 - \SystemRoot\System32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F7BE4000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9C6000 - \SystemRoot\System32\ialmdnt5.dll
BF9B8000 - \SystemRoot\System32\ialmrnt5.dll
BF9E4000 - \SystemRoot\System32\ialmdev5.DLL
BFA0A000 - \SystemRoot\System32\ialmdd5.DLL
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F6C70000 - \SystemRoot\System32\drivers\Tmpreflt.sys
B6FD8000 - \SystemRoot\System32\drivers\VsapiNT.sys
B6F96000 - \SystemRoot\System32\drivers\TmXPFlt.sys
B7496000 - \SystemRoot\System32\DRIVERS\tifsfilt.sys
B6F4D000 - \SystemRoot\System32\drivers\afd.sys
B746E000 - \SystemRoot\System32\DRIVERS\AegisP.sys
B6F8A000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
B6C2A000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7A6D000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F7A6F000 - \SystemRoot\System32\DRIVERS\dsunidrv.sys
B6B8B000 - \SystemRoot\System32\DRIVERS\srv.sys
F7C8E000 - \??\C:\WINDOWS\System32\drivers\ohciusb.sys
B6A88000 - \SystemRoot\system32\drivers\wdmaud.sys
B6CBD000 - \SystemRoot\system32\drivers\sysaudio.sys
B65B2000 - \SystemRoot\System32\Drivers\tm_cfw.sys
B6436000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F7BF5000 - \??\C:\WINDOWS\System32\Drivers\mchInjDrv.sys
B619A000 - \??\C:\PROGRA~1\Belkin\F5D9050\GTNDIS5.SYS
F7C0B000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 140

Liste des programmes installes

ABBYY FineReader 5.0 Sprint
Academic Challenge Cup
Acronis True Image
Adobe Acrobat 4.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.7
Advanced Uninstaller PRO 2005 - version 7
America Online
Apple Software Update
ArcSoft Panorama Maker 4
AudibleManager
BACS
Banctec Service Agreement
BCM V.92 56K Modem
Belkin Wireless G Plus MIMO USB Network Adapter
Bookworm Adventures Deluxe 1.0
BOSS Fonts Manager
Broadcom Advanced Control Suite
BurnPlugin for Audible
CA eTrust PestPatrol Anti-Spyware
CCleaner (remove only)
CDRoller version 6.01
Creative MuVo N200
Creative System Information
CuteFTP
CuteFTP 5.0 XP
CuteFTP Pro 3.2
DAO
Deal Info
Dell AIO Printer A940
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
DellSupport
DirectX 9 Hotfix - KB839643
Documents To Go
DVDSentry
EarthLink Common
EarthLink IM
Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
EarthLink MailBox
EarthLink Pop-Up Blocker
EarthLink Redistributed
EarthLink Setup
EarthLink Update Manager
EarthLink Webspace
eBot
eFax Messenger Plus
ELNKInst
eMusic Download Manager
EverNote 2
FaxTools
FinePrint
FotoFusion
FTP Explorer
Google Desktop
Google Toolbar for Internet Explorer
GuruNet
Help and Support Customization
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB910998)
Intel® Extreme Graphics Driver
Ipswitch WS_FTP Pro
iTunes
J2SE Runtime Environment 5.0 Update 11
Kaspersky Online Scanner
Li'l Red Notebook Version 1.9b
Macromedia Shockwave Player
Mahjong Halloween
Medicos
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Outlook Personal Folders Backup
Microsoft Picture It! Photo 7.0
Mind Benders A3 & A4
Modem Helper
MSSoap
Musicnotes Player
Nero Suite
NetAccess SSL 4.0
Olympus Digital Wave Player
OSS Audio Converter Pro 5.6.0.3
Paint Shop Pro 7
Palm Desktop
Palm VersaMail™
pcHugBug Browser Deluxe Lite
pcHugWare AutoUpdater
Photodex Presenter
PingPlotter
Pink Calendar & Day Planner
PrintKey2000
ProShow Gold
Quick Look Electronic Drug Reference 2006
QuickTime
Ready Reference Bookshelf
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896426)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB914798)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Shockwave
Shorthand 8
Sibelius Scorch (ActiveX Only)
Spell Checker For OE 2.1
Spyware Doctor 5.0
SUPERAntiSpyware Free Edition
TaskPanel
ThinkAnalogy Level B
Transcription Productivity Tools
Trend Micro PC-cillin Internet Security 2006
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6a
VoiceWave Player
WD Diagnostics
WeatherBug
WeatherBug Browser Bar - powered by MyWebSearch
WebFldrs XP
WebMail Assistant
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896688
Windows XP Hotfix - KB896727
Windows XP Hotfix - KB897715
Windows XP Hotfix - KB905915
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
WinZip
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar



Volume in drive C has no label.
Volume Serial Number is 98E4-1DFC

Directory of C:\Program Files

08/26/2007 04:31 PM <DIR> .
08/26/2007 04:31 PM <DIR> ..
05/07/2005 09:47 PM 1,039,189 01mp3ins.exe
06/15/2003 09:17 PM <DIR> ABBYY FineReader 5.0 Sprint
03/19/2004 01:20 PM <DIR> Academic Challenge Cup
09/21/2005 11:20 PM <DIR> Acronis
10/12/2004 07:56 AM <DIR> ActiveWords
11/05/2005 04:04 PM <DIR> Adobe
08/17/2007 11:59 PM <DIR> Ahead
09/17/2003 11:50 AM <DIR> America Online 8.0
09/17/2003 11:50 AM <DIR> AOL Companion
02/18/2007 01:56 PM <DIR> Apple Software Update
07/16/2006 01:21 PM <DIR> ArcSoft
08/13/2005 11:47 AM <DIR> Audible
07/28/2004 11:46 AM <DIR> AWS
07/29/2007 01:02 PM <DIR> BayScribe
06/20/2007 10:07 AM <DIR> Belkin
03/04/2006 04:27 PM <DIR> BFG
03/18/2006 11:10 AM <DIR> CA
05/24/2007 08:37 AM <DIR> CCleaner
05/31/2005 05:08 PM <DIR> CDRoller
03/22/2007 02:56 PM <DIR> Chaos Manager 2
05/15/2003 11:18 AM <DIR> Citrix
08/18/2007 12:05 AM <DIR> Collectorz.com
08/23/2007 11:39 PM <DIR> Common Files
04/29/2003 05:56 PM <DIR> ComPlus Applications
08/11/2007 04:16 PM <DIR> Creative
08/17/2007 11:52 PM <DIR> Critical Thinking Demos
08/17/2007 11:53 PM <DIR> Critical Thinking Software
10/21/2003 10:46 AM <DIR> CuteFtp
05/12/2003 06:48 PM 3,025,408 cuteftp.exe
05/12/2003 06:55 PM 5,082,328 cuteftppro.exe
05/13/2003 05:30 PM <DIR> DATAKEY
05/24/2005 07:02 AM <DIR> Dell
02/13/2006 01:21 PM <DIR> Dell A940
04/06/2007 11:11 AM <DIR> Dell AIO Printer A940
04/29/2003 06:28 PM <DIR> Dell Computer
04/09/2007 08:39 AM <DIR> DellSupport
06/17/2005 10:11 AM <DIR> Digital Voice
10/20/2004 09:18 PM 376,672 DLM_2200043_ENU.exe
10/02/2006 12:30 PM <DIR> Documents To Go
04/06/2007 11:11 AM <DIR> DVD Profiler
09/03/2005 01:38 PM <DIR> DynaWares' DynaSpeller
04/17/2005 12:07 PM 1,584,088 earpro4setup.exe
03/04/2006 04:27 PM <DIR> EarthLink 5.0
11/01/2006 11:07 AM <DIR> eFax Messenger Plus
05/16/2007 11:10 AM <DIR> EMusic Download Manager
03/20/2007 07:20 AM <DIR> Enigma Software Group
09/26/2005 02:48 PM <DIR> EverNote
02/22/2006 02:09 PM <DIR> Family Financial Network
09/02/2003 08:05 PM <DIR> FaxTools
05/13/2003 05:33 PM <DIR> FOOTPEDAL
08/15/2003 09:41 AM <DIR> FTP Explorer
08/18/2003 06:45 AM <DIR> GlobalSCAPE
07/19/2007 12:20 PM <DIR> Google
09/03/2003 10:19 AM <DIR> GuruNet
05/15/2003 11:17 AM 2,838,184 ica32.exe
03/04/2006 04:27 PM <DIR> IceBreaker(2)
08/18/2007 12:03 AM <DIR> ICQ
05/13/2003 11:30 PM 260,684 ICQMessageArchive.exe
05/12/2003 06:16 PM 3,978,384 icqpro2003a.exe
05/02/2007 11:00 PM <DIR> Incomplete
09/25/2005 10:31 AM <DIR> Innovative Solutions
02/19/2004 11:15 PM 457 INSTALL.LOG
03/22/2007 09:50 AM <DIR> Internet Explorer
02/18/2007 02:06 PM <DIR> iPod
05/16/2007 12:37 PM <DIR> IrfanView
04/06/2007 11:11 AM <DIR> iTunes
04/29/2003 06:24 PM <DIR> Jasc Software Inc
08/21/2007 09:54 AM <DIR> Java
09/15/2003 05:09 PM <DIR> Lavasoft
01/05/2004 09:39 PM <DIR> Lexico
03/22/2007 03:09 PM <DIR> Lippincott Williams & Wilkins
06/06/2005 11:43 PM <DIR> LumaPix
03/04/2006 04:27 PM <DIR> Mahjong Halloween
06/24/2003 07:58 AM <DIR> McAfee.com
10/23/2003 08:34 PM <DIR> Medical Library
09/14/2006 07:26 AM <DIR> Medicos
03/04/2006 04:27 PM <DIR> Messenger
05/23/2007 11:44 PM <DIR> MFInstall
04/29/2003 05:57 PM <DIR> Microsoft ActiveSync
04/29/2003 05:56 PM <DIR> microsoft frontpage
04/29/2003 06:26 PM <DIR> Microsoft Office
03/04/2006 04:27 PM <DIR> Microsoft Picture It! 7
03/19/2004 01:53 PM <DIR> Mind Benders A3 & A4
04/29/2003 06:23 PM <DIR> Modem Helper
03/04/2006 04:27 PM <DIR> Movie Maker
04/29/2003 05:55 PM <DIR> MSN
04/29/2003 05:56 PM <DIR> MSN Gaming Zone
04/29/2003 05:56 PM <DIR> MSPress
08/18/2007 12:00 AM <DIR> MUSICMATCH
06/15/2005 04:41 PM <DIR> MusicNotes
03/04/2004 06:25 PM <DIR> NetAccess SSL
12/30/2005 11:53 PM <DIR> NetMeeting
05/24/2005 07:53 AM <DIR> OfficeUpdate11
04/27/2005 02:21 PM <DIR> Olympus
04/29/2003 05:56 PM <DIR> Online Services
01/15/2005 04:01 PM <DIR> OSS
08/17/2007 11:25 PM <DIR> Outlook Express
02/02/2007 09:26 PM <DIR> Palm
02/03/2004 01:49 PM <DIR> Pedal20
03/27/2005 08:29 PM <DIR> Personal Trainer One
03/27/2005 08:32 PM <DIR> PestPatrol
03/27/2005 08:08 PM 10,831,584 PestPatrolv5.exe
08/11/2005 04:11 PM <DIR> Photodex
05/31/2005 01:16 PM <DIR> Photodex Presenter
04/02/2004 02:29 PM <DIR> Ping Plotter
05/16/2007 12:38 PM <DIR> Ping Plotter Freeware
08/18/2007 09:48 PM <DIR> Pink Calendar
06/22/2007 11:29 PM <DIR> PopCap Games
02/12/2004 09:01 AM <DIR> PrintKey2000
03/22/2007 03:30 PM <DIR> QLEDR04
04/06/2007 11:11 AM <DIR> QuickTime
06/08/2007 11:22 AM <DIR> RCA
09/19/2005 12:30 PM <DIR> Real
08/13/2007 09:41 AM <DIR> Red NoteBook
05/12/2003 10:51 PM 660,696 rednotebook19b.exe
09/19/2005 12:30 PM 774,144 RngInterstitial.dll
05/13/2003 04:29 PM <DIR> sdftp32
11/04/2004 09:16 AM <DIR> SEMD50
05/04/2004 11:50 AM 8,029,451 SetupPestPatrolHome.exe
05/12/2003 01:34 PM <DIR> Shorthand for Windows
07/05/2007 01:42 PM <DIR> Sibelius Software
06/22/2004 09:03 PM 411,329 slimlist.exe
08/17/2007 11:50 PM <DIR> Spelling Bee Tutor-PDA
03/20/2007 07:20 AM <DIR> Spybot - Search & Destroy
05/21/2003 07:10 PM 3,662,787 spybotsd12.exe
08/26/2007 08:13 PM <DIR> Spyware Doctor
03/22/2007 02:54 PM <DIR> SRAD10
04/05/2004 08:41 PM <DIR> Stedman's Smartype
08/24/2007 08:26 AM <DIR> SUPERAntiSpyware
05/13/2003 05:13 PM <DIR> SYLCOUNT IV
03/19/2004 01:25 PM <DIR> ThinkAnalogy Level B
03/20/2007 07:20 AM <DIR> Time Stamp
05/07/2005 09:48 PM 6,132 top52--0028.htm
05/07/2005 09:49 PM 6,132 top52--0047.htm
04/07/2004 09:29 AM <DIR> TreePadPLUS
04/07/2004 09:28 AM 2,736,029 treepadplus.zip
09/01/2006 08:07 AM <DIR> Trend Micro
08/27/2004 03:47 PM <DIR> Trymedia
03/05/2007 12:35 AM <DIR> VideoLAN
11/21/2003 12:38 PM <DIR> Viewpoint
02/18/2007 03:52 PM <DIR> WebMail Assistant
02/18/2007 11:36 PM <DIR> Western Digital Technologies
06/09/2006 12:11 PM <DIR> Windows Media Player
12/30/2005 11:53 PM <DIR> Windows NT
10/12/2006 10:25 PM <DIR> WinZip
05/13/2003 06:14 PM 1,897,672 winzip81.exe
08/18/2007 12:02 AM <DIR> WS_FTP Pro
04/29/2003 05:55 PM <DIR> XEROX
08/17/2007 11:48 PM <DIR> Yahoo!
02/18/2007 03:15 PM <DIR> YPOPs
19 File(s) 47,201,350 bytes
133 Dir(s) 10,327,670,784 bytes free
Volume in drive C has no label.
Volume Serial Number is 98E4-1DFC

Directory of C:\Program Files\common files

08/23/2007 11:39 PM <DIR> .
08/23/2007 11:39 PM <DIR> ..
09/21/2005 11:20 PM <DIR> Acronis
11/05/2005 04:04 PM <DIR> Adobe
06/09/2006 12:09 PM <DIR> Ahead
09/17/2003 11:50 AM <DIR> aol
05/16/2007 12:35 PM <DIR> aolshare
01/06/2004 08:22 AM <DIR> Atomica Shared
04/29/2003 06:31 PM <DIR> Dell
04/29/2003 05:56 PM <DIR> Designer
06/17/2005 10:12 AM <DIR> DVI
10/20/2004 09:52 PM <DIR> InstallShield
07/27/2005 02:11 PM <DIR> Java
08/18/2007 12:01 AM <DIR> Microsoft Shared
04/29/2003 05:56 PM <DIR> MSSoap
05/16/2003 08:05 AM <DIR> Novell Files
04/29/2003 05:55 PM <DIR> ODBC
04/29/2003 06:31 PM <DIR> Real
08/13/2005 11:49 AM <DIR> Roxio Shared
03/27/2005 08:33 PM <DIR> Scanner
04/29/2003 05:56 PM <DIR> Services
04/29/2003 05:56 PM <DIR> SpeechEngines
05/06/2003 11:31 AM <DIR> SWF Studio
08/17/2007 11:25 PM <DIR> System
08/23/2007 11:39 PM <DIR> Wise Installation Wizard
03/22/2007 03:22 PM <DIR> WoltersKluwerLWW Shared
04/29/2003 06:31 PM <DIR> xing shared
0 File(s) 0 bytes
27 Dir(s) 10,327,670,784 bytes free
Volume in drive C has no label.
Volume Serial Number is 98E4-1DFC

Directory of C:\

05/12/2007 06:22 PM 68,096 diff.exe
05/12/2007 06:22 PM 103,424 grep.exe
2 File(s) 171,520 bytes
0 Dir(s) 10,327,670,784 bytes free
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe
c:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\MakeDesktopShortcut.EXE
c:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\fix\DellSupportLauncher.exe
c:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\RunGdp.exe
c:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\HTML\item_templ\coach\RunGdp.exe
c:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\HTML\item_templ\coach\RunGdp.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{1C8646E4-DC54-4E6D-95EA-C3524B09223E}\ARPPRODUCTICON.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{1C8646E4-DC54-4E6D-95EA-C3524B09223E}\Ready_Reference_Book_1C1501812779480D8522D0D127BB6534.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{1C8646E4-DC54-4E6D-95EA-C3524B09223E}\Ready_Reference_Book_1C8646E4DC544E6D95EAC3524B09223E.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}\ARPPRODUCTICON.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}\PalmDesktopShortcut.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\ARPPRODUCTICON.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\NewShortcut1.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\NewShortcut1_1.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupB.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupE.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupF.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupG.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupI.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupS.exe
c:\Documents and Settings\AndiL\Application Data\Microsoft\Installer\{8C76A95A-94C4-4590-95B8-691E3D784F04}\ARPPRODUCTICON.exe
c:\Documents and Settings\AndiL\Desktop\ATF-Cleaner.exe
c:\Documents and Settings\AndiL\Desktop\avenger.exe
c:\Documents and Settings\AndiL\Desktop\bookcollectorsetup_6054698.exe
c:\Documents and Settings\AndiL\Desktop\ccsetup140.exe
c:\Documents and Settings\AndiL\Desktop\cm2setup.exe
c:\Documents and Settings\AndiL\Desktop\ComboFix.exe
c:\Documents and Settings\AndiL\Desktop\eMusicDownloadManager.exe
c:\Documents and Settings\AndiL\Desktop\fsbl.exe
c:\Documents and Settings\AndiL\Desktop\hs2convert.exe
c:\Documents and Settings\AndiL\Desktop\jre-1_5_0_10-windows-i586-p-iftw.exe
c:\Documents and Settings\AndiL\Desktop\moviecollectorsetup_6054698.exe
c:\Documents and Settings\AndiL\Desktop\MuVoN200_PCFW_LF_1_20_04.exe
c:\Documents and Settings\AndiL\Desktop\NPWinSetup12013.exe
c:\Documents and Settings\AndiL\Desktop\PCC2006_US.exe
c:\Documents and Settings\AndiL\Desktop\psgold_26_1777.exe
c:\Documents and Settings\AndiL\Desktop\psgold_30_1942.exe
c:\Documents and Settings\AndiL\Desktop\SDFix.exe
c:\Documents and Settings\AndiL\Desktop\SET_CLOC.EXE
c:\Documents and Settings\AndiL\Desktop\setup.exe
c:\Documents and Settings\AndiL\Desktop\SmileboxInstaller.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix.exe
c:\Documents and Settings\AndiL\Desktop\SUPERAntiSpyware.exe
c:\Documents and Settings\AndiL\Desktop\TreeSizeSetup.exe
c:\Documents and Settings\AndiL\Desktop\webmailreg.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\dumphive.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\Process.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\Reboot.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\restart.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\swreg.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\swsc.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\AndiL\Desktop\SmitfraudFix\unzip.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\1432KA01.EXE
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\2350_A02.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\ActiveSetupRSDK.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\Advanced_Uninstaller7.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\Amazing Keyboard Secrets v1_0.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\BayScribe_msi.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\bcedl.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\beetleju.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\bko.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\CDRoller601.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\cuteftppro.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\ecademo.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\efxsetup.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\EMusicDLM2.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\essetup.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\EverNote_1.00.4.128.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\f_x86t32.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\fp502.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\GoogleEarthSetup.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\GuruNetSetup.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\halloween.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\Install Ringo Photo Uploader.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\iTunesSetup.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\iview397.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\LimeWireWin.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\lumapixsetup.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\msgr75us.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\ossacp.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\panoramamaker4_retail_trial_e.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\pcc23sw1003.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\pcc25f1244.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\pchugbug20.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\PlayMusicDemo.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\pp8_en.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\ppca1_win_d.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\psgold_25_1635.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\psgold_26_1775.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\R56532.EXE
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\R74855.EXE
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\rdbg_win_d.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\realarcade_readersdi_stub.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\regidean.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\rotrsa_d.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\SAproxyInstaller.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\sh860.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\TA2004_0.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\tetris_win.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\tis11sw1120.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\trueimage8[1].0_s_en.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\trueimage9.0_s_en.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\videolistplus-setup.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\wonderland.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\AleJenJesTimer\Timer.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\Class Photos\advisor.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\Copy of recycle bin\DELL_Drv.EXE
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\Copy of recycle bin\ymsgr.exe
c:\Documents and Settings\AndiL\Desktop\Unused Desktop Shortcuts\Copy of recycle bin\WMDM\setup.exe
c:\Documents and Settings\AndiL\My Documents\PrintCal.exe
c:\Documents and Settings\AndiL\My Documents\DataKey\Other\Copy of CUTFTP32.EXE
c:\Documents and Settings\AndiL\My Documents\DataKey\Other\CUTFTP32.EXE
c:\Documents and Settings\AndiL\My Documents\Glass block graphics\crafterssampler.exe
c:\Documents and Settings\AndiL\My Documents\Glass block graphics\lollie5719.exe
c:\Documents and Settings\AndiL\My Documents\Glass block graphics\pcClubHomeHelperPromo.exe
c:\Documents and Settings\AndiL\My Documents\Glass block graphics\pcClubHugBarsPromo.exe
c:\Documents and Settings\AndiL\My Documents\Glass block graphics\pcClubToppersPromo.exe
c:\Documents and Settings\AndiL\My Documents\Glass block graphics\pchugbugbrowserdeluxelite.exe
c:\Documents and Settings\AndiL\My Documents\Glass block graphics\pumpkinsoup.exe
c:\Documents and Settings\AndiL\My Documents\mp3s\ecdc_v5.3.5.10_plt_enu.exe
c:\Documents and Settings\AndiL\My Documents\mp3s\ftpcommander.exe
c:\Documents and Settings\AndiL\My Documents\mp3s\iTunesSetup.exe
c:\Documents and Settings\AndiL\My Documents\mp3s\LimeWireWin.exe
c:\Documents and Settings\AndiL\My Documents\mp3s\picasa2-setup-1884.exe
c:\Documents and Settings\AndiL\My Documents\mp3s\WinRMSetup.exe
c:\Documents and Settings\AndiL\My Documents\Stedmans\WordBase\WORDBASE.EXE
c:\Program Files\Documents To Go\DocsToGo.exe
c:\Program Files\Documents To Go\HandheldInstall.exe
c:\Program Files\Documents To Go\ptgxlat.exe
c:\Program Files\Documents To Go\ZipUtil.exe
c:\WINDOWS\Installer\{4E7E8E6A-15F1-4E26-9352-26AD235131E9}\DocumentsToGo.exe
c:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\dplugins\2.0.1.571\DiagPlugin.dll
c:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\HTML\AutoMaintenance\AutoMaintenance.dll
c:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\HTML\AutoMaintenance\Images.dll
c:\Documents and Settings\AndiL\Application Data\Mozilla\Plugins\npPxPlay.dll
c:\Documents and Settings\AndiL\Application Data\Netscape\Plugins\npPxPlay.dll

****** Fin du rapport DiagHelp


I will post the other log back here soon.

Edited by Tomboymama, 27 August 2007 - 09:01 PM.

    Advertisements

Register to Remove


#32 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 27 August 2007 - 10:01 PM

Not sure this is correct as it doesn't look like much, but here is the blacklight log: 08/27/07 22:32:48 [Info]: BlackLight Engine 1.0.64 initialized 08/27/07 22:32:48 [Info]: OS: 5.1 build 2600 (Service Pack 1) 08/27/07 22:32:48 [Note]: 7019 4 08/27/07 22:32:48 [Note]: 7005 0 08/27/07 22:32:51 [Note]: 7006 0 08/27/07 22:32:51 [Note]: 7022 0 08/27/07 22:32:51 [Note]: 7011 1752 08/27/07 22:32:52 [Note]: 7026 0 08/27/07 22:32:52 [Note]: 7026 0 08/27/07 22:32:54 [Note]: FSRAW library version 1.7.1022 08/27/07 22:56:47 [Note]: 7007 0

#33 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 28 August 2007 - 07:26 AM

The Blacklight log is a typical one, and here does not reflect any hidden activity.

Somehow I have a sense that the unknown driver I had a look at is part of the CDRoller software I see there, and perhaps another showing pfc.sys. Another option is Acronis. Hard to tell if the Acronis software, installed as it is as a kernel driver, is not interfering with getting results here.

This is something you might uninstall through Add/Remove programs - the main thing powered by MyWebSearch or any IAC products is revenue through adware/search hijacking.

WeatherBug Browser Bar - powered by MyWebSearch



Another I would like to ask you about is GuruNet. I am not familiar with this, but see where it recently indicated a plan to do "an ad-supported revenue model" in association with some other ventures. How long have you used this software?

Two more I would like you to check as well on:

pcHugBug Browser (just let me know what it's use is)
WebMail Assistant

If you do not recognize that second one open HijackThis - click Config - Misc Tools - Open Uninstall Manager again.
A list of the entries in Add/Remove programs will appear.

Click to hilight WebMail Assistant, then to the right check the Uninstall command entry, and copy/paste that file path information back here please.

#34 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 28 August 2007 - 08:03 AM

Here is the rundown on those items: Weatherbug browser bar-- would like to delete but it will not allow me to, get an error loading C:\PROGRA~\MYWEBS~2\BAR\1.bin\wbBar.dll GuruNet is a dictionary/encyclopedia type search engine. I have had this for a few years, but rarely use and if it could be causing a problem, I don't mind deleting it. PCHugClub is a browser/organizer for clipart-- can also be removed if necessary, rarely used. WebMail Assistant-- C:\PROGRA~1\WEBMAI~1\UNWISE.EXE C:\PROGRA~1\WEBMAI~1\INSTALL.LOG I rarely use this program as well, so if necessary, it can be uninstalled.

#35 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 28 August 2007 - 09:50 AM

No need to pester those other softwares. That MyWebSearch is likely partially removed so the uninstall mechanism is no longer available.

My attention returns to the questionable driver and service. In checking I see it shows in other people's logs with activity occurring at the same time as infective activity, and all in all it does not match wth what I know to be the correct service and file:

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys

R2 ohciusb;Open Host Controller Miniport USB Driver;\??\C:\WINDOWS\System32\drivers\ohciusb.sys


Go to Start - Run, type services.msc (and OK).

On the list locate and double-click on the following item.

Open Host Controller Miniport USB Driver

Under Service Status, click Stop.

Then using the dropdown box, change the Startup type to Disabled.

Apply/OK and exit. It is not likely you will see this listed as such, but i would prefer you check through more standard means first.


If it was not listed, run Notepad and copy the following text in bold into a new file:

@ECHO OFF
cd %windir%
sc start ohciusb
exit

Save the file as "servstart.bat". Make sure to save it with the quotes. Save this in case it is needed to start that service again if too many errors occur after this service is stopped. It will automatically change to an "as-needed" startup setting.


Now run Notepad and copy the following text in bold into a new file:

@ECHO OFF
cd %windir%
sc config ohciusb start= disabled
sc stop ohciusb
exit
Save the file as "servstop.bat". Make sure to save it with the quotes. Please double-click on servstop.bat. A window should open and close very quickly --- this is normal.


Check for any changes to be sure you do not experience any undesirable system issues. If none, reboot and try running GMER again. Again do double check Spyware Doctor is completely disabled, as it has truly been known to interfere with scans in the past. If you get any notices or alerts at reboot be sure to copy them to post back here after.

#36 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 28 August 2007 - 11:38 PM

Sorry, it has been a day, and I didn't get a chance to try the scan until very late. I am still unable to get a complete scan running GMER. It stops in the same place and then says it needs to close. Spyware doctor is completely disabled, Trend Micro is off, nothing else is running, etc. when I am running the scan.

#37 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 29 August 2007 - 04:41 AM

I'll ask the author if he has time and see if we can figure out an alternate approach for the scan.

#38 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 29 August 2007 - 04:46 AM

Based on some recent driver info showing - do you have DiscJuggler installed here? Like many of the newer ripping/burning softwares it loads disk emulator drivers which may be what are the issue in this.

#39 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 29 August 2007 - 07:13 AM

I do not have DiscJuggler.

#40 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 29 August 2007 - 08:09 PM

Don't like to keep taking out services without knowing their exact uses. Reviewing the logs so far and the info on hanonvt.ini there are indications of an autorun function involved. Let's correct an unrecognized logon function I have been discussing on and off all along and check for autorun mechanisms as well.



As you are about to make registry changes, you will need to backup the registry to have if needed. Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup (not to a temp folder). Close the Registry Editor. This is just a smart precaution when making changes to the registry.



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
  00
Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it regfix22.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.



Then Go here and download Flash_Disinfector.exe and save it to your desktop.

Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program.

The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.



Reboot and Go here for an online AV scan (requires IE to run). If your AV alerts you while the scan installs ignore this - Panda's Active Scan method is often mistaken for infection activity.

Scan "Local Disks" and when finished save the scan log and then post the log here. To save the log first select the See Report button, then select the Save report button, and post that log back here.


sc qc pfc > c:\locate27.txt & start notepad c:\locate27.txt
Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it servfind.bat

Where it says "Files of Type", select All Files and click on Save and save it to your desktop. Exit Notepad, Then Click on servfind.bat and allow it to run. A text box will open - please copy/paste the contents back here.


Just to check against the reg change try GMER now as well in just normal mode.


Finally delete the existing copy of ComboFix.exe and download ComboFix.exe again from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Post back the C:\ComboFix as well as the other info please.

Edited by Jintan, 29 August 2007 - 08:11 PM.

    Advertisements

Register to Remove


#41 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 30 August 2007 - 04:16 AM

Tomboymama, I see you have checked in since my last post, but it came to me just now the regedit is not the correct value to address in this. The one posted modifies a value for that Acronis boot value instead of the unwanted value "Notification Packages". Nothing that should cause immediate error or issues but if you have not done that step please post back so we can discuss doing the correct regedit. If you have already we will just need to return the value in order for Acronis to have that startup value available.

#42 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 30 August 2007 - 07:19 AM

Hi, I have already done the regedit and am through the Panda Scan (which took a bit). I will go ahead and post those results. It will be a bit before I can get to the other scans. When you have a chance, just let me know what to do on the regedit, and I can make those changes. Thanks. Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@ad.yieldmanager[2].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@ads.addynamix[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@advertising[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@azjmp[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@bravenet[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@bs.serving-sys[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@fastclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@mediaplex[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@realmedia[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@serving-sys[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@statse.webtrendslive[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@tribalfusion[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\AndiL\Cookies\andil@zedo[2].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\AndiL\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\AndiL\Desktop\Flash_Disinfector.exe[nircmd.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\AndiL\Desktop\SDFix.exe[SDFix\apps\Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\AndiL\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\AndiL\Desktop\SmitfraudFix\restart.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\AndiL\Desktop\SmitfraudFix.exe Virus:Generic Malware Disinfected C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2005 version 7\LoderRunOnce.exe Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearchWB\bar\1.bin\W6WBTEMP.DLL Virus:Generic Malware Disinfected C:\Program Files\NetAccess SSL\Setup\SETUP.EXE Virus:Generic Malware Disinfected C:\Program Files\PestPatrol\Quarantine\20041230015820.zip[Program Files/NetAccess SSL/Setup/SETUPLNG.DLL] Virus:Trj/Downloader.MDW Not disinfected C:\QooBox\Quarantine\C\195.tmp.vir[BndDrive.dll] Virus:Trj/Downloader.PNC Disinfected C:\QooBox\Quarantine\C\196.tmp.vir Virus:Trj/Downloader.MDW Not disinfected C:\QooBox\Quarantine\C\1E5.tmp.vir[BndDrive.dll] Virus:Trj/Downloader.PNC Disinfected C:\QooBox\Quarantine\C\1E6.tmp.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearchWB\bar\1.bin\W6WBTEMP.DLL.vir Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\19967468 Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

#43 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 30 August 2007 - 10:07 AM

I have checked through Acronis info and see it has multitudes of methods for restore options and access options. the change just made removed a means of using the network to work with Acronis from bootup, but we can return that. The other target registry item suggests a boot item using a known System restore .dll (file) with an obfuscated path (unclear, perhaps somewhat hidden) with an unfamiliar string command. But in checking through Acronis' many functions it is quite possible it includes some encrypted procedure using System Restore so the entry for now should be left as is.



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,72,\
  00,65,00,6c,00,6f,00,67,00,5f,00,61,00,70,00,00,00,00,00
Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it fixback2.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry. After the next reboot this chaneg will be completed.


Then just for now complete the others steps please.

#44 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 30 August 2007 - 09:31 PM

[SC] GetServiceConfig SUCCESS

SERVICE_NAME: pfc
TYPE : 1 KERNEL_DRIVER
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \??\C:\WINDOWS\System32\drivers\pfc.sys
LOAD_ORDER_GROUP : filter
TAG : 0
DISPLAY_NAME : Padus ASPI Shell
DEPENDENCIES :
SERVICE_START_NAME :

Still no luck on getting a full GMER scan.

Here is the new ComboFix:

ComboFix 07-08-30.3 - "AndiL" 2007-08-30 22:57:23.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.402 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-29 23:12 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-08-29 23:05 <DIR> drahsc--- C:\autorun.inf
2007-08-29 23:04 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-28 23:55 <DIR> d----c--- C:\gmer
2007-08-28 12:15 <DIR> d-------- C:\Program Files\MyWebSearchWB
2007-08-28 08:26 <DIR> d-------- C:\DOCUME~1\AndiL\.limewire
2007-08-27 21:20 <DIR> d----c--- C:\DiagHelp
2007-08-25 19:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-08-25 19:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-24 21:13 <DIR> d----c--- C:\getservice
2007-08-24 20:31 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-23 23:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-23 23:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-23 23:40 <DIR> d-------- C:\DOCUME~1\AndiL\APPLIC~1\SUPERAntiSpyware.com
2007-08-23 23:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-18 22:52 82,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2007-08-18 22:52 57,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2007-08-18 22:52 40,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2007-08-18 22:52 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2007-08-18 22:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-08-18 22:52 <DIR> d-------- C:\DOCUME~1\AndiL\APPLIC~1\PC Tools
2007-08-18 22:50 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-08-18 21:43 77,312 --a------ C:\WINDOWS\ua2.dll
2007-08-17 23:57 <DIR> d-------- C:\WINDOWS\Google Toolbar
2007-08-17 19:44 5,140 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-08-11 16:50 4,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ohciusb.sys
2007-07-05 13:44 <DIR> d-------- C:\DOCUME~1\AndiL\APPLIC~1\Sibelius Software
2007-07-05 13:42 <DIR> d-------- C:\Program Files\Sibelius Software


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 16:51 --------- d-------- C:\DOCUME~1\AndiL\APPLIC~1\BayScribe
2007-08-30 00:25 --------- d-------- C:\Program Files\Pink Calendar
2007-08-30 00:18 --------- d-------- C:\Program Files\Google
2007-08-30 00:17 --------- d-------- C:\Program Files\eFax Messenger Plus
2007-08-30 00:16 --------- d-------- C:\Program Files\Dell AIO Printer A940
2007-08-30 00:14 --------- d-------- C:\Program Files\BayScribe
2007-08-28 12:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GuruNet
2007-08-27 19:32 --------- d-------- C:\DOCUME~1\AndiL\APPLIC~1\WeatherBug
2007-08-24 08:13 2433 --a------ C:\WINDOWS\system32\drivers\ohciusb.zip
2007-08-18 21:30 131584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-08-18 00:05 --------- d-------- C:\Program Files\Collectorz.com
2007-08-18 00:03 --------- d-------- C:\Program Files\ICQ
2007-08-18 00:02 --------- d-------- C:\Program Files\WS_FTP Pro
2007-08-18 00:00 --------- d-------- C:\Program Files\MUSICMATCH
2007-08-17 23:59 --------- d-------- C:\Program Files\Ahead
2007-08-17 23:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-17 23:53 --------- d-------- C:\Program Files\Critical Thinking Software
2007-08-17 23:52 --------- d--h----- C:\Program Files\Zero G Registry
2007-08-17 23:52 --------- d-------- C:\Program Files\Critical Thinking Demos
2007-08-17 23:50 --------- d-------- C:\Program Files\Spelling Bee Tutor-PDA
2007-08-17 23:48 --------- d-------- C:\Program Files\Yahoo!
2007-08-17 23:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo
2007-08-13 09:41 --------- d-------- C:\Program Files\Red NoteBook
2007-08-11 16:16 --------- d-------- C:\Program Files\Creative
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2005-09-19 12:30 774144 --a------ C:\Program Files\RngInterstitial.dll
2005-05-18 00:18 224590 --a--c--- C:\WINDOWS\Fonts.\PCSimplicitee.exe
2005-05-18 00:18 145088 --a--c--- C:\WINDOWS\Fonts.\PCHardBall.exe
2005-05-18 00:18 141355 --a--c--- C:\WINDOWS\Fonts.\PCmichelle.exe
2005-05-18 00:18 138703 --a--c--- C:\WINDOWS\Fonts.\PCBrita.exe
2005-05-18 00:17 233454 --a--c--- C:\WINDOWS\Fonts.\PCLewis.exe
2005-05-18 00:17 146103 --a--c--- C:\WINDOWS\Fonts.\PCScratchPad.exe
2005-05-18 00:17 133873 --a--c--- C:\WINDOWS\Fonts.\pcplayful.exe
2005-05-18 00:17 128153 --a--c--- C:\WINDOWS\Fonts.\PCBigStick.exe
2005-05-18 00:17 124681 --a--c--- C:\WINDOWS\Fonts.\PCKnobbish.exe
2005-05-18 00:16 134489 --a--c--- C:\WINDOWS\Fonts.\PCGoo.exe
2005-05-18 00:16 131330 --a--c--- C:\WINDOWS\Fonts.\PCSketched.exe
2005-05-18 00:16 130498 --a--c--- C:\WINDOWS\Fonts.\PCEightBall.exe
2005-05-18 00:16 130000 --a--c--- C:\WINDOWS\Fonts.\PCJennPen.exe
2005-05-18 00:14 130751 --a--c--- C:\WINDOWS\Fonts.\PCSquirrelly.exe
2005-05-07 21:49 6132 --a--c--- C:\Program Files\top52--0047.htm
2005-05-07 21:48 6132 --a--c--- C:\Program Files\top52--0028.htm
2005-05-07 21:47 1039189 --a--c--- C:\Program Files1mp3ins.exe
2005-04-17 12:07 1584088 --a--c--- C:\Program Files\earpro4setup.exe
2005-03-27 20:08 10831584 --a--c--- C:\Program Files\PestPatrolv5.exe
2004-10-20 21:18 376672 --a--c--- C:\Program Files\DLM_2200043_ENU.exe
2004-06-22 21:03 411329 --a--c--- C:\Program Files\slimlist.exe
2004-05-04 11:50 8029451 --a--c--- C:\Program Files\SetupPestPatrolHome.exe
2004-04-07 09:28 2736029 --a--c--- C:\Program Files\treepadplus.zip
2004-02-19 23:15 457 --a--c--- C:\Program Files\INSTALL.LOG
2003-05-21 19:10 3662787 --a--c--- C:\Program Files\spybotsd12.exe
2003-05-15 11:17 2838184 --a--c--- C:\Program Files\ica32.exe
2003-05-13 23:30 260684 --a--c--- C:\Program Files\ICQMessageArchive.exe
2003-05-13 18:14 1897672 --a--c--- C:\Program Files\winzip81.exe
2003-05-12 22:51 660696 --a--c--- C:\Program Files\rednotebook19b.exe
2003-05-12 18:55 5082328 --a--c--- C:\Program Files\cuteftppro.exe
2003-05-12 18:48 3025408 --a--c--- C:\Program Files\cuteftp.exe
2003-05-12 18:16 3978384 --a--c--- C:\Program Files\icqpro2003a.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E028439-81C7-4B82-BC74-25156306F532}]
2007-06-14 09:10 258048 --a------ C:\Program Files\BayScribe\bayscribe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2003-06-17 10:12]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 18:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-29 18:31]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 21:45]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 16:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2005-06-07 13:58]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 20:14]

C:\DOCUME~1\AndiL\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 09:00:00]
PinkCal.lnk - C:\Program Files\Pink Calendar\PinkCal.exe [2007-08-18 21:30:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
"Notification Packages"= :\WINDOWS\system32\srrstr.dll cecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GuruNet.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GuruNet.lnk
backup=C:\WINDOWS\pss\GuruNet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndiL^Start Menu^Programs^Startup^.lnk]
path=C:\Documents and Settings\AndiL\Start Menu\Programs\Startup\.lnk
backup=C:\WINDOWS\pss\.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndiL^Start Menu^Programs^Startup^eBot.lnk]
path=C:\Documents and Settings\AndiL\Start Menu\Programs\Startup\eBot.lnk
backup=C:\WINDOWS\pss\eBot.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndiL^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\AndiL\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
"C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\System32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\System32\DRIVERS\timntr.sys
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\System32\DRIVERS\BCMSM.sys
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\System32\DRIVERS\ss.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\System32\Drivers\StMp3Rec.sys
S3 VNUSB;VN Series Device;C:\WINDOWS\System32\DRIVERS\VNUSB.sys
S4 ohciusb;Open Host Controller Miniport USB Driver;\??\C:\WINDOWS\System32\drivers\ohciusb.sys

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-08-29 23:01:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-30 06:55:34 C:\WINDOWS\Tasks\PPv5Scan_Daily as AndiL at 1 55 AM.job - C:\Program Files\CA\eTrust PestPatrol\ppv5consumercl.exe
2007-08-24 17:12:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
2007-05-16 17:12:19 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 23:03:58
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-30 23:05:22
C:\ComboFix-quarantined-files.txt ... 2007-08-30 23:04
C:\ComboFix2.txt ... 2007-08-26 16:40
C:\ComboFix3.txt ... 2007-08-25 13:57

--- E O F ---

Edited by Tomboymama, 30 August 2007 - 10:12 PM.


#45 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 31 August 2007 - 06:14 PM

I have asked a few others to review some of this information as well. For now that service identified as Padus ASPI Shell pretty much indicates it is related to one of the CD/DVD burning softwares you have installed there so not looking malicious here. The Panda scan mostly located tools we used, didn't seem to like the Advanced Uninstaller installer file (though I am not sure it is necessarily infection) and some files/folders we need to remove. It did delete that NetAccess SSL, which does not show in name searches and is very suspect as a source of some of the infection here. Are you having any issues on the system at this time?



Since the tool is there let's have ComboFix assist in file removal. Open notepad and copy/paste the text in the codebox below into it:


Suspect::
C:\WINDOWS\19967468 
File::
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf 
C:\WINDOWS\19967468 
Folder::
C:\WINDOWS\19967468 
C:\Program Files\MyWebSearchWB

Save this as "CFScript"

(include the "quotation marks" with the name)


Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will cause ComboFix to run as it already has. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply.

Also ComboFix will have generated a zipped file on your desktop called Submit [Date Time].zip (actually you will see a reference to another forum during the file copy steps when this is created). Locate this file and again upload it here and follow the instructions to upload like before.


Let's check on the status of the still suspect service earlier disabled.

sc qc ohciusb > c:\locate42.txt & start notepad c:\locate42.txt

Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it servfind2.bat

Where it says "Files of Type", select All Files and click on Save and save it to your desktop. Exit Notepad, Then Click on servfind2.bat and allow it to run. A text box will open - please copy/paste the contents back here along with the other requested items please.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users