Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

WIN403~1.EXE (win4036.tmp?)


  • Please log in to reply
43 replies to this topic

#1 Miami

Miami

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 23 November 2007 - 01:38 PM

Okay. I'm getting desperate, and no way I'm going to give up trying to get help. The CMD keeps popping up and then another popup saying something about C:\WINDOWS\TEMP\WIN403~1.EXE I've looked in C:\WINDOWS\TEMP but all I could find that was an exe was win4036.tmp I'm getting sick the CMD popping up with that other thing poppup up that gives me option buttons of "Close" or "Ignore". HELP. And I SWEAR, I will post 1 thread EVERY day with this same exact text until I get help.

    Advertisements

Register to Remove


#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 23 November 2007 - 04:02 PM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#3 Miami

Miami

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 23 November 2007 - 08:17 PM

main.txt

Deckard's System Scanner v20071014.68
Run by ERIK A. GRIFFIN on 2007-11-23 21:08:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 3.65 GiB (less than 15%) free.


-- HijackThis (run as ERIK A. GRIFFIN.exe) -------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-23 21:13:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Fonts\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
O1 - Hosts: 67.159.44.37 l2authd.lineage2.com
O1 - Hosts: 67.159.44.37 l2testauthd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - (no file)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - (no file)
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft] iexplorer2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\Fonts\lsass.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer2.exe
O4 - HKLM\..\RunOnce: [lsass] C:\WINDOWS\Fonts\lsass.exe /RunOnce
O4 - HKLM\..\RunOnceEx: [lsass] C:\WINDOWS\Fonts\lsass.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\VANESSA J. GRIFFIN\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: https://ny.contentmatch.net (HKLM)
O16 - DPF: ActiveGS.cab () - http://www.virtualap...rg/activegs.cab
O16 - DPF: Yahoo! Chat () - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers () - http://download.game...nts/y/kt4_x.cab
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netm...NMStarter23.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.micr.../OGAControl.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} () - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.wildtange...all/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtange...ave/Install.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (MalwareCleaner Class) - http://www.microsoft.../WebCleaner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonl...Q/bin/WebIQ.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135819770910
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} () - http://yax-download.....cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FF452CFC-7056-4A5D-A327-1DFEC8EDC82A} (Upload Class) - http://www.neptune.c...ad/ms40upld.ocx
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: iexplorer - C:\WINDOWS\system32\iexplorer.dll (file missing)
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\system32\winjrs32.dll
O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\system32\wintfj32.dll (file missing)
O22 - SharedTaskScheduler: Prestige Software - {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Windows Update Service (MSUpdate) - Unknown owner - C:\WINDOWS\system32\wupdmgr32.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service Support - Unknown owner - C:\WINDOWS\system32\srvsupp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


--
End of file - 15623 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20071119-153124-730 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071119-153124-950 R3 - URLSearchHook: (no name) - {F3B536F1-A568-ACEA-4F84-F55A6C3912CA} - (no file)

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - %1
.bat - batfile - shell\open\command - C:\WINDOWS\system32\wupdmgr32.exe "%1"
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153
.com - comfile - DefaultIcon - %1
.com - comfile - shell\open\command - C:\WINDOWS\system32\wupdmgr32.exe "%1"
.exe - exefile - shell\open\command - C:\WINDOWS\Fonts\lsass.exe "%1" %*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - C:\WINDOWS\system32\wupdmgr32.exe "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 npkcrypt - c:\program files\lineage ii\system\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFSDRV - c:\??\c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\??\c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 SDVC05 (USB SDVC05) - c:\windows\system32\drivers\sdvc05.sys <Not Verified; HaSoInTech; Windows ® 2000 DDK driver>
S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 MSUpdate (Microsoft Windows Update Service) - c:\windows\system32\wupdmgr32.exe (file missing)
S2 Service Support - c:\windows\system32\srvsupp.exe (file missing)
S2 Speed Disk service -
S4 bdss (BitDefender Scan Server) - "c:\program files\common files\softwin\bitdefender scan server\bdss.exe" /service (file missing)
S4 LIVESRV (BitDefender Desktop Update Service) - "c:\program files\common files\softwin\bitdefender update service\livesrv.exe" /service (file missing)
S4 VSSERV (BitDefender Virus Shield) - "c:\program files\softwin\bitdefender10\vsserv.exe" /service (file missing)
S4 XCOMM (BitDefender Communicator) - "c:\program files\common files\softwin\bitdefender communicator\xcommsvr.exe" /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-23 18:56:17 362 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2007-11-17 07:23:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-10-21 19:53:37 314 --a------ C:\WINDOWS\Tasks\Scanner and Camera Wizard.job
2007-10-21 19:51:39 474 --a------ C:\WINDOWS\Tasks\Microsoft Word.job


-- Files created between 2007-10-23 and 2007-11-23 -----------------------------

2007-11-23 21:04:08 64512 --ah----- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\dach100.dll
2007-11-22 02:18:57 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-11-22 02:18:54 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-18 19:14:51 0 d-------- C:\Program Files\Common Files\Nero
2007-11-18 14:59:34 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Nero
2007-11-18 14:53:33 0 d-------- C:\Program Files\Nero
2007-11-18 14:53:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2007-11-18 02:47:44 24576 --a------ C:\WINDOWS\system32\winjrs32.dll
2007-11-17 18:02:01 0 d-------- C:\Program Files\Converter
2007-11-17 01:00:38 0 d-------- C:\Program Files\KLC
2007-11-15 18:55:44 0 d-------- C:\b
2007-11-13 02:47:43 0 d-------- C:\Program Files\LegacyGamers
2007-11-11 01:41:15 0 d-------- C:\Program Files\MAIET
2007-11-09 08:12:53 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\IrfanView
2007-11-08 23:41:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-07 12:57:31 0 d-------- C:\Program Files\Lineage II
2007-11-07 12:57:02 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\InstallShield
2007-11-06 11:17:54 0 d-------- C:\Program Files\Brittle Bullet - Private Gunz Server
2007-11-06 00:48:46 0 d-------- C:\Program Files\iPod
2007-11-06 00:47:55 0 d-------- C:\Program Files\iTunes
2007-11-06 00:39:59 0 d-------- C:\Program Files\Common Files\Apple
2007-11-04 00:41:33 0 d-------- C:\Program Files\IrfanView
2007-11-01 16:55:52 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Media Player Classic
2007-11-01 16:53:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-11-01 16:30:36 0 d-------- C:\Program Files\SystemRequirementsLab
2007-11-01 15:14:16 157696 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-01 09:01:33 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Atari
2007-11-01 08:52:38 0 d-------- C:\Program Files\Atari
2007-10-31 23:20:16 0 d-------- C:\Program Files\Steam
2007-10-30 22:10:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:10:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-30 19:34:34 394240 --a------ C:\WINDOWS\system32\Smab.dll
2007-10-30 19:34:34 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-10-30 19:34:34 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-10-30 19:34:33 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-10-30 19:34:33 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-10-30 19:34:33 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-10-30 19:34:33 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-10-30 19:34:33 217073 --a------ C:\WINDOWS\meta4.exe
2007-10-30 19:34:31 0 d-------- C:\Program Files\AviSynth 2.5
2007-10-30 19:32:13 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2007-10-30 19:32:13 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2007-10-30 19:32:03 0 d-------- C:\Program Files\eRightSoft
2007-10-29 15:41:33 12416 --a------ C:\WINDOWS\system32\drivers\wpsnuio.sys <Not Verified; Skyhook Wireless; WPS NDIS User Mode I/O Driver>
2007-10-29 15:41:33 0 d-------- C:\Program Files\Skyhook Wireless
2007-10-29 15:21:04 0 d-------- C:\Program Files\AIM6
2007-10-29 13:41:05 0 d-------- C:\Program Files\QuickTime
2007-10-29 12:47:10 0 d-------- C:\WINDOWS\Startup (disabled)
2007-10-29 12:42:00 430 --ah----- C:\WINDOWS\sysdata.dat
2007-10-29 12:39:31 341 --ah----- C:\WINDOWS\winshell.dat
2007-10-29 12:29:24 0 d-------- C:\Program Files\mIRC
2007-10-29 12:29:24 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\mIRC


-- Find3M Report ---------------------------------------------------------------

2007-11-23 21:04:12 66 --a------ C:\WINDOWS\anticrash.dat
2007-11-23 21:04:09 61 --a------ C:\WINDOWS\hare.dat
2007-11-23 21:04:07 60 --a------ C:\WINDOWS\zoom.dat
2007-11-23 21:03:55 0 d-------- C:\Program Files\Common Files
2007-11-22 15:31:44 589 --ah----- C:\WINDOWS\WININF.DAT
2007-11-21 03:48:47 73264 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-11-20 12:46:35 0 d-------- C:\Program Files\AvPropPlugin
2007-11-19 03:07:21 32 --a----c- C:\WINDOWS\go
2007-11-12 05:58:39 0 d-------- C:\Program Files\TrustIn Contextual
2007-11-09 18:23:02 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-07 14:50:21 0 d-------- C:\Program Files\FriendBlasterPro
2007-11-07 14:50:21 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Registry Help Pro
2007-11-07 12:57:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-07 12:45:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-07 12:25:00 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Adobe
2007-11-04 00:42:45 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-29 15:22:18 0 d-------- C:\Program Files\Viewpoint
2007-10-29 15:21:09 0 d-------- C:\Program Files\Common Files\AOL
2007-10-29 13:28:34 32700 --a----c- C:\WINDOWS\system32\tcpipbak.reg
2007-10-29 12:41:56 0 d-------- C:\Program Files\Dachshund Software
2007-10-29 12:16:45 0 d-------- C:\Program Files\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631f7200-642e-11db-bd13-0800200c9a66}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 11:22 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/31/2006 07:46 PM]
"Microsoft"="iexplorer2.exe" []
"nwiz"="nwiz.exe" [10/22/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 11:22 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/05/2007 12:05 PM]
"lsass"="C:\WINDOWS\Fonts\lsass.exe" [08/04/2004 02:56 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/02/2006 08:07 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"ares"="C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" []
"Google Update"="C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [11/18/2007 03:02 PM]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"lsass"=C:\WINDOWS\Fonts\lsass.exe /RunOnce

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft"=iexplorer2.exe

C:\Documents and Settings\ERIK A. GRIFFIN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/19/2005 1:41:37 AM]
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [12/17/2002 11:00:44 AM]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [9/21/2002 11:26:40 AM]
YouTube Uploader.lnk - C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [10/22/2007 11:32:22 AM]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [9/21/2002 11:27:14 AM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplorer]
iexplorer.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
winjrs32.dll 11/18/2007 02:47 AM 24576 C:\WINDOWS\system32\winjrs32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WinampAgent"=C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed2a1c8-1847-11db-9374-0080add18772}]
AutoRun\command- H:\setupSNK.exe




-- Hosts -----------------------------------------------------------------------

67.159.44.37 l2authd.lineage2.com
67.159.44.37 l2testauthd.lineage2.com


-- End of Deckard's System Scanner: finished at 2007-11-23 21:15:23 ------------


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 255.01 MiB / 74.71 MiB
Pagefile Memory (total/avail): 1233.55 MiB / 992.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.03 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.24 GiB total, 3.65 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (FAT) - 0.03 GiB total, 0.03 GiB free.
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.24 GiB - C:
\PARTITION1 - 16-bit FAT - 31.35 MiB - F:

\\.\PHYSICALDRIVE1 - HP photosmart 7700 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: BitDefender Antivirus Plus v10 v7.2 (Softwin) Disabled
AV: BitDefender Antivirus Plus v10 v7.2 (Softwin) Disabled Outdated
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\Fonts\\lsass.exe"="C:\\WINDOWS\\Fonts\\lsass.exe:*:Enabled: "
"C:\\Program Files\\LegacyGamers\\GunZ Online\\GunZLauncher.exe"="C:\\Program Files\\LegacyGamers\\GunZ Online\\GunZLauncher.exe:*:Enabled:Gunz"
"C:\\Program Files\\wIRC\\mIRC.exe"="C:\\Program Files\\wIRC\\mIRC.exe:*:Enabled:mIRC"
"C:\\wIRC\\mIRC.exe"="C:\\wIRC\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\mIRC\\mirc.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\Ares\\Ares.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Steam\\steamapps\\224447\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\224447\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\224447\\garrysmod\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\224447\\garrysmod\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe"="C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe:*:Enabled:Gunz"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd"
"C:\\Program Files\\Brittle Bullet - Private Gunz Server\\Brittle Bullet.exe"="C:\\Program Files\\Brittle Bullet - Private Gunz Server\\Brittle Bullet.exe:*:Enabled:Gunz"
"C:\\WINDOWS\\system32\\srvsupp.exe"="C:\\WINDOWS\\system32\\srvsupp.exe:*:Enabled:srvsupp"
"C:\\WINDOWS\\system32\\wupdmgr32.exe"="C:\\WINDOWS\\system32\\wupdmgr32.exe:*:Enabled:Windows Update Manager"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\ERIK A. GRIFFIN\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BIGPAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ERIK A. GRIFFIN
include=C:\Documents and Settings\ERIK A. GRIFFIN\VC98\atl\include;C:\Documents and Settings\ERIK A. GRIFFIN\VC98\mfc\include;C:\Documents and Settings\ERIK A. GRIFFIN\VC98\include
ITEMID=dj-22741-10
LANG=1033
lib=C:\Documents and Settings\ERIK A. GRIFFIN\VC98\mfc\lib;C:\Documents and Settings\ERIK A. GRIFFIN\VC98\lib
LOGONSERVER=\\BIGPAIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\Perl\bin\;C:\bin\;C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONID=1107197412488htx693f37160:101d0a0584b:7b96
SESSIONNAME=Console
SWUTVER=1.0.18.20030627
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp
USERDOMAIN=BIGPAIN
USERNAME=ERIK A. GRIFFIN
USERPROFILE=C:\Documents and Settings\ERIK A. GRIFFIN
VERSION=3.0.2.993
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

VANESSA J. GRIFFIN (admin)
ERIK A. GRIFFIN (admin)
Erik (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

-->
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Fight List 1.0.0.1 --> C:\PROGRA~1\AIMFIG~1\UNWISE.EXE C:\PROGRA~1\AIMFIG~1\INSTALL.LOG
AntiCrash 3.6.1 --> "C:\Program Files\Dachshund Software\AntiCrash\Uninstall.exe" "C:\Program Files\Dachshund Software\AntiCrash\install.log"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AvPropPlugin 1.0.0.1 --> C:\PROGRA~1\AVPROP~1\UNWISE.EXE C:\PROGRA~1\AVPROP~1\INSTALL.LOG
Brittle Bullet - Private Gunz Server --> MsiExec.exe /I{DDF1EC6E-E7AE-48B8-BA17-FFB1501A8C1E}
Chinese (Traditional) Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tw.inf, Uninstall
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVC5.1 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCCE3F4-E888-40E8-8AE5-CF8058F25631}\Setup.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{6953CFE0-74E6-4DE2-869E-D9ADFB2DC55F}
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Garry's Mod --> "C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Hare 1.5.1 --> "C:\Program Files\Dachshund Software\Hare\Uninstall.exe" "C:\Program Files\Dachshund Software\Hare\install.log"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Japanese Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Defense8 Control - Å°º¸µå º¸¾È --> regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\kdfense8.ocx"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Korean Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ko.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lineage II --> C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
Linksys EasyLink Advisor 1.5 (1010) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" UNINSTALL
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MP3 WAV WMA Converter --> C:\PROGRA~1\CONVER~1\UNWISE.EXE C:\PROGRA~1\CONVER~1\INSTALL.LOG
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TrustIn Contextual --> regsvr32 /u /s "C:\Program Files\TrustIn Contextual\trustincontext.dll"
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebFldrs XP -->
WebIQ Client Software --> C:\WINDOWS\system32\WebIQInstall.exe /u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinPcap 3.0 alpha --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
YouTube Uploader --> MsiExec.exe /X{93F7E99C-A2BB-315A-93E1-FBFA3A54C07F}
Zoom 1.3.1 --> "C:\Program Files\Dachshund Software\Zoom\Uninstall.exe" "C:\Program Files\Dachshund Software\Zoom\install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4370 / Warning
Event Submitted/Written: 11/23/2007 09:03:08 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type4369 / Warning
Event Submitted/Written: 11/23/2007 09:03:08 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type4361 / Error
Event Submitted/Written: 11/22/2007 11:19:18 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Easy CD & DVD Creator 6 -- Error 1706.No valid source could be found for product Easy CD & DVD Creator 6. The Windows Installer cannot continue.

Event Record #/Type4360 / Warning
Event Submitted/Written: 11/22/2007 11:18:35 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}', feature 'PMStudio' failed during request for component '{5AC6310E-8718-4D1A-AA6A-26CD5101EA52}'

Event Record #/Type4359 / Warning
Event Submitted/Written: 11/22/2007 11:18:35 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}', feature 'PMStudio', component '{DEA6BF0E-1209-47E0-952B-14EAF3374EDE}' failed. The resource 'C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\PMStudio.hpf' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5879 / Error
Event Submitted/Written: 11/23/2007 09:03:26 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.2,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type5863 / Error
Event Submitted/Written: 11/23/2007 09:03:17 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1

Event Record #/Type5862 / Error
Event Submitted/Written: 11/23/2007 09:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Service Support service failed to start due to the following error:
%%2

Event Record #/Type5861 / Error
Event Submitted/Written: 11/23/2007 09:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Microsoft Windows Update Service service failed to start due to the following error:
%%2

Event Record #/Type5846 / Error
Event Submitted/Written: 11/23/2007 05:32:44 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.



-- End of Deckard's System Scanner: finished at 2007-11-23 21:15:23 ------------



#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 24 November 2007 - 05:26 AM

I'm afraid I have unpleasant news for you. You have a Dangerous infection on this machine.
The infection is delivered by a Backdoor Trojan.
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#5 Miami

Miami

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 24 November 2007 - 02:04 PM

Unfortuneatly I no longer have the Windows XP install disc, so reformatting is not an option for me. Also, I believe if I was in danger of my information being stolen, it would have already because I've had this for about a week or so already. Lets just try to disinfect. I'm sure if something bad happens to any bank accounts accessed through here or so, it can be reversed very easily (this I know for a fact). Edit: I've also just uninstalled Lineage II and deleted a few things so I have 9.69 GB of free space now.

Edited by Miami, 24 November 2007 - 02:07 PM.


#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 24 November 2007 - 02:19 PM

Hi

I dont mean to cause panic, it's the standard warning to alert you to the worst case scenario. I wouldnt be doing my job right if I didnt. ;)


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back in your next reply.



Download and Save ComboFix
  • Download this file from below:

    Here
  • Save it to your Desktop.
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply post:
ComboFix.txt
New Deckards log taken after the above scan has run

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#7 Miami

Miami

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 25 November 2007 - 01:30 AM

report.txt

SDFix: Version 1.115

Run by ERIK A. GRIFFIN on Sun 11/25/2007 at 01:15 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
msupdate

Path:
C:\WINDOWS\system32\wupdmgr32.exe

msupdate - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\TEMPNAME.DLL - Deleted
C:\WINDOWS\SYSTEM32\NEA9CD~1.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWUCC~2.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWUCC~3.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWUCC~4.XML - Deleted
C:\WINDOWS\Temp\win741.tmp.exe - Deleted
C:\WINDOWS\Temp\win741.tmp.exe - Deleted
C:\WINDOWS\Fonts\lsass.exe - Deleted
C:\WINDOWS\regedit.com - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 01:30:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b9,ae,98,a3,2a,76,fb,be,8b,24,cb,91,2e,b0,b3,a9,f1,9c,cc,05,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:c9,52,66,62,cc,5c,af,51,14,45,53,c7,97,d1,11,7f,7a,f2,4e,d4,a2,..
"d0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,54,10,99,1e,64,9f,21,6c,90,c0,ac,ff,61,39,a4,e3,67,2b,73,9e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3f,65,8a,28,50,ea,3d,de,97,ce,28,44,c1,23,6e,48,98,2b,a1,a9,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:26,bb,e1,e5,65,c1,c7,e9,b2,73,7a,42,76,92,3f,8f,a9,95,62,7a,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:26,bb,e1,e5,65,c1,c7,e9,b2,73,7a,42,76,92,3f,8f,a9,95,62,7a,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b9,ae,98,a3,2a,76,fb,be,8b,24,cb,91,2e,b0,b3,a9,f1,9c,cc,05,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:c9,52,66,62,cc,5c,af,51,14,45,53,c7,97,d1,11,7f,7a,f2,4e,d4,a2,..
"d0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,54,10,99,1e,64,9f,21,6c,90,c0,ac,ff,61,39,a4,e3,67,2b,73,9e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3f,65,8a,28,50,ea,3d,de,97,ce,28,44,c1,23,6e,48,98,2b,a1,a9,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:26,bb,e1,e5,65,c1,c7,e9,b2,73,7a,42,76,92,3f,8f,a9,95,62,7a,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:26,bb,e1,e5,65,c1,c7,e9,b2,73,7a,42,76,92,3f,8f,a9,95,62,7a,02,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07B1DF8-A8A7-63DE-2F58-CC4970B9D9A9}]
"haagdienpnfdpcfi"=hex:6a,61,66,68,63,63,6c,70,66,65,6f,61,63,69,61,65,6c,64,6f,6b,00,..
"iagfjjjabacpidaplg"=hex:6a,61,66,68,63,63,6c,70,66,65,6f,61,63,69,61,65,6c,64,6f,6b,00,..

scanning hidden files ...

C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Microsoft\Messenger\jumpybongo@hotmail.com\SharingMetadata\eldest219@hotmail.com\DFSR\Staging\CS{84950D07-2063-CD5A-B223-876EA22EDE34}\01\14-{84950D07-2063-CD5A-B223-876EA22EDE34}-v1-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Microsoft\Messenger\jumpybongo@hotmail.com\SharingMetadata\messedupkid@gmail.com\DFSR\Staging\CS{9260A288-9EE7-98F2-3F93-18F1E2C4BE1B}\01\10-{9260A288-9EE7-98F2-3F93-18F1E2C4BE1B}-v1-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Microsoft\Messenger\jumpybongo@hotmail.com\SharingMetadata\messedupkid@gmail.com\DFSR\Staging\CS{9260A288-9EE7-98F2-3F93-18F1E2C4BE1B}\11\11-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v11-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1812 bytes hidden from API
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Microsoft\Messenger\jumpybongo@hotmail.com\SharingMetadata\messedupkid@gmail.com\DFSR\Staging\CS{9260A288-9EE7-98F2-3F93-18F1E2C4BE1B}\11\11-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v11-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\Fonts\\lsass.exe"="C:\\WINDOWS\\Fonts\\lsass.exe:*:Enabled: "
"C:\\Program Files\\LegacyGamers\\GunZ Online\\GunZLauncher.exe"="C:\\Program Files\\LegacyGamers\\GunZ Online\\GunZLauncher.exe:*:Enabled:Gunz"
"C:\\Program Files\\wIRC\\mIRC.exe"="C:\\Program Files\\wIRC\\mIRC.exe:*:Enabled:mIRC"
"C:\\wIRC\\mIRC.exe"="C:\\wIRC\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\mIRC\\mirc.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\Ares\\Ares.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Steam\\steamapps\\224447\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\224447\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\224447\\garrysmod\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\224447\\garrysmod\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe"="C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe:*:Enabled:Gunz"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd"
"C:\\Program Files\\Brittle Bullet - Private Gunz Server\\Brittle Bullet.exe"="C:\\Program Files\\Brittle Bullet - Private Gunz Server\\Brittle Bullet.exe:*:Enabled:Gunz"
"C:\\WINDOWS\\system32\\srvsupp.exe"="C:\\WINDOWS\\system32\\srvsupp.exe:*:Enabled:srvsupp"
"C:\\WINDOWS\\system32\\wupdmgr32.exe"="C:\\WINDOWS\\system32\\wupdmgr32.exe:*:Enabled:Windows Update Manager"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Tue 29 Aug 2000 557,056 A..H. --- "C:\Program Files\Dell\Backup\DellBckp.exe"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Tue 30 Oct 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sat 12 Jul 2003 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Wed 25 Jun 2003 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
Wed 25 Jun 2003 232,470 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
Sat 12 Jul 2003 290,546 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Sat 12 Jul 2003 156,520 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM.reg"
Wed 25 Jun 2003 155,106 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM_old.reg"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 22 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~21D.tmp"
Thu 22 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~2779.tmp"
Thu 22 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~34C6.tmp"
Wed 14 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~8E6A.tmp"
Wed 21 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~C5C.tmp"
Thu 8 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 8 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"

Finished!


ComboFix.txt

ComboFix 07-11-19.3 - ERIK A. GRIFFIN 2007-11-25 2:04:22.1 - NTFSx86
Running from: C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\dach100.dll
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\#SharedObjects\UWRUQFX6\www.broadcaster.com
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\#SharedObjects\UWRUQFX6\www.broadcaster.com\played_list.sol
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\#SharedObjects\UWRUQFX6\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\SMBOLS~1
C:\Documents and Settings\ERIK A. GRIFFIN\My Documents\CROSOF~1.NET
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\dobe~1\?dobe\
C:\Program Files\Common Files\smbols~1
C:\Program Files\TrustIn Contextual
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\winjrs32.dll
C:\WINDOWS\system32\wnsintsu.exe
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\LEGACY_NWSAPAGENT
-------\Iprip
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-25 01:14 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-24 17:00 <DIR> d-------- C:\Program Files\Google
2007-11-24 17:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2007-11-23 21:46 <DIR> d-------- C:\Program Files\UnH Solutions
2007-11-23 21:08 <DIR> d-------- C:\Deckard
2007-11-18 19:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-18 14:59 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Nero
2007-11-18 14:58 188 --a------ C:\WINDOWS\system32\MsiExec.exe.log
2007-11-18 14:53 <DIR> d-------- C:\Program Files\Nero
2007-11-18 14:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2007-11-17 18:02 <DIR> d-------- C:\Program Files\Converter
2007-11-15 18:55 <DIR> d-------- C:\b
2007-11-13 02:47 <DIR> d-------- C:\Program Files\LegacyGamers
2007-11-09 08:12 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\IrfanView
2007-11-08 23:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-06 11:17 <DIR> d-------- C:\Program Files\Brittle Bullet - Private Gunz Server
2007-11-06 00:48 <DIR> d-------- C:\Program Files\iPod
2007-11-06 00:47 <DIR> d-------- C:\Program Files\iTunes
2007-11-06 00:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-05 12:06 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-05 12:04 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-11-05 12:04 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-04 00:41 <DIR> d-------- C:\Program Files\IrfanView
2007-11-01 16:55 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Media Player Classic
2007-11-01 16:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-11-01 16:30 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-11-01 09:01 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Atari
2007-11-01 08:52 <DIR> d-------- C:\Program Files\Atari
2007-10-31 23:20 <DIR> d-------- C:\Program Files\Steam
2007-10-30 22:10 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-30 22:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-30 19:34 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-30 19:34 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-10-30 19:34 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-10-30 19:34 217,073 --a------ C:\WINDOWS\meta4.exe
2007-10-30 19:34 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-10-30 19:34 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-10-30 19:32 <DIR> d-------- C:\Program Files\eRightSoft
2007-10-30 19:32 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
2007-10-30 19:32 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2007-10-30 19:32 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2007-10-30 19:32 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
2007-10-30 19:32 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
2007-10-30 19:32 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2007-10-30 19:32 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
2007-10-30 19:32 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2007-10-30 19:32 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-10-29 15:41 <DIR> d-------- C:\Program Files\Skyhook Wireless
2007-10-29 15:41 12,416 --a------ C:\WINDOWS\system32\drivers\wpsnuio.sys
2007-10-29 15:21 <DIR> d-------- C:\Program Files\AIM6
2007-10-29 13:41 <DIR> d-------- C:\Program Files\QuickTime
2007-10-29 12:47 <DIR> d-------- C:\WINDOWS\Startup (disabled)
2007-10-29 12:42 430 --ah----- C:\WINDOWS\sysdata.dat
2007-10-29 12:39 341 --ah----- C:\WINDOWS\winshell.dat
2007-10-29 12:29 <DIR> d-------- C:\Program Files\mIRC
2007-10-29 12:29 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 07:17 64,512 ---ha-w C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\dach100.dll
2007-11-25 04:36 2,059,115 ----a-w C:\WINDOWS\Fonts\error.exe
2007-11-24 17:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 17:46 --------- d-----w C:\Program Files\AvPropPlugin
2007-11-09 23:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-07 19:50 --------- d-----w C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Registry Help Pro
2007-11-07 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Outspark
2007-11-07 17:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-04 05:42 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-29 20:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2007-10-29 20:22 --------- d-----w C:\Program Files\Viewpoint
2007-10-29 20:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2007-10-29 20:21 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-29 18:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-10-29 17:41 --------- d-----w C:\Program Files\Dachshund Software
2007-10-29 17:16 --------- d-----w C:\Program Files\Winamp
2007-09-20 14:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 14:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2005-12-13 06:28 200,704 -c--a-w C:\Documents and Settings\ERIK A. GRIFFIN\BAReport.exe
2005-11-27 21:01 77,824 ----a-w C:\Documents and Settings\ERIK A. GRIFFIN\mrs.exe
2005-11-27 11:45 102,400 ----a-w C:\Documents and Settings\ERIK A. GRIFFIN\zlib.dll
2005-03-31 07:29 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2004-01-11 19:50 1,001,536 -c--a-w C:\Program Files\mmssetup.exe
2003-09-14 01:48 1,009,560 -c--a-w C:\Program Files\office2000-kb824936-client-enu.exe
2003-09-14 01:40 1,009,560 -c--a-w C:\Program Files\office2000-kb824936-client-enu WORD PATCH SEPT 2003.exe
2003-08-30 09:46 1,291,040 -c--a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2006-03-05 17:40 29,033 -csha-w C:\WINDOWS\system32\rerolpxei.dat
2007-05-04 14:01 602,144 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-04 14:02 26,400 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"ares"="C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" []
"Google Update"="C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [2007-11-18 15:02]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-31 19:46]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-05 12:05]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56]

C:\Documents and Settings\ERIK A. GRIFFIN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-19 01:41:37]
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 11:00:44]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [2002-09-21 11:26:40]
YouTube Uploader.lnk - C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-10-22 11:32:22]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 11:27:14]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-24 17:00:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplorer]
iexplorer.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WinampAgent"=C:\Program Files\Winamp\winampa.exe

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S2 Service Support;Service Support;C:\WINDOWS\system32\srvsupp.exe
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys
S3 XDva032;XDva032;\??\C:\WINDOWS\system32\XDva032.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\AUTORUN\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed2a1c8-1847-11db-9374-0080add18772}]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 12:23:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-25 03:56:25 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-10-22 00:51:39 C:\WINDOWS\Tasks\Microsoft Word.job"
- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Word.lnk
"2007-10-22 00:53:37 C:\WINDOWS\Tasks\Scanner and Camera Wizard.job"
- C:\WINDOWS\system32\wiaacmgr.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 02:15:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 2:20:52 - machine was rebooted
.
--- E O F ---


main.txt (DSS)

Deckard's System Scanner v20071014.68
Run by ERIK A. GRIFFIN on 2007-11-25 02:23:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as ERIK A. GRIFFIN.exe) -------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-25 02:23:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnceEx: [lsass] C:\WINDOWS\Fonts\lsass.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\VANESSA J. GRIFFIN\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: https://ny.contentmatch.net (HKLM)
O16 - DPF: ActiveGS.cab () - http://www.virtualap...rg/activegs.cab
O16 - DPF: Yahoo! Chat () - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers () - http://download.game...nts/y/kt4_x.cab
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netm...NMStarter23.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.micr.../OGAControl.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} () - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.wildtange...all/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtange...ave/Install.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (MalwareCleaner Class) - http://www.microsoft.../WebCleaner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonl...Q/bin/WebIQ.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135819770910
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} () - http://yax-download.....cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FF452CFC-7056-4A5D-A327-1DFEC8EDC82A} (Upload Class) - http://www.neptune.c...ad/ms40upld.ocx
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: iexplorer - C:\WINDOWS\system32\iexplorer.dll (file missing)
O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\system32\wintfj32.dll (file missing)
O22 - SharedTaskScheduler: Prestige Software - {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service Support - Unknown owner - C:\WINDOWS\system32\srvsupp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


--
End of file - 15130 bytes

-- Files created between 2007-10-25 and 2007-11-25 -----------------------------

2007-11-25 02:17:03 64512 --ah----- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\dach100.dll
2007-11-25 01:14:12 0 d-------- C:\WINDOWS\ERUNT
2007-11-24 17:00:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2007-11-24 17:00:22 0 d-------- C:\Program Files\Google
2007-11-23 21:46:00 0 d-------- C:\Program Files\UnH Solutions
2007-11-18 19:14:51 0 d-------- C:\Program Files\Common Files\Nero
2007-11-18 14:59:34 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Nero
2007-11-18 14:53:33 0 d-------- C:\Program Files\Nero
2007-11-18 14:53:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2007-11-17 18:02:01 0 d-------- C:\Program Files\Converter
2007-11-15 18:55:44 0 d-------- C:\b
2007-11-13 02:47:43 0 d-------- C:\Program Files\LegacyGamers
2007-11-09 08:12:53 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\IrfanView
2007-11-08 23:41:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-06 11:17:54 0 d-------- C:\Program Files\Brittle Bullet - Private Gunz Server
2007-11-06 00:48:46 0 d-------- C:\Program Files\iPod
2007-11-06 00:47:55 0 d-------- C:\Program Files\iTunes
2007-11-06 00:39:59 0 d-------- C:\Program Files\Common Files\Apple
2007-11-04 00:41:33 0 d-------- C:\Program Files\IrfanView
2007-11-01 16:55:52 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Media Player Classic
2007-11-01 16:53:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-11-01 16:30:36 0 d-------- C:\Program Files\SystemRequirementsLab
2007-11-01 15:14:16 157696 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-01 09:01:33 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Atari
2007-11-01 08:52:38 0 d-------- C:\Program Files\Atari
2007-10-31 23:20:16 0 d-------- C:\Program Files\Steam
2007-10-30 22:10:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:10:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-30 19:34:34 394240 --a------ C:\WINDOWS\system32\Smab.dll
2007-10-30 19:34:34 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-10-30 19:34:34 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-10-30 19:34:33 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-10-30 19:34:33 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-10-30 19:34:33 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-10-30 19:34:33 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-10-30 19:34:33 217073 --a------ C:\WINDOWS\meta4.exe
2007-10-30 19:34:31 0 d-------- C:\Program Files\AviSynth 2.5
2007-10-30 19:32:13 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2007-10-30 19:32:13 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2007-10-30 19:32:03 0 d-------- C:\Program Files\eRightSoft
2007-10-29 15:41:33 12416 --a------ C:\WINDOWS\system32\drivers\wpsnuio.sys <Not Verified; Skyhook Wireless; WPS NDIS User Mode I/O Driver>
2007-10-29 15:41:33 0 d-------- C:\Program Files\Skyhook Wireless
2007-10-29 15:21:04 0 d-------- C:\Program Files\AIM6
2007-10-29 13:41:05 0 d-------- C:\Program Files\QuickTime
2007-10-29 12:47:10 0 d-------- C:\WINDOWS\Startup (disabled)
2007-10-29 12:42:00 430 --ah----- C:\WINDOWS\sysdata.dat
2007-10-29 12:39:31 341 --ah----- C:\WINDOWS\winshell.dat
2007-10-29 12:29:24 0 d-------- C:\Program Files\mIRC
2007-10-29 12:29:24 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\mIRC


-- Find3M Report ---------------------------------------------------------------

2007-11-25 02:17:05 66 --a------ C:\WINDOWS\anticrash.dat
2007-11-25 02:17:03 61 --a------ C:\WINDOWS\hare.dat
2007-11-25 02:17:02 60 --a------ C:\WINDOWS\zoom.dat
2007-11-25 02:15:51 0 d-------- C:\Program Files\Common Files
2007-11-24 12:15:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-22 15:31:44 589 --ah----- C:\WINDOWS\WININF.DAT
2007-11-21 03:48:47 73264 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-11-20 12:46:35 0 d-------- C:\Program Files\AvPropPlugin
2007-11-19 03:07:21 32 --a----c- C:\WINDOWS\go
2007-11-09 18:23:02 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-07 14:50:21 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Registry Help Pro
2007-11-07 12:45:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-07 12:25:00 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Adobe
2007-11-04 00:42:45 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-29 15:22:18 0 d-------- C:\Program Files\Viewpoint
2007-10-29 15:21:09 0 d-------- C:\Program Files\Common Files\AOL
2007-10-29 13:28:34 32700 --a----c- C:\WINDOWS\system32\tcpipbak.reg
2007-10-29 12:41:56 0 d-------- C:\Program Files\Dachshund Software
2007-10-29 12:16:45 0 d-------- C:\Program Files\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 11:22 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/31/2006 07:46 PM]
"nwiz"="nwiz.exe" [10/22/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 11:22 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/05/2007 12:05 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/02/2006 08:07 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"ares"="C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" []
"Google Update"="C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [11/18/2007 03:02 PM]
"Aim6"="" []

C:\Documents and Settings\ERIK A. GRIFFIN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/19/2005 1:41:37 AM]
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [12/17/2002 11:00:44 AM]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [9/21/2002 11:26:40 AM]
YouTube Uploader.lnk - C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [10/22/2007 11:32:22 AM]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [9/21/2002 11:27:14 AM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/24/2007 5:00:31 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplorer]
iexplorer.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WinampAgent"=C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\AUTORUN\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed2a1c8-1847-11db-9374-0080add18772}]
AutoRun\command- H:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-25 02:24:12 ------------



#8 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 25 November 2007 - 06:16 AM

Hi

Please dont use quotes to paste your logs. It's easier to read if you just paste straight into the reply box.


To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon (or click Start, then select My Computer)
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.


Go to http://www.virustota.../en/indexf.html
Copy the following line into the white textbox:
C:\WINDOWS\meta4.exe
Click Send.
Please post the results of this scan to this thread.

Do the same for the following files:
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\system32\RLOgg.ax
C:\WINDOWS\sysdata.dat
C:\WINDOWS\winshell.dat

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#9 Miami

Miami

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 25 November 2007 - 10:56 AM

File meta4.exe received on 11.25.2007 17:09:49 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 4/32 (12.5%) Loading server information... Your file is queued in position: 3. Estimated start time is between 45 and 65 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.11.24.0 2007.11.23 - AntiVir 7.6.0.34 2007.11.23 - Authentium 4.93.8 2007.11.24 - Avast 4.7.1074.0 2007.11.23 - AVG 7.5.0.503 2007.11.24 - BitDefender 7.2 2007.11.25 - CAT-QuickHeal 9.00 2007.11.24 (Suspicious) - DNAScan ClamAV 0.91.2 2007.11.25 - DrWeb 4.44.0.09170 2007.11.25 - eSafe 7.0.15.0 2007.11.21 suspicious Trojan/Worm eTrust-Vet 31.3.5324 2007.11.24 - Ewido 4.0 2007.11.25 - FileAdvisor 1 2007.11.25 - Fortinet 3.14.0.0 2007.11.25 - F-Prot 4.4.2.54 2007.11.25 - F-Secure 6.70.13030.0 2007.11.24 - Ikarus T3.1.1.12 2007.11.25 - Kaspersky 7.0.0.125 2007.11.25 - McAfee 5170 2007.11.23 - Microsoft 1.3007 2007.11.25 - NOD32v2 2684 2007.11.25 - Norman 5.80.02 2007.11.23 - Panda 9.0.0.4 2007.11.25 Suspicious file Prevx1 V2 2007.11.25 - Rising 20.19.61.00 2007.11.25 - Sophos 4.23.0 2007.11.25 - Sunbelt 2.2.907.0 2007.11.24 - Symantec 10 2007.11.25 - TheHacker 6.2.9.141 2007.11.24 - VBA32 3.12.2.5 2007.11.23 - VirusBuster 4.3.26:9 2007.11.25 - Webwasher-Gateway 6.0.1 2007.11.25 Win32.Malware.gen (suspicious) Additional information File size: 217073 bytes MD5: fce9e5f5c7ce6d7b1ec49b5ce07070c9 SHA1: 2ca7b4304072b5a2634bae8dbb496ab2ebbc921a packers: UPX packers: UPX packers: UPX File MOTA113.exe received on 11.25.2007 17:19:46 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 6/32 (18.75%) Loading server information... Your file is queued in position: 3. Estimated start time is between 45 and 65 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.11.24.0 2007.11.23 - AntiVir 7.6.0.34 2007.11.23 - Authentium 4.93.8 2007.11.24 - Avast 4.7.1074.0 2007.11.23 - AVG 7.5.0.503 2007.11.24 - BitDefender 7.2 2007.11.25 - CAT-QuickHeal 9.00 2007.11.24 (Suspicious) - DNAScan ClamAV 0.91.2 2007.11.25 PUA.Packed.TeLock DrWeb 4.44.0.09170 2007.11.25 - eSafe 7.0.15.0 2007.11.21 suspicious Trojan/Worm eTrust-Vet 31.3.5324 2007.11.24 - Ewido 4.0 2007.11.25 - FileAdvisor 1 2007.11.25 - Fortinet 3.14.0.0 2007.11.25 - F-Prot 4.4.2.54 2007.11.25 - F-Secure 6.70.13030.0 2007.11.24 - Ikarus T3.1.1.12 2007.11.25 - Kaspersky 7.0.0.125 2007.11.25 - McAfee 5170 2007.11.23 - Microsoft 1.3007 2007.11.25 - NOD32v2 2684 2007.11.25 - Norman 5.80.02 2007.11.23 - Panda 9.0.0.4 2007.11.25 Suspicious file Prevx1 V2 2007.11.25 - Rising 20.19.61.00 2007.11.25 - Sophos 4.23.0 2007.11.25 - Sunbelt 2.2.907.0 2007.11.24 VIPRE.Suspicious Symantec 10 2007.11.25 - TheHacker 6.2.9.141 2007.11.24 - VBA32 3.12.2.5 2007.11.23 - VirusBuster 4.3.26:9 2007.11.25 - Webwasher-Gateway 6.0.1 2007.11.25 Win32.Malware.gen (suspicious) Additional information File size: 66560 bytes MD5: faf96e03b03725bc816c11d5af009681 SHA1: 2320e8b54d52a31f257785126153f9c30e10ef70 packers: TeLock packers: PE_Patch, TeLock Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. File RLOgg.ax received on 11.25.2007 17:26:33 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 2/32 (6.25%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.11.24.0 2007.11.23 - AntiVir 7.6.0.34 2007.11.23 - Authentium 4.93.8 2007.11.24 - Avast 4.7.1074.0 2007.11.23 - AVG 7.5.0.503 2007.11.24 - BitDefender 7.2 2007.11.25 - CAT-QuickHeal 9.00 2007.11.24 - ClamAV 0.91.2 2007.11.25 - DrWeb 4.44.0.09170 2007.11.25 - eSafe 7.0.15.0 2007.11.21 suspicious Trojan/Worm eTrust-Vet 31.3.5324 2007.11.24 - Ewido 4.0 2007.11.25 - FileAdvisor 1 2007.11.25 - Fortinet 3.14.0.0 2007.11.25 - F-Prot 4.4.2.54 2007.11.25 - F-Secure 6.70.13030.0 2007.11.24 - Ikarus T3.1.1.12 2007.11.25 - Kaspersky 7.0.0.125 2007.11.25 - McAfee 5170 2007.11.23 - Microsoft 1.3007 2007.11.25 - NOD32v2 2684 2007.11.25 - Norman 5.80.02 2007.11.23 - Panda 9.0.0.4 2007.11.25 - Prevx1 V2 2007.11.25 - Rising 20.19.61.00 2007.11.25 - Sophos 4.23.0 2007.11.25 - Sunbelt 2.2.907.0 2007.11.24 - Symantec 10 2007.11.25 - TheHacker 6.2.9.141 2007.11.24 - VBA32 3.12.2.5 2007.11.23 - VirusBuster 4.3.26:9 2007.11.25 - Webwasher-Gateway 6.0.1 2007.11.25 Win32.UPXpacked.gen!94 (suspicious) Additional information File size: 186880 bytes MD5: 00817d79cc4282859e9f5685ba686469 SHA1: d77574b3a2e998b49b8258944d2eca2b7b6aedfa packers: UPX packers: PE_Patch.UPX, UPX File sysdata.dat received on 11.25.2007 17:33:06 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/31 (0%) Loading server information... Your file is queued in position: 3. Estimated start time is between 45 and 65 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.11.24.0 2007.11.23 - AntiVir 7.6.0.34 2007.11.23 - Authentium 4.93.8 2007.11.24 - Avast 4.7.1074.0 2007.11.23 - AVG 7.5.0.503 2007.11.24 - BitDefender 7.2 2007.11.25 - CAT-QuickHeal 9.00 2007.11.24 - ClamAV 0.91.2 2007.11.25 - DrWeb 4.44.0.09170 2007.11.25 - eSafe 7.0.15.0 2007.11.21 - eTrust-Vet 31.3.5324 2007.11.24 - Ewido 4.0 2007.11.25 - FileAdvisor 1 2007.11.25 - Fortinet 3.14.0.0 2007.11.25 - F-Prot 4.4.2.54 2007.11.25 - F-Secure 6.70.13030.0 2007.11.24 - Ikarus T3.1.1.12 2007.11.25 - Kaspersky 7.0.0.125 2007.11.25 - McAfee 5170 2007.11.23 - Microsoft 1.3007 2007.11.25 - NOD32v2 2684 2007.11.25 - Norman 5.80.02 2007.11.23 - Panda 9.0.0.4 2007.11.25 - Rising 20.19.61.00 2007.11.25 - Sophos 4.23.0 2007.11.25 - Sunbelt 2.2.907.0 2007.11.24 - Symantec 10 2007.11.25 - TheHacker 6.2.9.141 2007.11.24 - VBA32 3.12.2.5 2007.11.23 - VirusBuster 4.3.26:9 2007.11.25 - Webwasher-Gateway 6.0.1 2007.11.25 - Additional information File size: 430 bytes MD5: 489fa31b66efa71a06eb6c65006e98ee SHA1: a6e9884f4291f891b74d38bd3f298a377ab6e388 File winshell.dat received on 11.25.2007 17:53:06 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) Loading server information... Your file is queued in position: 5. Estimated start time is between 52 and 75 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.11.24.0 2007.11.23 - AntiVir 7.6.0.34 2007.11.23 - Authentium 4.93.8 2007.11.24 - Avast 4.7.1074.0 2007.11.23 - AVG 7.5.0.503 2007.11.24 - BitDefender 7.2 2007.11.25 - CAT-QuickHeal 9.00 2007.11.24 - ClamAV 0.91.2 2007.11.25 - DrWeb 4.44.0.09170 2007.11.25 - eSafe 7.0.15.0 2007.11.21 - eTrust-Vet 31.3.5324 2007.11.24 - Ewido 4.0 2007.11.25 - FileAdvisor 1 2007.11.25 - Fortinet 3.14.0.0 2007.11.25 - F-Prot 4.4.2.54 2007.11.25 - F-Secure 6.70.13030.0 2007.11.24 - Ikarus T3.1.1.12 2007.11.25 - Kaspersky 7.0.0.125 2007.11.25 - McAfee 5170 2007.11.23 - Microsoft 1.3007 2007.11.25 - NOD32v2 2684 2007.11.25 - Norman 5.80.02 2007.11.23 - Panda 9.0.0.4 2007.11.25 - Prevx1 V2 2007.11.25 - Rising 20.19.61.00 2007.11.25 - Sophos 4.23.0 2007.11.25 - Sunbelt 2.2.907.0 2007.11.24 - Symantec 10 2007.11.25 - TheHacker 6.2.9.141 2007.11.24 - VBA32 3.12.2.5 2007.11.23 - VirusBuster 4.3.26:9 2007.11.25 - Webwasher-Gateway 6.0.1 2007.11.25 - Additional information File size: 341 bytes MD5: cef18c5d259cc6b77edec629c7ffede5 SHA1: 88921aba6204ef68fc1f45f5d36e529d9e30b8c7

#10 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 26 November 2007 - 03:59 AM

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

With the exception of Internet Explorer, which is needed for the Kaspersky Scan, keep ALL programs closed until the scan is complete.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

    Advertisements

Register to Remove


#11 Miami

Miami

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 26 November 2007 - 11:59 AM

I got this error when it was updating: Attention, you must be online to activate Kaspersky Online Scanner, since the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. [21]

#12 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 26 November 2007 - 05:02 PM

Hi Were you online at the time?
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#13 Miami

Miami

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 26 November 2007 - 05:31 PM

Haha of course. I'm connected to DSL so I'm connected to the internet 24/7 + I had I.E. open (logically). So yeah.

#14 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 27 November 2007 - 04:39 AM

Hi

Download AVG Anti-Spyware.
  • Install AVG Anti-Spyware.
  • Launch AVG by double-clicking on the icon.
  • The program will now open to the main screen.
  • You will need to update AVG to the latest definition files.
  • At the top of the main screen click Update.
  • Then in the Manual Update section, click on Start Update.
[*]The update will start and a progress bar will show the updates being installed.
[*]When updates are completed, close AVG.
[/list]If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates


Follow the next instructions carefully, even if they dont look right to you. There is a bug in the program and we have to work around it.

Run a scan with AVG.
  • Click on Scanner
    • Click on the Settings tab, and set the following settings.
      • How to act
      • Click on Recommended actions, and set to Quarantine.
    • How to scan
      • Check all options.
    • Possibly unwanted software.
      • Check all options.
    • Reports
      • Check Do not automatically generate reports after every scan.
    • What to scan
      • Check Scan every file.
  • Click on the Scan tab.
    • Click on Complete System Scan and the scan will begin.
    • When the scan has finished
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the Apply all Actions button.
Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports


Post the report in your next reply.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#15 Miami

Miami

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 28 November 2007 - 01:56 PM

I followed your directions exactly, and the path "C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports" can't be found.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users