
WIN403~1.EXE (win4036.tmp?)
#1
Posted 23 November 2007 - 01:38 PM
Register to Remove
#2
Posted 23 November 2007 - 04:02 PM
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply
#3
Posted 23 November 2007 - 08:17 PM
Deckard's System Scanner v20071014.68
Run by ERIK A. GRIFFIN on 2007-11-23 21:08:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; unknown error code 0x00000001
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 3.65 GiB (less than 15%) free.
-- HijackThis (run as ERIK A. GRIFFIN.exe) -------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-23 21:13:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Fonts\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
O1 - Hosts: 67.159.44.37 l2authd.lineage2.com
O1 - Hosts: 67.159.44.37 l2testauthd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - (no file)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - (no file)
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft] iexplorer2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\Fonts\lsass.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer2.exe
O4 - HKLM\..\RunOnce: [lsass] C:\WINDOWS\Fonts\lsass.exe /RunOnce
O4 - HKLM\..\RunOnceEx: [lsass] C:\WINDOWS\Fonts\lsass.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\VANESSA J. GRIFFIN\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: https://ny.contentmatch.net (HKLM)
O16 - DPF: ActiveGS.cab () - http://www.virtualap...rg/activegs.cab
O16 - DPF: Yahoo! Chat () - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers () - http://download.game...nts/y/kt4_x.cab
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netm...NMStarter23.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.micr.../OGAControl.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} () - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.wildtange...all/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtange...ave/Install.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (MalwareCleaner Class) - http://www.microsoft.../WebCleaner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonl...Q/bin/WebIQ.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135819770910
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} () - http://yax-download.....cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FF452CFC-7056-4A5D-A327-1DFEC8EDC82A} (Upload Class) - http://www.neptune.c...ad/ms40upld.ocx
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: iexplorer - C:\WINDOWS\system32\iexplorer.dll (file missing)
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\system32\winjrs32.dll
O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\system32\wintfj32.dll (file missing)
O22 - SharedTaskScheduler: Prestige Software - {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Windows Update Service (MSUpdate) - Unknown owner - C:\WINDOWS\system32\wupdmgr32.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service Support - Unknown owner - C:\WINDOWS\system32\srvsupp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 15623 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------
backup-20071119-153124-730 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071119-153124-950 R3 - URLSearchHook: (no name) - {F3B536F1-A568-ACEA-4F84-F55A6C3912CA} - (no file)
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - %1
.bat - batfile - shell\open\command - C:\WINDOWS\system32\wupdmgr32.exe "%1"
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153
.com - comfile - DefaultIcon - %1
.com - comfile - shell\open\command - C:\WINDOWS\system32\wupdmgr32.exe "%1"
.exe - exefile - shell\open\command - C:\WINDOWS\Fonts\lsass.exe "%1" %*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - C:\WINDOWS\system32\wupdmgr32.exe "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 npkcrypt - c:\program files\lineage ii\system\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFSDRV - c:\??\c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\??\c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 SDVC05 (USB SDVC05) - c:\windows\system32\drivers\sdvc05.sys <Not Verified; HaSoInTech; Windows ® 2000 DDK driver>
S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S2 MSUpdate (Microsoft Windows Update Service) - c:\windows\system32\wupdmgr32.exe (file missing)
S2 Service Support - c:\windows\system32\srvsupp.exe (file missing)
S2 Speed Disk service -
S4 bdss (BitDefender Scan Server) - "c:\program files\common files\softwin\bitdefender scan server\bdss.exe" /service (file missing)
S4 LIVESRV (BitDefender Desktop Update Service) - "c:\program files\common files\softwin\bitdefender update service\livesrv.exe" /service (file missing)
S4 VSSERV (BitDefender Virus Shield) - "c:\program files\softwin\bitdefender10\vsserv.exe" /service (file missing)
S4 XCOMM (BitDefender Communicator) - "c:\program files\common files\softwin\bitdefender communicator\xcommsvr.exe" /service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-11-23 18:56:17 362 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2007-11-17 07:23:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-10-21 19:53:37 314 --a------ C:\WINDOWS\Tasks\Scanner and Camera Wizard.job
2007-10-21 19:51:39 474 --a------ C:\WINDOWS\Tasks\Microsoft Word.job
-- Files created between 2007-10-23 and 2007-11-23 -----------------------------
2007-11-23 21:04:08 64512 --ah----- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\dach100.dll
2007-11-22 02:18:57 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-11-22 02:18:54 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-18 19:14:51 0 d-------- C:\Program Files\Common Files\Nero
2007-11-18 14:59:34 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Nero
2007-11-18 14:53:33 0 d-------- C:\Program Files\Nero
2007-11-18 14:53:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2007-11-18 02:47:44 24576 --a------ C:\WINDOWS\system32\winjrs32.dll
2007-11-17 18:02:01 0 d-------- C:\Program Files\Converter
2007-11-17 01:00:38 0 d-------- C:\Program Files\KLC
2007-11-15 18:55:44 0 d-------- C:\b
2007-11-13 02:47:43 0 d-------- C:\Program Files\LegacyGamers
2007-11-11 01:41:15 0 d-------- C:\Program Files\MAIET
2007-11-09 08:12:53 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\IrfanView
2007-11-08 23:41:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-07 12:57:31 0 d-------- C:\Program Files\Lineage II
2007-11-07 12:57:02 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\InstallShield
2007-11-06 11:17:54 0 d-------- C:\Program Files\Brittle Bullet - Private Gunz Server
2007-11-06 00:48:46 0 d-------- C:\Program Files\iPod
2007-11-06 00:47:55 0 d-------- C:\Program Files\iTunes
2007-11-06 00:39:59 0 d-------- C:\Program Files\Common Files\Apple
2007-11-04 00:41:33 0 d-------- C:\Program Files\IrfanView
2007-11-01 16:55:52 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Media Player Classic
2007-11-01 16:53:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-11-01 16:30:36 0 d-------- C:\Program Files\SystemRequirementsLab
2007-11-01 15:14:16 157696 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-01 09:01:33 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Atari
2007-11-01 08:52:38 0 d-------- C:\Program Files\Atari
2007-10-31 23:20:16 0 d-------- C:\Program Files\Steam
2007-10-30 22:10:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:10:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-30 19:34:34 394240 --a------ C:\WINDOWS\system32\Smab.dll
2007-10-30 19:34:34 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-10-30 19:34:34 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-10-30 19:34:33 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-10-30 19:34:33 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-10-30 19:34:33 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-10-30 19:34:33 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-10-30 19:34:33 217073 --a------ C:\WINDOWS\meta4.exe
2007-10-30 19:34:31 0 d-------- C:\Program Files\AviSynth 2.5
2007-10-30 19:32:13 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2007-10-30 19:32:13 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2007-10-30 19:32:03 0 d-------- C:\Program Files\eRightSoft
2007-10-29 15:41:33 12416 --a------ C:\WINDOWS\system32\drivers\wpsnuio.sys <Not Verified; Skyhook Wireless; WPS NDIS User Mode I/O Driver>
2007-10-29 15:41:33 0 d-------- C:\Program Files\Skyhook Wireless
2007-10-29 15:21:04 0 d-------- C:\Program Files\AIM6
2007-10-29 13:41:05 0 d-------- C:\Program Files\QuickTime
2007-10-29 12:47:10 0 d-------- C:\WINDOWS\Startup (disabled)
2007-10-29 12:42:00 430 --ah----- C:\WINDOWS\sysdata.dat
2007-10-29 12:39:31 341 --ah----- C:\WINDOWS\winshell.dat
2007-10-29 12:29:24 0 d-------- C:\Program Files\mIRC
2007-10-29 12:29:24 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\mIRC
-- Find3M Report ---------------------------------------------------------------
2007-11-23 21:04:12 66 --a------ C:\WINDOWS\anticrash.dat
2007-11-23 21:04:09 61 --a------ C:\WINDOWS\hare.dat
2007-11-23 21:04:07 60 --a------ C:\WINDOWS\zoom.dat
2007-11-23 21:03:55 0 d-------- C:\Program Files\Common Files
2007-11-22 15:31:44 589 --ah----- C:\WINDOWS\WININF.DAT
2007-11-21 03:48:47 73264 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-11-20 12:46:35 0 d-------- C:\Program Files\AvPropPlugin
2007-11-19 03:07:21 32 --a----c- C:\WINDOWS\go
2007-11-12 05:58:39 0 d-------- C:\Program Files\TrustIn Contextual
2007-11-09 18:23:02 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-07 14:50:21 0 d-------- C:\Program Files\FriendBlasterPro
2007-11-07 14:50:21 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Registry Help Pro
2007-11-07 12:57:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-07 12:45:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-07 12:25:00 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Adobe
2007-11-04 00:42:45 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-29 15:22:18 0 d-------- C:\Program Files\Viewpoint
2007-10-29 15:21:09 0 d-------- C:\Program Files\Common Files\AOL
2007-10-29 13:28:34 32700 --a----c- C:\WINDOWS\system32\tcpipbak.reg
2007-10-29 12:41:56 0 d-------- C:\Program Files\Dachshund Software
2007-10-29 12:16:45 0 d-------- C:\Program Files\Winamp
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631f7200-642e-11db-bd13-0800200c9a66}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 11:22 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/31/2006 07:46 PM]
"Microsoft"="iexplorer2.exe" []
"nwiz"="nwiz.exe" [10/22/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 11:22 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/05/2007 12:05 PM]
"lsass"="C:\WINDOWS\Fonts\lsass.exe" [08/04/2004 02:56 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/02/2006 08:07 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"ares"="C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" []
"Google Update"="C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [11/18/2007 03:02 PM]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"lsass"=C:\WINDOWS\Fonts\lsass.exe /RunOnce
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft"=iexplorer2.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/19/2005 1:41:37 AM]
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [12/17/2002 11:00:44 AM]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [9/21/2002 11:26:40 AM]
YouTube Uploader.lnk - C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [10/22/2007 11:32:22 AM]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [9/21/2002 11:27:14 AM]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSaveSettings"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplorer]
iexplorer.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
winjrs32.dll 11/18/2007 02:47 AM 24576 C:\WINDOWS\system32\winjrs32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed2a1c8-1847-11db-9374-0080add18772}]
AutoRun\command- H:\setupSNK.exe
-- Hosts -----------------------------------------------------------------------
67.159.44.37 l2authd.lineage2.com
67.159.44.37 l2testauthd.lineage2.com
-- End of Deckard's System Scanner: finished at 2007-11-23 21:15:23 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 255.01 MiB / 74.71 MiB
Pagefile Memory (total/avail): 1233.55 MiB / 992.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.03 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.24 GiB total, 3.65 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (FAT) - 0.03 GiB total, 0.03 GiB free.
G: is Removable (No Media)
\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.24 GiB - C:
\PARTITION1 - 16-bit FAT - 31.35 MiB - F:
\\.\PHYSICALDRIVE1 - HP photosmart 7700 USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: BitDefender Antivirus Plus v10 v7.2 (Softwin) Disabled
AV: BitDefender Antivirus Plus v10 v7.2 (Softwin) Disabled Outdated
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\Fonts\\lsass.exe"="C:\\WINDOWS\\Fonts\\lsass.exe:*:Enabled: "
"C:\\Program Files\\LegacyGamers\\GunZ Online\\GunZLauncher.exe"="C:\\Program Files\\LegacyGamers\\GunZ Online\\GunZLauncher.exe:*:Enabled:Gunz"
"C:\\Program Files\\wIRC\\mIRC.exe"="C:\\Program Files\\wIRC\\mIRC.exe:*:Enabled:mIRC"
"C:\\wIRC\\mIRC.exe"="C:\\wIRC\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\mIRC\\mirc.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\Ares\\Ares.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Steam\\steamapps\\224447\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\224447\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\224447\\garrysmod\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\224447\\garrysmod\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe"="C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe:*:Enabled:Gunz"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd"
"C:\\Program Files\\Brittle Bullet - Private Gunz Server\\Brittle Bullet.exe"="C:\\Program Files\\Brittle Bullet - Private Gunz Server\\Brittle Bullet.exe:*:Enabled:Gunz"
"C:\\WINDOWS\\system32\\srvsupp.exe"="C:\\WINDOWS\\system32\\srvsupp.exe:*:Enabled:srvsupp"
"C:\\WINDOWS\\system32\\wupdmgr32.exe"="C:\\WINDOWS\\system32\\wupdmgr32.exe:*:Enabled:Windows Update Manager"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\ERIK A. GRIFFIN\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BIGPAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ERIK A. GRIFFIN
include=C:\Documents and Settings\ERIK A. GRIFFIN\VC98\atl\include;C:\Documents and Settings\ERIK A. GRIFFIN\VC98\mfc\include;C:\Documents and Settings\ERIK A. GRIFFIN\VC98\include
ITEMID=dj-22741-10
LANG=1033
lib=C:\Documents and Settings\ERIK A. GRIFFIN\VC98\mfc\lib;C:\Documents and Settings\ERIK A. GRIFFIN\VC98\lib
LOGONSERVER=\\BIGPAIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\Perl\bin\;C:\bin\;C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONID=1107197412488htx693f37160:101d0a0584b:7b96
SESSIONNAME=Console
SWUTVER=1.0.18.20030627
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp
USERDOMAIN=BIGPAIN
USERNAME=ERIK A. GRIFFIN
USERPROFILE=C:\Documents and Settings\ERIK A. GRIFFIN
VERSION=3.0.2.993
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
VANESSA J. GRIFFIN (admin)
ERIK A. GRIFFIN (admin)
Erik (admin)
Administrator (admin)
Guest (guest)
-- Add/Remove Programs ---------------------------------------------------------
-->
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Fight List 1.0.0.1 --> C:\PROGRA~1\AIMFIG~1\UNWISE.EXE C:\PROGRA~1\AIMFIG~1\INSTALL.LOG
AntiCrash 3.6.1 --> "C:\Program Files\Dachshund Software\AntiCrash\Uninstall.exe" "C:\Program Files\Dachshund Software\AntiCrash\install.log"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AvPropPlugin 1.0.0.1 --> C:\PROGRA~1\AVPROP~1\UNWISE.EXE C:\PROGRA~1\AVPROP~1\INSTALL.LOG
Brittle Bullet - Private Gunz Server --> MsiExec.exe /I{DDF1EC6E-E7AE-48B8-BA17-FFB1501A8C1E}
Chinese (Traditional) Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tw.inf, Uninstall
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVC5.1 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCCE3F4-E888-40E8-8AE5-CF8058F25631}\Setup.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{6953CFE0-74E6-4DE2-869E-D9ADFB2DC55F}
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Garry's Mod --> "C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Hare 1.5.1 --> "C:\Program Files\Dachshund Software\Hare\Uninstall.exe" "C:\Program Files\Dachshund Software\Hare\install.log"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Japanese Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Defense8 Control - Å°º¸µå º¸¾È --> regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\kdfense8.ocx"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Korean Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ko.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lineage II --> C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
Linksys EasyLink Advisor 1.5 (1010) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" UNINSTALL
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MP3 WAV WMA Converter --> C:\PROGRA~1\CONVER~1\UNWISE.EXE C:\PROGRA~1\CONVER~1\INSTALL.LOG
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TrustIn Contextual --> regsvr32 /u /s "C:\Program Files\TrustIn Contextual\trustincontext.dll"
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebFldrs XP -->
WebIQ Client Software --> C:\WINDOWS\system32\WebIQInstall.exe /u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinPcap 3.0 alpha --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
YouTube Uploader --> MsiExec.exe /X{93F7E99C-A2BB-315A-93E1-FBFA3A54C07F}
Zoom 1.3.1 --> "C:\Program Files\Dachshund Software\Zoom\Uninstall.exe" "C:\Program Files\Dachshund Software\Zoom\install.log"
-- Application Event Log -------------------------------------------------------
Event Record #/Type4370 / Warning
Event Submitted/Written: 11/23/2007 09:03:08 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.
Event Record #/Type4369 / Warning
Event Submitted/Written: 11/23/2007 09:03:08 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .
Event Record #/Type4361 / Error
Event Submitted/Written: 11/22/2007 11:19:18 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Easy CD & DVD Creator 6 -- Error 1706.No valid source could be found for product Easy CD & DVD Creator 6. The Windows Installer cannot continue.
Event Record #/Type4360 / Warning
Event Submitted/Written: 11/22/2007 11:18:35 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}', feature 'PMStudio' failed during request for component '{5AC6310E-8718-4D1A-AA6A-26CD5101EA52}'
Event Record #/Type4359 / Warning
Event Submitted/Written: 11/22/2007 11:18:35 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}', feature 'PMStudio', component '{DEA6BF0E-1209-47E0-952B-14EAF3374EDE}' failed. The resource 'C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\PMStudio.hpf' does not exist.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type5879 / Error
Event Submitted/Written: 11/23/2007 09:03:26 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.2,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.
Event Record #/Type5863 / Error
Event Submitted/Written: 11/23/2007 09:03:17 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1
Event Record #/Type5862 / Error
Event Submitted/Written: 11/23/2007 09:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Service Support service failed to start due to the following error:
%%2
Event Record #/Type5861 / Error
Event Submitted/Written: 11/23/2007 09:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Microsoft Windows Update Service service failed to start due to the following error:
%%2
Event Record #/Type5846 / Error
Event Submitted/Written: 11/23/2007 05:32:44 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
-- End of Deckard's System Scanner: finished at 2007-11-23 21:15:23 ------------
#4
Posted 24 November 2007 - 05:26 AM
The infection is delivered by a Backdoor Trojan.
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.
We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.
The Decision Whether to ReFormat or Not should be based on:
- The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
- The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect.
- Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
- Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
- If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers. - From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
- DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
- Take any other steps you think appropriate for an attempted identity theft.
Please let me know what you decide.
#5
Posted 24 November 2007 - 02:04 PM
Edited by Miami, 24 November 2007 - 02:07 PM.
#6
Posted 24 November 2007 - 02:19 PM
I dont mean to cause panic, it's the standard warning to alert you to the worst case scenario. I wouldnt be doing my job right if I didnt.

Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back in your next reply.
Download and Save ComboFix
- Download this file from below:
Here
- Save it to your Desktop.
- Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
- Then double click combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
In your next reply post:
ComboFix.txt
New Deckards log taken after the above scan has run
#7
Posted 25 November 2007 - 01:30 AM
SDFix: Version 1.115
Run by ERIK A. GRIFFIN on Sun 11/25/2007 at 01:15 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
msupdate
Path:
C:\WINDOWS\system32\wupdmgr32.exe
msupdate - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\TEMPNAME.DLL - Deleted
C:\WINDOWS\SYSTEM32\NEA9CD~1.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWUCC~2.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWUCC~3.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWUCC~4.XML - Deleted
C:\WINDOWS\Temp\win741.tmp.exe - Deleted
C:\WINDOWS\Temp\win741.tmp.exe - Deleted
C:\WINDOWS\Fonts\lsass.exe - Deleted
C:\WINDOWS\regedit.com - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 01:30:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b9,ae,98,a3,2a,76,fb,be,8b,24,cb,91,2e,b0,b3,a9,f1,9c,cc,05,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:c9,52,66,62,cc,5c,af,51,14,45,53,c7,97,d1,11,7f,7a,f2,4e,d4,a2,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,54,10,99,1e,64,9f,21,6c,90,c0,ac,ff,61,39,a4,e3,67,2b,73,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3f,65,8a,28,50,ea,3d,de,97,ce,28,44,c1,23,6e,48,98,2b,a1,a9,52,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:26,bb,e1,e5,65,c1,c7,e9,b2,73,7a,42,76,92,3f,8f,a9,95,62,7a,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:26,bb,e1,e5,65,c1,c7,e9,b2,73,7a,42,76,92,3f,8f,a9,95,62,7a,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b9,ae,98,a3,2a,76,fb,be,8b,24,cb,91,2e,b0,b3,a9,f1,9c,cc,05,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:c9,52,66,62,cc,5c,af,51,14,45,53,c7,97,d1,11,7f,7a,f2,4e,d4,a2,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,54,10,99,1e,64,9f,21,6c,90,c0,ac,ff,61,39,a4,e3,67,2b,73,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3f,65,8a,28,50,ea,3d,de,97,ce,28,44,c1,23,6e,48,98,2b,a1,a9,52,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:26,bb,e1,e5,65,c1,c7,e9,b2,73,7a,42,76,92,3f,8f,a9,95,62,7a,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:26,bb,e1,e5,65,c1,c7,e9,b2,73,7a,42,76,92,3f,8f,a9,95,62,7a,02,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07B1DF8-A8A7-63DE-2F58-CC4970B9D9A9}]
"haagdienpnfdpcfi"=hex:6a,61,66,68,63,63,6c,70,66,65,6f,61,63,69,61,65,6c,64,6f,6b,00,..
"iagfjjjabacpidaplg"=hex:6a,61,66,68,63,63,6c,70,66,65,6f,61,63,69,61,65,6c,64,6f,6b,00,..
scanning hidden files ...
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Microsoft\Messenger\jumpybongo@hotmail.com\SharingMetadata\eldest219@hotmail.com\DFSR\Staging\CS{84950D07-2063-CD5A-B223-876EA22EDE34}\01\14-{84950D07-2063-CD5A-B223-876EA22EDE34}-v1-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Microsoft\Messenger\jumpybongo@hotmail.com\SharingMetadata\messedupkid@gmail.com\DFSR\Staging\CS{9260A288-9EE7-98F2-3F93-18F1E2C4BE1B}\01\10-{9260A288-9EE7-98F2-3F93-18F1E2C4BE1B}-v1-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Microsoft\Messenger\jumpybongo@hotmail.com\SharingMetadata\messedupkid@gmail.com\DFSR\Staging\CS{9260A288-9EE7-98F2-3F93-18F1E2C4BE1B}\11\11-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v11-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1812 bytes hidden from API
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Microsoft\Messenger\jumpybongo@hotmail.com\SharingMetadata\messedupkid@gmail.com\DFSR\Staging\CS{9260A288-9EE7-98F2-3F93-18F1E2C4BE1B}\11\11-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v11-{3540389A-CE60-40B4-B37C-1331DCDA9E05}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\Fonts\\lsass.exe"="C:\\WINDOWS\\Fonts\\lsass.exe:*:Enabled: "
"C:\\Program Files\\LegacyGamers\\GunZ Online\\GunZLauncher.exe"="C:\\Program Files\\LegacyGamers\\GunZ Online\\GunZLauncher.exe:*:Enabled:Gunz"
"C:\\Program Files\\wIRC\\mIRC.exe"="C:\\Program Files\\wIRC\\mIRC.exe:*:Enabled:mIRC"
"C:\\wIRC\\mIRC.exe"="C:\\wIRC\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\mIRC\\mirc.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\Ares\\Ares.exe"="C:\\Documents and Settings\\ERIK A. GRIFFIN\\Desktop\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Steam\\steamapps\\224447\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\224447\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\224447\\garrysmod\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\224447\\garrysmod\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe"="C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe:*:Enabled:Gunz"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd"
"C:\\Program Files\\Brittle Bullet - Private Gunz Server\\Brittle Bullet.exe"="C:\\Program Files\\Brittle Bullet - Private Gunz Server\\Brittle Bullet.exe:*:Enabled:Gunz"
"C:\\WINDOWS\\system32\\srvsupp.exe"="C:\\WINDOWS\\system32\\srvsupp.exe:*:Enabled:srvsupp"
"C:\\WINDOWS\\system32\\wupdmgr32.exe"="C:\\WINDOWS\\system32\\wupdmgr32.exe:*:Enabled:Windows Update Manager"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Tue 29 Aug 2000 557,056 A..H. --- "C:\Program Files\Dell\Backup\DellBckp.exe"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Tue 30 Oct 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sat 12 Jul 2003 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Wed 25 Jun 2003 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
Wed 25 Jun 2003 232,470 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
Sat 12 Jul 2003 290,546 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Sat 12 Jul 2003 156,520 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM.reg"
Wed 25 Jun 2003 155,106 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM_old.reg"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 22 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~21D.tmp"
Thu 22 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~2779.tmp"
Thu 22 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~34C6.tmp"
Wed 14 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~8E6A.tmp"
Wed 21 Nov 2007 197,120 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ERIKA~1.GRI\LOCALS~1\Temp\~C5C.tmp"
Thu 8 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 8 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Finished!
ComboFix.txt
ComboFix 07-11-19.3 - ERIK A. GRIFFIN 2007-11-25 2:04:22.1 - NTFSx86
Running from: C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\dach100.dll
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\#SharedObjects\UWRUQFX6\www.broadcaster.com
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\#SharedObjects\UWRUQFX6\www.broadcaster.com\played_list.sol
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\#SharedObjects\UWRUQFX6\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\SMBOLS~1
C:\Documents and Settings\ERIK A. GRIFFIN\My Documents\CROSOF~1.NET
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\dobe~1\?dobe\
C:\Program Files\Common Files\smbols~1
C:\Program Files\TrustIn Contextual
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\winjrs32.dll
C:\WINDOWS\system32\wnsintsu.exe
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_IPRIP
-------\LEGACY_NWSAPAGENT
-------\Iprip
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.
2007-11-25 01:14 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-24 17:00 <DIR> d-------- C:\Program Files\Google
2007-11-24 17:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2007-11-23 21:46 <DIR> d-------- C:\Program Files\UnH Solutions
2007-11-23 21:08 <DIR> d-------- C:\Deckard
2007-11-18 19:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-18 14:59 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Nero
2007-11-18 14:58 188 --a------ C:\WINDOWS\system32\MsiExec.exe.log
2007-11-18 14:53 <DIR> d-------- C:\Program Files\Nero
2007-11-18 14:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2007-11-17 18:02 <DIR> d-------- C:\Program Files\Converter
2007-11-15 18:55 <DIR> d-------- C:\b
2007-11-13 02:47 <DIR> d-------- C:\Program Files\LegacyGamers
2007-11-09 08:12 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\IrfanView
2007-11-08 23:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-06 11:17 <DIR> d-------- C:\Program Files\Brittle Bullet - Private Gunz Server
2007-11-06 00:48 <DIR> d-------- C:\Program Files\iPod
2007-11-06 00:47 <DIR> d-------- C:\Program Files\iTunes
2007-11-06 00:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-05 12:06 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-05 12:04 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-11-05 12:04 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-04 00:41 <DIR> d-------- C:\Program Files\IrfanView
2007-11-01 16:55 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Media Player Classic
2007-11-01 16:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-11-01 16:30 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-11-01 09:01 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Atari
2007-11-01 08:52 <DIR> d-------- C:\Program Files\Atari
2007-10-31 23:20 <DIR> d-------- C:\Program Files\Steam
2007-10-30 22:10 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-30 22:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-30 19:34 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-30 19:34 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-10-30 19:34 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-10-30 19:34 217,073 --a------ C:\WINDOWS\meta4.exe
2007-10-30 19:34 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-10-30 19:34 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-10-30 19:32 <DIR> d-------- C:\Program Files\eRightSoft
2007-10-30 19:32 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
2007-10-30 19:32 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2007-10-30 19:32 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2007-10-30 19:32 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
2007-10-30 19:32 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
2007-10-30 19:32 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2007-10-30 19:32 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
2007-10-30 19:32 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2007-10-30 19:32 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-10-29 15:41 <DIR> d-------- C:\Program Files\Skyhook Wireless
2007-10-29 15:41 12,416 --a------ C:\WINDOWS\system32\drivers\wpsnuio.sys
2007-10-29 15:21 <DIR> d-------- C:\Program Files\AIM6
2007-10-29 13:41 <DIR> d-------- C:\Program Files\QuickTime
2007-10-29 12:47 <DIR> d-------- C:\WINDOWS\Startup (disabled)
2007-10-29 12:42 430 --ah----- C:\WINDOWS\sysdata.dat
2007-10-29 12:39 341 --ah----- C:\WINDOWS\winshell.dat
2007-10-29 12:29 <DIR> d-------- C:\Program Files\mIRC
2007-10-29 12:29 <DIR> d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\mIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 07:17 64,512 ---ha-w C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\dach100.dll
2007-11-25 04:36 2,059,115 ----a-w C:\WINDOWS\Fonts\error.exe
2007-11-24 17:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 17:46 --------- d-----w C:\Program Files\AvPropPlugin
2007-11-09 23:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-07 19:50 --------- d-----w C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Registry Help Pro
2007-11-07 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Outspark
2007-11-07 17:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-04 05:42 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-29 20:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2007-10-29 20:22 --------- d-----w C:\Program Files\Viewpoint
2007-10-29 20:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2007-10-29 20:21 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-29 18:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-10-29 17:41 --------- d-----w C:\Program Files\Dachshund Software
2007-10-29 17:16 --------- d-----w C:\Program Files\Winamp
2007-09-20 14:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 14:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2005-12-13 06:28 200,704 -c--a-w C:\Documents and Settings\ERIK A. GRIFFIN\BAReport.exe
2005-11-27 21:01 77,824 ----a-w C:\Documents and Settings\ERIK A. GRIFFIN\mrs.exe
2005-11-27 11:45 102,400 ----a-w C:\Documents and Settings\ERIK A. GRIFFIN\zlib.dll
2005-03-31 07:29 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2004-01-11 19:50 1,001,536 -c--a-w C:\Program Files\mmssetup.exe
2003-09-14 01:48 1,009,560 -c--a-w C:\Program Files\office2000-kb824936-client-enu.exe
2003-09-14 01:40 1,009,560 -c--a-w C:\Program Files\office2000-kb824936-client-enu WORD PATCH SEPT 2003.exe
2003-08-30 09:46 1,291,040 -c--a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2006-03-05 17:40 29,033 -csha-w C:\WINDOWS\system32\rerolpxei.dat
2007-05-04 14:01 602,144 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-04 14:02 26,400 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"ares"="C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" []
"Google Update"="C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [2007-11-18 15:02]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-31 19:46]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-05 12:05]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56]
C:\Documents and Settings\ERIK A. GRIFFIN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-19 01:41:37]
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 11:00:44]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [2002-09-21 11:26:40]
YouTube Uploader.lnk - C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-10-22 11:32:22]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 11:27:14]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-24 17:00:31]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoInstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplorer]
iexplorer.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S2 Service Support;Service Support;C:\WINDOWS\system32\srvsupp.exe
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys
S3 XDva032;XDva032;\??\C:\WINDOWS\system32\XDva032.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\AUTORUN\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed2a1c8-1847-11db-9374-0080add18772}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 12:23:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-25 03:56:25 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-10-22 00:51:39 C:\WINDOWS\Tasks\Microsoft Word.job"
- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Word.lnk
"2007-10-22 00:53:37 C:\WINDOWS\Tasks\Scanner and Camera Wizard.job"
- C:\WINDOWS\system32\wiaacmgr.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 02:15:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 2:20:52 - machine was rebooted
.
--- E O F ---
main.txt (DSS)
Deckard's System Scanner v20071014.68
Run by ERIK A. GRIFFIN on 2007-11-25 02:23:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).
-- HijackThis (run as ERIK A. GRIFFIN.exe) -------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-25 02:23:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnceEx: [lsass] C:\WINDOWS\Fonts\lsass.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\VANESSA J. GRIFFIN\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: https://ny.contentmatch.net (HKLM)
O16 - DPF: ActiveGS.cab () - http://www.virtualap...rg/activegs.cab
O16 - DPF: Yahoo! Chat () - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers () - http://download.game...nts/y/kt4_x.cab
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netm...NMStarter23.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.micr.../OGAControl.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} () - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.wildtange...all/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtange...ave/Install.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (MalwareCleaner Class) - http://www.microsoft.../WebCleaner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonl...Q/bin/WebIQ.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135819770910
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} () - http://yax-download.....cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FF452CFC-7056-4A5D-A327-1DFEC8EDC82A} (Upload Class) - http://www.neptune.c...ad/ms40upld.ocx
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: iexplorer - C:\WINDOWS\system32\iexplorer.dll (file missing)
O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\system32\wintfj32.dll (file missing)
O22 - SharedTaskScheduler: Prestige Software - {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service Support - Unknown owner - C:\WINDOWS\system32\srvsupp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 15130 bytes
-- Files created between 2007-10-25 and 2007-11-25 -----------------------------
2007-11-25 02:17:03 64512 --ah----- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\dach100.dll
2007-11-25 01:14:12 0 d-------- C:\WINDOWS\ERUNT
2007-11-24 17:00:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2007-11-24 17:00:22 0 d-------- C:\Program Files\Google
2007-11-23 21:46:00 0 d-------- C:\Program Files\UnH Solutions
2007-11-18 19:14:51 0 d-------- C:\Program Files\Common Files\Nero
2007-11-18 14:59:34 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Nero
2007-11-18 14:53:33 0 d-------- C:\Program Files\Nero
2007-11-18 14:53:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2007-11-17 18:02:01 0 d-------- C:\Program Files\Converter
2007-11-15 18:55:44 0 d-------- C:\b
2007-11-13 02:47:43 0 d-------- C:\Program Files\LegacyGamers
2007-11-09 08:12:53 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\IrfanView
2007-11-08 23:41:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-06 11:17:54 0 d-------- C:\Program Files\Brittle Bullet - Private Gunz Server
2007-11-06 00:48:46 0 d-------- C:\Program Files\iPod
2007-11-06 00:47:55 0 d-------- C:\Program Files\iTunes
2007-11-06 00:39:59 0 d-------- C:\Program Files\Common Files\Apple
2007-11-04 00:41:33 0 d-------- C:\Program Files\IrfanView
2007-11-01 16:55:52 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Media Player Classic
2007-11-01 16:53:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-11-01 16:30:36 0 d-------- C:\Program Files\SystemRequirementsLab
2007-11-01 15:14:16 157696 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-01 09:01:33 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Atari
2007-11-01 08:52:38 0 d-------- C:\Program Files\Atari
2007-10-31 23:20:16 0 d-------- C:\Program Files\Steam
2007-10-30 22:10:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:10:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-30 19:34:34 394240 --a------ C:\WINDOWS\system32\Smab.dll
2007-10-30 19:34:34 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-10-30 19:34:34 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-10-30 19:34:33 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-10-30 19:34:33 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-10-30 19:34:33 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-10-30 19:34:33 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-10-30 19:34:33 217073 --a------ C:\WINDOWS\meta4.exe
2007-10-30 19:34:31 0 d-------- C:\Program Files\AviSynth 2.5
2007-10-30 19:32:13 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2007-10-30 19:32:13 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2007-10-30 19:32:03 0 d-------- C:\Program Files\eRightSoft
2007-10-29 15:41:33 12416 --a------ C:\WINDOWS\system32\drivers\wpsnuio.sys <Not Verified; Skyhook Wireless; WPS NDIS User Mode I/O Driver>
2007-10-29 15:41:33 0 d-------- C:\Program Files\Skyhook Wireless
2007-10-29 15:21:04 0 d-------- C:\Program Files\AIM6
2007-10-29 13:41:05 0 d-------- C:\Program Files\QuickTime
2007-10-29 12:47:10 0 d-------- C:\WINDOWS\Startup (disabled)
2007-10-29 12:42:00 430 --ah----- C:\WINDOWS\sysdata.dat
2007-10-29 12:39:31 341 --ah----- C:\WINDOWS\winshell.dat
2007-10-29 12:29:24 0 d-------- C:\Program Files\mIRC
2007-10-29 12:29:24 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\mIRC
-- Find3M Report ---------------------------------------------------------------
2007-11-25 02:17:05 66 --a------ C:\WINDOWS\anticrash.dat
2007-11-25 02:17:03 61 --a------ C:\WINDOWS\hare.dat
2007-11-25 02:17:02 60 --a------ C:\WINDOWS\zoom.dat
2007-11-25 02:15:51 0 d-------- C:\Program Files\Common Files
2007-11-24 12:15:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-22 15:31:44 589 --ah----- C:\WINDOWS\WININF.DAT
2007-11-21 03:48:47 73264 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-11-20 12:46:35 0 d-------- C:\Program Files\AvPropPlugin
2007-11-19 03:07:21 32 --a----c- C:\WINDOWS\go
2007-11-09 18:23:02 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-07 14:50:21 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Registry Help Pro
2007-11-07 12:45:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-07 12:25:00 0 d-------- C:\Documents and Settings\ERIK A. GRIFFIN\Application Data\Adobe
2007-11-04 00:42:45 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-29 15:22:18 0 d-------- C:\Program Files\Viewpoint
2007-10-29 15:21:09 0 d-------- C:\Program Files\Common Files\AOL
2007-10-29 13:28:34 32700 --a----c- C:\WINDOWS\system32\tcpipbak.reg
2007-10-29 12:41:56 0 d-------- C:\Program Files\Dachshund Software
2007-10-29 12:16:45 0 d-------- C:\Program Files\Winamp
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 11:22 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/31/2006 07:46 PM]
"nwiz"="nwiz.exe" [10/22/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 11:22 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/05/2007 12:05 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/02/2006 08:07 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"ares"="C:\Documents and Settings\ERIK A. GRIFFIN\Desktop\Ares\Ares.exe" []
"Google Update"="C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [11/18/2007 03:02 PM]
"Aim6"="" []
C:\Documents and Settings\ERIK A. GRIFFIN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/19/2005 1:41:37 AM]
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [12/17/2002 11:00:44 AM]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [9/21/2002 11:26:40 AM]
YouTube Uploader.lnk - C:\Documents and Settings\ERIK A. GRIFFIN\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [10/22/2007 11:32:22 AM]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [9/21/2002 11:27:14 AM]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/24/2007 5:00:31 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplorer]
iexplorer.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\AUTORUN\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed2a1c8-1847-11db-9374-0080add18772}]
AutoRun\command- H:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2007-11-25 02:24:12 ------------
#8
Posted 25 November 2007 - 06:16 AM
Please dont use quotes to paste your logs. It's easier to read if you just paste straight into the reply box.
To enable the viewing of Hidden files follow these steps:
- Close all programs so that you are at your desktop.
- Double-click on the My Computer icon (or click Start, then select My Computer)
- Select the Tools menu and click Folder Options.
- After the new window appears select the View tab.
- Put a checkmark in the checkbox labeled Display the contents of system folders.
- Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
- Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
- Remove the checkmark from the checkbox labeled Hide protected operating system files.
- Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.
Go to http://www.virustota.../en/indexf.html
Copy the following line into the white textbox:
C:\WINDOWS\meta4.exe
Click Send.
Please post the results of this scan to this thread.
Do the same for the following files:
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\system32\RLOgg.ax
C:\WINDOWS\sysdata.dat
C:\WINDOWS\winshell.dat
#9
Posted 25 November 2007 - 10:56 AM
#10
Posted 26 November 2007 - 03:59 AM
Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
+ Extended(If available otherwise Standard) - Scan Options:
+ Scan Archives
+ Scan Mail Bases
- Scan using the following Anti-Virus database:
- Click OK
- Now under select a target to scan select My Computer
- The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button
- Save the file to your desktop.
- Copy and paste that information in your next post.
With the exception of Internet Explorer, which is needed for the Kaspersky Scan, keep ALL programs closed until the scan is complete.
Register to Remove
#11
Posted 26 November 2007 - 11:59 AM
#13
Posted 26 November 2007 - 05:31 PM
#14
Posted 27 November 2007 - 04:39 AM
Download AVG Anti-Spyware.
- Install AVG Anti-Spyware.
- Launch AVG by double-clicking on the icon.
- The program will now open to the main screen.
- You will need to update AVG to the latest definition files.
- At the top of the main screen click Update.
- Then in the Manual Update section, click on Start Update.
[*]When updates are completed, close AVG.
[/list]If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates
Follow the next instructions carefully, even if they dont look right to you. There is a bug in the program and we have to work around it.
Run a scan with AVG.
- Click on Scanner
- Click on the Settings tab, and set the following settings.
- How to act
- Click on Recommended actions, and set to Quarantine.
- How to act
- How to scan
- Check all options.
- Possibly unwanted software.
- Check all options.
- Reports
- Check Do not automatically generate reports after every scan.
- What to scan
- Check Scan every file.
- Click on the Settings tab, and set the following settings.
- Click on the Scan tab.
- Click on Complete System Scan and the scan will begin.
- When the scan has finished
- Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
- At the bottom of the window click on the Apply all Actions button.
Close AVG Anti-Spyware.
AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
Post the report in your next reply.
#15
Posted 28 November 2007 - 01:56 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users