Jump to content

dvsguy

Members
  • Content Count

    32
  • Joined

  • Last visited

About dvsguy

  • Rank
    Member

Profile Information

  • Gender
    Male
  • Location
    new zealand

Previous Fields

  • System Specifications:
    pentium 4,2.8 ghz,1 gb ram,windows xp sp3,pioneer dvd writer,80 gig HD
  • Teams:
    Nothing Selected
  1. hi,here is combofix log,i now have this Control Center malware??i cant get rid of now too ComboFix 10-02-09.01 - Administrator 02/10/2010 10:12:37.1.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.529 [GMT 13:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\0200000016aa8fcc741C.manifest c:\documents and settings\Administrator\Application Data\0200000016aa8fcc741O.manifest c:\documents and settings\Administrator\Application Data\0200000016aa8fcc741P.manifest c:\documents and settings\Administrator\Application Data\0200000016aa8fcc741S.manifest c:\documents and settings\Administrator\Application Data\0200000016aa8fcc783C.manifest c:\documents and settings\Administrator\Application Data\0200000016aa8fcc783O.manifest c:\documents and settings\Administrator\Application Data\0200000016aa8fcc783P.manifest c:\documents and settings\Administrator\Application Data\0200000016aa8fcc783S.manifest c:\documents and settings\Administrator\Application Data\Control-Center c:\documents and settings\Administrator\Application Data\Control-Center\ccmain.exe c:\documents and settings\Administrator\Application Data\Control-Center\faq\guide.html c:\documents and settings\Administrator\Application Data\Control-Center\faq\images\05.png c:\documents and settings\Administrator\Application Data\Control-Center\faq\images\06.png c:\documents and settings\Administrator\Application Data\Control-Center\faq\images\07.png c:\documents and settings\Administrator\Application Data\Control-Center\faq\images\08.png c:\documents and settings\Administrator\Application Data\Control-Center\faq\images\09.png c:\documents and settings\Administrator\Application Data\Control-Center\faq\images\10.png c:\documents and settings\Administrator\Application Data\Control-Center\settings.ini c:\documents and settings\Administrator\Application Data\Control-Center\uninstall.exe c:\documents and settings\Administrator\Application Data\inst.exe c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cbt4ozi5.default\extensions\{0ae211a7-9915-471e-8b3e-181800520245} c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cbt4ozi5.default\extensions\{0ae211a7-9915-471e-8b3e-181800520245}\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cbt4ozi5.default\extensions\{0ae211a7-9915-471e-8b3e-181800520245}\chrome\xulcache.jar c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cbt4ozi5.default\extensions\{0ae211a7-9915-471e-8b3e-181800520245}\defaults\preferences\xulcache.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cbt4ozi5.default\extensions\{0ae211a7-9915-471e-8b3e-181800520245}\install.rdf c:\documents and settings\Administrator\Application Data\SystemProc c:\documents and settings\Administrator\Desktop\Control-Center.lnk c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf c:\windows\system32\1024291216 c:\windows\system32\1024291216\new.i0 c:\windows\system32\cards32.dll c:\windows\system32\e1000msg.dll c:\windows\system32\unrar.exe E:\install.exe . ((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 ))))))))))))))))))))))))))))))) . 2010-02-09 00:17 . 2010-02-09 00:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files 2010-02-05 01:19 . 2010-02-05 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2010-01-31 20:46 . 2010-01-31 20:46 -------- d-----w- C:\FOUND.002 2010-01-30 02:42 . 2010-01-30 02:42 -------- d--h--r- c:\documents and settings\Administrator\Application Data\SecuROM 2010-01-30 02:42 . 2010-01-30 02:42 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-30 02:35 . 1997-07-06 20:22 756736 ------w- c:\windows\system32\ir41_32.dll 2010-01-30 02:34 . 2010-01-30 02:34 -------- d-----w- c:\program files\Microsoft Games 2010-01-28 22:35 . 2010-01-28 22:35 -------- d-----w- c:\program files\Trend Micro 2010-01-28 22:10 . 2010-01-28 22:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-28 22:10 . 2010-01-07 03:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-28 22:10 . 2010-01-28 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-28 22:10 . 2010-01-28 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-28 22:10 . 2010-01-07 03:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-28 08:23 . 2010-01-28 08:23 -------- d-----w- c:\program files\Common Files\MagicDVDRipper 2010-01-28 08:19 . 2010-01-28 08:19 -------- d-----w- c:\program files\Common Files\MagicDVDCopier 2010-01-28 00:55 . 2010-01-28 00:55 0 ----a-w- c:\windows\nsreg.dat 2010-01-28 00:55 . 2010-01-28 00:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-01-28 00:02 . 2010-01-28 00:02 -------- d--h--w- c:\windows\ie8 2010-01-27 19:37 . 2008-04-14 00:11 32768 ----a-w- c:\windows\system32\dllcache\ativtmxx.dll 2010-01-27 19:37 . 2008-04-14 00:11 32768 ----a-w- c:\windows\system32\ativtmxx.dll 2010-01-27 19:37 . 2008-04-14 00:11 870784 ----a-w- c:\windows\system32\dllcache\ati3d1ag.dll 2010-01-27 19:37 . 2008-04-14 00:11 870784 ----a-w- c:\windows\system32\ati3d1ag.dll 2010-01-27 19:37 . 2008-04-14 00:11 377984 ----a-w- c:\windows\system32\dllcache\ati2dvaa.dll 2010-01-27 19:37 . 2008-04-14 00:11 377984 ----a-w- c:\windows\system32\ati2dvaa.dll 2010-01-27 11:07 . 2010-01-27 11:07 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-26 08:40 . 2010-01-26 08:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-01-26 03:25 . 2010-01-26 03:25 -------- d-----w- C:\FOUND.001 2010-01-23 06:36 . 2010-01-23 06:36 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe 2010-01-23 06:31 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-23 06:31 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-23 06:31 . 2010-01-23 06:31 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-01-23 06:29 . 2010-01-23 06:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-01-23 06:28 . 2010-01-23 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-01-21 02:21 . 2010-01-21 02:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-01-18 01:17 . 2010-01-18 01:17 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-17 23:47 . 2010-01-17 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ 2010-01-17 23:46 . 2010-01-17 23:46 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2010-01-17 23:45 . 2010-01-17 23:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon 2010-01-17 23:33 . 2010-01-17 23:33 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat 2010-01-17 22:35 . 2010-01-17 22:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics 2010-01-17 22:29 . 2010-01-17 22:29 -------- d-----w- c:\program files\Microsoft ATS 2010-01-17 02:38 . 2010-01-17 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-01-16 13:06 . 2010-01-16 13:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-01-16 06:23 . 2010-01-16 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2010-01-15 21:45 . 2009-08-06 06:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-01-15 21:45 . 2009-08-06 06:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-01-15 11:50 . 2010-01-15 11:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-15 11:50 . 2010-01-15 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-15 11:46 . 2010-01-15 11:46 -------- d-----w- c:\program files\CCleaner 2010-01-15 10:27 . 2010-01-15 10:27 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2010-01-15 10:27 . 2010-01-15 10:27 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache 2010-01-15 09:22 . 2010-01-15 09:22 -------- d-----w- C:\FOUND.000 2010-01-15 06:59 . 2010-01-15 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6 2010-01-15 06:59 . 2010-01-15 06:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6 2010-01-15 02:22 . 2010-01-15 02:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2010-01-15 02:22 . 2010-01-15 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2010-01-15 02:19 . 2008-11-27 16:20 83456 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX320 series Printer\LanguageModules\0421\CNMsr9O.dll 2010-01-15 02:19 . 2008-11-27 16:20 69120 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX320 series Printer\LanguageModules\041E\CNMsr9O.dll 2010-01-15 02:19 . 2008-11-27 16:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX320 series Printer\LanguageModules\0412\CNMsr9O.dll 2010-01-15 02:19 . 2008-11-27 16:20 443392 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX320 series Printer\LanguageModules\0421\CNMur9O.dll 2010-01-15 02:19 . 2008-11-27 16:20 405504 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX320 series Printer\LanguageModules\041E\CNMur9O.dll 2010-01-15 02:19 . 2008-11-27 16:20 187904 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX320 series Printer\LanguageModules\0421\CNMlr9O.dll 2010-01-15 02:19 . 2008-11-27 16:20 157696 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX320 series Printer\LanguageModules\041E\CNMlr9O.dll 2010-01-15 01:14 . 2008-09-24 23:19 3584 ----a-w- c:\windows\system32\CNCFLhTH.DLL 2010-01-15 01:13 . 2008-09-11 00:39 178176 ----a-w- c:\windows\system32\CNMIU9O.DLL 2010-01-15 01:13 . 2010-01-15 01:13 -------- d--h--w- c:\program files\CanonBJ 2010-01-15 01:10 . 2010-01-15 01:10 -------- d-----w- c:\program files\Canon 2010-01-14 20:52 . 2010-01-14 20:52 -------- d-----w- c:\documents and settings\Administrator\Tracing 2010-01-14 20:48 . 2010-01-14 20:49 -------- d-----w- c:\program files\Microsoft 2010-01-14 20:48 . 2010-01-14 20:48 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-01-14 20:47 . 2010-01-14 20:47 -------- d-----w- c:\program files\Windows Live 2010-01-14 20:35 . 2010-01-14 20:35 -------- d-----w- c:\program files\Common Files\Windows Live 2010-01-14 12:16 . 2010-01-14 12:16 348160 ----a-w- c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\msvcr71.dll 2010-01-14 08:24 . 2010-01-14 08:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire 2010-01-14 08:13 . 2009-03-14 21:14 105216 ----a-w- c:\windows\system32\drivers\zgwhsmdm.sys 2010-01-14 08:13 . 2009-03-14 21:14 105216 ----a-w- c:\windows\system32\drivers\zgwhsdiag.sys 2010-01-14 08:13 . 2010-01-14 08:13 -------- d-----w- c:\program files\Telecom JoinME 2010-01-14 06:12 . 2010-01-14 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk 2010-01-14 04:02 . 2010-01-14 04:02 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-01-14 04:02 . 2010-01-14 04:02 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys 2010-01-14 04:02 . 2010-01-14 04:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso 2010-01-14 04:02 . 2007-03-18 08:37 65602 ----a-w- c:\windows\system32\cook3260.dll 2010-01-14 04:02 . 2006-09-29 00:26 176165 ----a-w- c:\windows\system32\drv23260.dll 2010-01-14 04:02 . 2006-09-29 00:25 208935 ----a-w- c:\windows\system32\drv33260.dll 2010-01-14 04:02 . 2006-09-29 00:24 217127 ----a-w- c:\windows\system32\drv43260.dll 2010-01-14 04:02 . 2002-12-09 14:20 102439 ----a-w- c:\windows\system32\sipr3260.dll 2010-01-14 04:02 . 2006-05-20 04:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2010-01-14 04:02 . 2006-05-11 07:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-01-14 04:02 . 2010-01-14 04:02 -------- d-----w- c:\program files\VSO 2010-01-13 22:22 . 2010-01-13 22:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software 2010-01-13 22:15 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-01-13 22:15 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys 2010-01-13 22:14 . 2007-11-02 01:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys 2010-01-13 22:14 . 2007-11-02 01:36 18176 ----a-w- c:\windows\system32\drivers\motccgp.sys 2010-01-13 22:14 . 2007-06-18 01:18 23680 ----a-w- c:\windows\system32\drivers\motmodem.sys 2010-01-13 22:14 . 2007-01-22 05:33 7680 ----a-w- c:\windows\system32\drivers\motccgpfl.sys 2010-01-13 22:14 . 2006-11-13 01:45 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2010-01-13 22:14 . 2010-01-13 22:14 -------- d-----w- c:\program files\Common Files\Motorola Shared 2010-01-13 22:13 . 2010-01-13 22:13 -------- d-----w- c:\program files\Motorola Phone Tools 2010-01-13 22:13 . 2010-01-13 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-01-13 22:12 . 2010-01-13 22:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2010-01-13 11:10 . 2010-01-13 11:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-01-13 11:08 . 2010-01-13 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-01-13 04:33 . 2009-12-13 23:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-13 04:33 . 2010-01-13 04:33 -------- d-----w- C:\Intel 2010-01-13 04:25 . 2010-01-13 04:25 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-13 04:21 . 2006-08-01 07:02 49152 ----a-w- c:\windows\system32\ChCfg.exe 2010-01-13 04:19 . 2010-01-13 04:19 -------- d-----w- c:\program files\Realtek AC97 2010-01-13 04:19 . 2006-08-09 23:27 10528768 ----a-w- c:\windows\system32\RTLCPL.exe 2010-01-13 04:19 . 2006-08-01 06:58 143360 ----a-w- c:\windows\system32\RtlCPAPI.dll 2010-01-13 04:17 . 2010-01-13 04:17 -------- d-----w- C:\drivers 2010-01-12 23:09 . 2010-01-12 23:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2010-01-12 22:53 . 2010-01-12 22:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-01-12 22:49 . 2010-01-12 22:49 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-12 22:00 . 2010-01-12 22:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink 2010-01-12 21:54 . 2010-01-12 21:54 -------- d-----w- c:\documents and settings\All Users\CyberLink 2010-01-12 21:34 . 2010-01-12 21:34 -------- d-----w- c:\program files\MSXML 4.0 2010-01-12 21:33 . 2010-01-12 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2010-01-12 21:31 . 2010-01-12 21:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink 2010-01-12 21:25 . 2010-01-12 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp 2010-01-12 21:25 . 2010-01-12 21:25 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe 2010-01-12 21:23 . 2010-01-12 21:23 -------- d-----w- c:\program files\CyberLink 2010-01-12 11:11 . 2010-01-12 11:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio 2010-01-12 11:10 . 2010-01-12 11:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Roxio 2010-01-12 11:08 . 2010-01-12 11:08 -------- d-----w- c:\program files\InterActual . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-08 22:32 . 2010-02-08 22:32 739328 --sha-w- c:\windows\system32\37.tmp 2010-01-30 23:57 . 2010-01-10 09:52 92888 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-15 01:14 . 2010-01-15 01:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-01-14 12:16 . 2010-01-14 12:15 499712 ----a-w- c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL 2010-01-14 12:16 . 2010-01-14 12:15 73728 ----a-w- c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe 2010-01-14 12:16 . 2010-01-14 12:15 102400 ----a-w- c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe 2010-01-13 22:31 . 2010-01-13 22:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf 2010-01-13 22:31 . 2010-01-13 22:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf 2010-01-13 22:28 . 2010-01-13 22:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2010-01-13 22:28 . 2010-01-13 22:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-01-12 22:50 . 2010-01-12 22:50 -------- d-----w- c:\windows\Fonts\Fonts 2010-01-10 20:17 . 2010-01-10 07:01 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2010-01-10 11:19 . 2010-01-10 11:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI 2010-01-10 11:15 . 2010-01-10 11:15 -------- d-----w- c:\program files\Windows Media Connect 2 2010-01-10 10:50 . 2010-01-10 10:50 -------- d-----w- c:\program files\MSBuild 2010-01-10 10:50 . 2010-01-10 10:50 -------- d-----w- c:\program files\Reference Assemblies 2010-01-10 10:43 . 2010-01-10 10:43 -------- d-----w- c:\program files\MSXML 6.0 2010-01-10 09:58 . 2010-01-10 09:58 0 ----a-w- c:\windows\ativpsrm.bin 2010-01-10 09:54 . 2010-01-10 09:54 -------- d-----w- c:\program files\ATI Technologies 2010-01-10 08:43 . 2010-01-10 08:43 -------- d-----w- c:\program files\7-Zip 2010-01-10 08:42 . 2010-01-10 08:42 -------- d-----w- c:\program files\VideoLAN 2010-01-10 08:31 . 2010-01-10 08:31 -------- d-----w- c:\program files\Realtek Sound Manager 2010-01-10 08:31 . 2010-01-10 08:31 -------- d-----w- c:\program files\AvRack 2010-01-10 08:29 . 2010-01-10 08:29 -------- d-----w- c:\program files\Gigabyte 2010-01-10 08:13 . 2010-01-10 08:13 -------- d-----w- c:\program files\Intel 2010-01-10 08:09 . 2010-01-10 08:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-10 08:09 . 2010-01-10 08:09 -------- d-----w- c:\program files\Common Files\InstallShield 2010-01-10 07:38 . 2010-01-10 07:38 -------- d-----w- c:\program files\Symantec 2010-01-10 07:38 . 2010-01-10 07:38 -------- d-----w- c:\program files\Symantec AntiVirus 2010-01-10 07:38 . 2010-01-10 07:38 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-01-10 07:38 . 2010-01-10 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-01-10 07:02 . 2010-01-10 07:02 -------- d-----w- c:\program files\microsoft frontpage 2010-01-10 07:00 . 2010-01-10 07:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-31 16:50 . 1979-12-31 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 1979-12-31 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2010-01-10 06:59 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 1979-12-31 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26 . 2001-08-17 09:24 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2001-08-17 00:48 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 1979-12-31 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:11 . 2001-08-17 09:36 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:11 . 1979-12-31 11:00 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:07 . 2001-08-17 09:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:07 . 1979-12-31 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:07 . 2001-08-17 09:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:07 . 1979-12-31 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:07 . 1979-12-31 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-21 15:51 . 1979-12-31 11:00 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll 2009-11-12 04:07 . 2009-11-12 04:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-24 31072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112] "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-13 113136] "SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 03:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\Empires2.Exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "119:TCP"= 119:TCP:*:Disabled:usenet R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [1/10/2010 9:34 PM 116264] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/10/2010 9:01 PM 102448] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/12/2010 3:31 PM 691696] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [1/14/2010 11:14 AM 18176] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [1/14/2010 11:14 AM 7680] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464] S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [1/14/2010 9:13 PM 105216] S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [1/14/2010 9:13 PM 105216] . Contents of the 'Scheduled Tasks' folder 2010-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-29 23:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.nz/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - hxxps://uzdownloads.s3.amazonaws.com/3.5/UserZoom.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cbt4ozi5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/ FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-28054120 - c:\docume~1\ALLUSE~1\APPLIC~1\28054120\28054120.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-10 10:17 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-963894560-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,c2,10,d1,68,c8,ce,47,86,02,3e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,c2,10,d1,68,c8,ce,47,86,02,3e,\ [HKEY_USERS\S-1-5-21-839522115-963894560-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c5,31,20,93,06,d8,3f,e8,87,17,05,36,23,7f,00,34,2b,98,5e,cf,24,11,d9, 87,ba,43,3d,76,f1,5f,36,3c,48,0e,a1,d2,3c,85,31,62,f7,24,55,7a,c7,22,3f,16,\ "??"=hex:92,b1,af,13,80,5b,9b,d9,d3,b3,d4,9e,6e,68,68,0e . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-02-10 10:19:03 ComboFix-quarantined-files.txt 2010-02-09 21:19 Pre-Run: 23,095,672,832 bytes free Post-Run: 23,061,168,128 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - C19FCB144C73FC203224E0FF361C54D9
  2. Need help,symantec detected a trojan dropper other day which was deleted now when im on mozilla or internet explorer browser redirects to shesearch.com or monster marketplace.com also broadband is running slower? and cant download anything,have run malwarebytes and posted log of after i ran it and also hijack log,any help much appreciated,thanks Malwarebytes' Anti-Malware 1.44 Database version: 3654 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/29/2010 11:24:54 AM mbam-log-2010-01-29 (11-24-54).txt Scan type: Quick Scan Objects scanned: 115715 Time elapsed: 8 minute(s), 15 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 6 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 5 Files Infected: 34 Memory Processes Infected: C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\mstime32.dll (Trojan.Tracur) -> Delete on reboot. C:\WINDOWS\system32\26D.tmp (Trojan.Tracur) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1811c2b0-cf38-4155-924a-4fc186a47d9b} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1811c2b0-cf38-4155-924a-4fc186a47d9b} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f3f16f7741 (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1811c2b0-cf38-4155-924a-4fc186a47d9b} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1811c2b0-cf38-4155-924a-4fc186a47d9b} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Inject) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\mstime32.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\mstime32.dll -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\27685432 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\inetppui32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mstime32.dll (Trojan.Tracur) -> Delete on reboot. C:\WINDOWS\system32\26D.tmp (Trojan.Tracur) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\27685432\27685432.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u1432702125v0 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u1432702125v1 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u1432702125v2 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u1432702125v3 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_i1432702125v4 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u1432702125v5 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_i1432702125v6 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_i1432702125v7 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu1432702125v0.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu1432702125v1.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu1432702125v2.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu1432702125v3.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi1432702125v4.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu1432702125v5.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi1432702125v6.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi1432702125v7.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu1432702125v0 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu1432702125v1 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu1432702125v2 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu1432702125v3 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi1432702125v4 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu1432702125v5 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi1432702125v6 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi1432702125v7 (Worm.Archive) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:35:48 AM, on 1/29/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [updatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263112893077 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10157 bytes
  3. Ok well doesnt sound good,symantec rekons it has deleted the virus and another scan has come up clean??the symantec website rekons has a removal tool but i cannot boot my comp in safe mode??dont really wanna do a reinstall but seems the only way to be sure? thanks
  4. Have recently done a symantec complete scan an was told i had the W32.Virut.CF virus,these items were quarentined an deleted but i wanted to use the symantec removal tool as reading the virus report sounds like quite a nasty virus but i cannot reboot in safe mode,if i try the cursor keys dont work any help please??? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:51:43 a.m., on 13/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\iWin Games\iWinTrusted.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-21-1715567821-823518204-842925246-1007\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - HKUS\S-1-5-21-1715567821-823518204-842925246-1007\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?') O4 - HKUS\S-1-5-21-1715567821-823518204-842925246-1007\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/stg_drm.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/THE%20GAME%20OF%20LIFE%20by%20Hasbro/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: 94583e92598 - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9025 bytes
  5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:07:24 a.m., on 4/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6437 bytes
  6. Hello again,Here is a log of OTMoveIt3 amd hijackthis after i performed the operation,thanks again for your help,computer seems to be a lot better,i take it it was a mess??? ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\Documents and Settings\All Users\Application Data\SecTaskMan\d3dx10_3432.dll.q_Quarantine_8043002_q moved successfully. C:\Documents and Settings\All Users\Application Data\SecTaskMan\d3dx10_3432.dll.q_Quarantine_8043002_q.old moved successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_94.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06042009_095106 Files moved on Reboot... File C:\WINDOWS\temp\Perflib_Perfdata_94.dat not found!
  7. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:42:38 p.m., on 3/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6421 bytes
  8. Kasperspy log Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 62974 Threat name: 2 Infected objects: 11 Suspicious objects: 0 Duration of the scan: 01:49:26 File name / Threat name / Threats count C:\Documents and Settings\All Users\Application Data\SecTaskMan\d3dx10_3432.dll.q_Quarantine_8043002_q Infected: P2P-Worm.Win32.Nugg.bc 1 C:\Documents and Settings\All Users\Application Data\SecTaskMan\d3dx10_3432.dll.q_Quarantine_8043002_q.old Infected: P2P-Worm.Win32.Nugg.bc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\d3dx10_3432.dll.vir Infected: P2P-Worm.Win32.Nugg.bc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\_d3dx10_3432_.dll.zip Infected: P2P-Worm.Win32.Nugg.bc 1 C:\Qoobox\Quarantine\C\WINDOWS\xcftb3342.exe.vir Infected: Trojan-Downloader.Win32.Agent.ante 1 C:\System Volume Information\_restore{3EE000BE-0B07-4D9B-9339-E7288AC7EE74}\RP21\A0002080.dll Infected: P2P-Worm.Win32.Nugg.bc 1 C:\System Volume Information\_restore{3EE000BE-0B07-4D9B-9339-E7288AC7EE74}\RP21\A0002087.exe Infected: Trojan-Downloader.Win32.Agent.ante 1 C:\System Volume Information\_restore{3EE000BE-0B07-4D9B-9339-E7288AC7EE74}\RP3\A0000004.dll Infected: P2P-Worm.Win32.Nugg.bc 1 C:\System Volume Information\_restore{3EE000BE-0B07-4D9B-9339-E7288AC7EE74}\RP4\A0000005.dll Infected: P2P-Worm.Win32.Nugg.bc 1 C:\System Volume Information\_restore{3EE000BE-0B07-4D9B-9339-E7288AC7EE74}\RP7\A0000022.old Infected: P2P-Worm.Win32.Nugg.bc 1 C:\System Volume Information\_restore{3EE000BE-0B07-4D9B-9339-E7288AC7EE74}\RP7\A0000023.dll Infected: P2P-Worm.Win32.Nugg.bc 1 The selected area was scanned.
  9. Ok i have done everything you said and here are the logs combofix kscan hijack this thanks ComboFix 09-06-01.03 - Scott 03/06/2009 16:32.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.519 [GMT 12:00] Running from: c:\documents and settings\Scott\Desktop\combo-fix.exe Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FILE :: "c:\windows\system32\iunvdsyufgo.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npggsvc ((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 ))))))))))))))))))))))))))))))) . 2009-06-03 04:24 . 2009-06-03 04:26 -------- d-s---w- C:\PleaseDontEatme 2009-06-02 00:37 . 2009-06-02 00:37 -------- d-----w- C:\rsit 2009-05-27 14:41 . 2009-05-27 14:41 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-05-26 09:56 . 2009-05-26 10:47 -------- d-----w- c:\documents and settings\Scott\Application Data\TeamViewer 2009-05-26 09:54 . 2009-05-26 09:54 -------- d-----w- c:\program files\TeamViewer 2009-05-26 09:54 . 2009-05-26 09:54 -------- d-----w- c:\documents and settings\Scott\temp 2009-05-24 23:22 . 2009-05-24 23:22 -------- d-----w- c:\program files\CCleaner 2009-05-23 23:00 . 2002-07-23 03:17 225280 ----a-r- c:\windows\USBGX17phmgunin.exe 2009-05-23 23:00 . 2009-05-23 23:00 -------- d-----w- c:\program files\GX17 USB-Handset Manager 2009-05-23 23:00 . 2009-05-23 23:00 -------- d-----w- c:\documents and settings\Scott\Application Data\MobileAction 2009-05-23 22:52 . 2009-05-23 22:52 -------- d-----w- c:\program files\SHARP GSM GPRS USB Driver 2009-05-20 09:14 . 2009-05-20 09:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-05-18 22:39 . 2009-02-09 12:10 714752 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll 2009-05-17 01:52 . 2009-05-17 01:54 34 ----a-w- c:\documents and settings\Scott\jagex_runescape_preferences.dat 2009-05-17 01:51 . 2009-05-17 01:51 -------- d-----w- c:\windows\.jagex_cache_32 2009-05-17 00:15 . 2009-05-17 00:15 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Google 2009-05-17 00:11 . 2009-05-17 08:48 -------- d-----w- c:\program files\Google 2009-05-17 00:10 . 2009-05-17 00:29 -------- d-----w- c:\windows\system32\Adobe 2009-05-16 02:22 . 2009-05-16 02:22 -------- d-----w- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-03 04:38 . 2008-12-15 02:09 -------- d-----w- c:\program files\Symantec AntiVirus 2009-05-30 11:11 . 2009-03-31 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-27 14:41 . 2009-01-24 02:58 -------- d-----w- c:\program files\Windows Live 2009-05-24 00:06 . 2009-03-14 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent 2009-05-23 22:58 . 2008-12-10 08:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-18 23:24 . 2009-05-18 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-05-18 08:11 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe 2009-05-16 23:28 . 2009-03-14 23:51 39 ----a-w- c:\windows\popcinfot.dat 2009-05-15 15:05 . 2009-01-06 23:59 -------- d-----w- c:\documents and settings\Scott\Application Data\uTorrent 2009-05-03 00:08 . 2009-02-04 23:52 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso 2009-04-27 01:04 . 2009-04-27 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo 2009-04-24 01:39 . 2009-04-24 01:39 -------- d-----w- c:\program files\VGA USB Camera 2009-04-24 01:39 . 2009-04-24 01:39 -------- d-----w- c:\program files\directx 2009-04-20 22:16 . 2009-04-20 22:16 -------- d-----w- c:\program files\Common Files\INCA Shared 2009-04-20 08:22 . 2009-04-20 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir 2009-04-13 00:57 . 2009-01-07 00:46 -------- d-----w- c:\documents and settings\Scott\Application Data\LimeWireTurbo 2009-04-12 23:07 . 2009-01-05 05:55 80560 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-12 00:14 . 2009-04-12 00:14 -------- d-----w- c:\program files\MSECache 2009-04-07 00:54 . 2009-04-07 00:54 -------- d-----w- c:\program files\Utherverse Digital Inc 2009-04-06 00:25 . 2009-01-05 06:07 -------- d-----w- c:\documents and settings\Scott\Application Data\Ulead Systems 2009-04-06 00:24 . 2008-12-23 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-03-16 02:18 . 2009-04-07 00:55 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-03-16 02:18 . 2009-04-07 00:55 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-03-16 02:18 . 2009-04-07 00:55 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-03-16 02:18 . 2009-04-07 00:55 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-03-14 23:51 . 2009-03-14 23:51 0 ----a-w- c:\windows\popcreg.dat 2009-03-09 03:27 . 2009-04-07 00:55 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-03-09 03:27 . 2009-04-07 00:55 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-03-09 03:27 . 2009-04-07 00:55 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-03-08 04:43 . 2009-03-07 21:41 613 ----a-w- c:\windows\eReg.dat 2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w- c:\windows\system32\pdh.dll 2009-03-06 10:11 . 2009-01-07 00:50 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-03-06 10:10 . 2009-03-06 10:10 152576 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\jre1.6.0_12\lzma.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-02_23.30.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-03 04:37 . 2009-06-03 04:37 16384 c:\windows\Temp\Perflib_Perfdata_554.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave"= serwvdrv.dll "wave2"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"= "c:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [10/12/2008 8:42 p.m. 116264] R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [9/02/2009 1:32 p.m. 12856] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [21/02/2009 7:44 p.m. 14976] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/02/2009 7:02 p.m. 101936] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 7:33 p.m. 116464] S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;c:\windows\system32\drivers\usbgx_2.sys [3/08/2004 3:02 a.m. 24080] . Contents of the 'Scheduled Tasks' folder 2009-06-02 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 04:04] 2009-06-03 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 04:04] 2009-06-03 c:\windows\Tasks\User_Feed_Synchronization-{30D889D6-D2C8-4DD4-BC43-058010D1FD83}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 05:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.nz/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List IE: Easy-WebPrint High Speed Print IE: Easy-WebPrint Preview IE: Easy-WebPrint Print . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 16:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3624) c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-06-03 16:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-03 04:42 ComboFix2.txt 2009-06-02 23:36 Pre-Run: 14,241,681,408 bytes free Post-Run: 14,228,480,000 bytes free 181 --- E O F --- 2009-05-24 02:55
  10. Here is the combo-fix log ComboFix 09-06-01.03 - Scott 03/06/2009 11:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.521 [GMT 12:00] Running from: c:\documents and settings\Scott\Desktop\PleaseDontEatme.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\02000000083f14b9598C.manifest c:\documents and settings\Administrator\Application Data\02000000083f14b9598O.manifest c:\documents and settings\Administrator\Application Data\02000000083f14b9598P.manifest c:\documents and settings\Administrator\Application Data\02000000083f14b9598S.manifest c:\documents and settings\Scott\Application Data\02000000083f14b9598C.manifest c:\documents and settings\Scott\Application Data\02000000083f14b9598O.manifest c:\documents and settings\Scott\Application Data\02000000083f14b9598P.manifest c:\documents and settings\Scott\Application Data\02000000083f14b9598S.manifest c:\documents and settings\Scott\Application Data\inst.exe c:\program files\IEToolbar c:\program files\IEToolbar\ECO Bar\basis.xml c:\program files\IEToolbar\ECO Bar\ecobar.dll c:\program files\IEToolbar\ECO Bar\icons.bmp c:\program files\IEToolbar\ECO Bar\info.txt c:\program files\IEToolbar\ECO Bar\tbhelper.dll c:\program files\IEToolbar\ECO Bar\uninstall.exe c:\program files\IEToolbar\ECO Bar\version.txt c:\program files\IEToolbar\ECO Bar\your_logo.png c:\windows\ciqw1265.exe c:\windows\eedfw84770.exe c:\windows\lvdv15516.exe c:\windows\System32\d3dx10_3432.dll c:\windows\system32\GroupPolicy000.dat c:\windows\system32\ojvPK0Z.vbs c:\windows\system32\Vv6hNRdecHls7Su.vbs c:\windows\system32\ys2q2.vbs c:\windows\xcftb3342.exe c:\windows\xvisf2457.exe . ((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 ))))))))))))))))))))))))))))))) . 2009-06-02 00:37 . 2009-06-02 00:37 -------- d-----w- C:\rsit 2009-05-27 14:41 . 2009-05-27 14:41 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-05-26 09:56 . 2009-05-26 10:47 -------- d-----w- c:\documents and settings\Scott\Application Data\TeamViewer 2009-05-26 09:54 . 2009-05-26 09:54 -------- d-----w- c:\program files\TeamViewer 2009-05-26 09:54 . 2009-05-26 09:54 -------- d-----w- c:\documents and settings\Scott\temp 2009-05-24 23:22 . 2009-05-24 23:22 -------- d-----w- c:\program files\CCleaner 2009-05-23 23:00 . 2002-07-23 03:17 225280 ----a-r- c:\windows\USBGX17phmgunin.exe 2009-05-23 23:00 . 2009-05-23 23:00 -------- d-----w- c:\program files\GX17 USB-Handset Manager 2009-05-23 23:00 . 2009-05-23 23:00 -------- d-----w- c:\documents and settings\Scott\Application Data\MobileAction 2009-05-23 22:52 . 2009-05-23 22:52 -------- d-----w- c:\program files\SHARP GSM GPRS USB Driver 2009-05-20 09:14 . 2009-05-20 09:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-05-18 22:39 . 2009-02-09 12:10 714752 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll 2009-05-17 01:52 . 2009-05-17 01:54 34 ----a-w- c:\documents and settings\Scott\jagex_runescape_preferences.dat 2009-05-17 01:51 . 2009-05-17 01:51 -------- d-----w- c:\windows\.jagex_cache_32 2009-05-17 00:15 . 2009-05-17 00:15 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Google 2009-05-17 00:11 . 2009-05-17 08:48 -------- d-----w- c:\program files\Google 2009-05-17 00:10 . 2009-05-17 00:29 -------- d-----w- c:\windows\system32\Adobe 2009-05-16 02:22 . 2009-05-16 02:22 -------- d-----w- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-02 23:31 . 2008-12-15 02:09 -------- d-----w- c:\program files\Symantec AntiVirus 2009-05-30 11:11 . 2009-03-31 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-27 14:41 . 2009-01-24 02:58 -------- d-----w- c:\program files\Windows Live 2009-05-24 00:06 . 2009-03-14 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent 2009-05-23 22:58 . 2008-12-10 08:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-18 23:24 . 2009-05-18 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-05-18 08:11 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe 2009-05-16 23:28 . 2009-03-14 23:51 39 ----a-w- c:\windows\popcinfot.dat 2009-05-15 15:05 . 2009-01-06 23:59 -------- d-----w- c:\documents and settings\Scott\Application Data\uTorrent 2009-05-03 00:08 . 2009-02-04 23:52 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso 2009-04-27 01:04 . 2009-04-27 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo 2009-04-24 01:39 . 2009-04-24 01:39 -------- d-----w- c:\program files\VGA USB Camera 2009-04-24 01:39 . 2009-04-24 01:39 -------- d-----w- c:\program files\directx 2009-04-20 22:16 . 2009-04-20 22:16 -------- d-----w- c:\program files\Common Files\INCA Shared 2009-04-20 08:22 . 2009-04-20 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir 2009-04-13 00:57 . 2009-01-07 00:46 -------- d-----w- c:\documents and settings\Scott\Application Data\LimeWireTurbo 2009-04-12 23:07 . 2009-01-05 05:55 80560 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-12 00:14 . 2009-04-12 00:14 -------- d-----w- c:\program files\MSECache 2009-04-07 00:54 . 2009-04-07 00:54 -------- d-----w- c:\program files\Utherverse Digital Inc 2009-04-06 00:25 . 2009-01-05 06:07 -------- d-----w- c:\documents and settings\Scott\Application Data\Ulead Systems 2009-04-06 00:24 . 2008-12-23 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-03-16 02:18 . 2009-04-07 00:55 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-03-16 02:18 . 2009-04-07 00:55 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-03-16 02:18 . 2009-04-07 00:55 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-03-16 02:18 . 2009-04-07 00:55 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-03-14 23:51 . 2009-03-14 23:51 0 ----a-w- c:\windows\popcreg.dat 2009-03-09 03:27 . 2009-04-07 00:55 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-03-09 03:27 . 2009-04-07 00:55 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-03-09 03:27 . 2009-04-07 00:55 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-03-08 04:43 . 2009-03-07 21:41 613 ----a-w- c:\windows\eReg.dat 2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w- c:\windows\system32\pdh.dll 2009-03-06 10:11 . 2009-01-07 00:50 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-03-06 10:10 . 2009-03-06 10:10 152576 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\jre1.6.0_12\lzma.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave"= serwvdrv.dll "wave2"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "gbtzpuabpy"=c:\windows\System32\regsvr32.exe /s "c:\windows\system32\iunvdsyufgo.dll" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"= "c:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [10/12/2008 8:42 p.m. 116264] R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [9/02/2009 1:32 p.m. 12856] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [21/02/2009 7:44 p.m. 14976] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/02/2009 7:02 p.m. 101936] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 7:33 p.m. 116464] S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;c:\windows\system32\drivers\usbgx_2.sys [3/08/2004 3:02 a.m. 24080] . Contents of the 'Scheduled Tasks' folder 2009-06-02 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 04:04] 2009-06-02 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 04:04] 2009-06-02 c:\windows\Tasks\User_Feed_Synchronization-{30D889D6-D2C8-4DD4-BC43-058010D1FD83}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 05:36] . - - - - ORPHANS REMOVED - - - - BHO-{CC0014FB-0E41-053C-2DCE-815FC1BE572B} - (no file) BHO-{e10264ee-a062-c94e-baf2-109a422825d2} - (no file) SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uLocal Page = about:blank uStart Page = hxxp://www.google.co.nz/ mLocal Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List IE: Easy-WebPrint High Speed Print IE: Easy-WebPrint Preview IE: Easy-WebPrint Print . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 11:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(120) c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-06-02 11:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-02 23:36 Pre-Run: 14,225,674,240 bytes free Post-Run: 14,244,024,320 bytes free 206 --- E O F --- 2009-05-24 02:55
  11. HI and thanks, Here is the new logs as requested,thanks for your help Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:59:56 a.m., on 3/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6848 bytes
  12. Recently after my children being on my computer it started playing up,Internet explorer freezes and mucks around,gets new windows opening which are spyware or adware sites,cant open email directly from messenger.....i have posted my hijack this log here Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:19:43 p.m., on 2/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (disabled by BHODemon) O2 - BHO: (no name) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file) O2 - BHO: (no name) - {CC0014FB-0E41-053C-2DCE-815FC1BE572B} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {e10264ee-a062-c94e-baf2-109a422825d2} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O20 - AppInit_DLLs: C:\WINDOWS\System32\d3dx10_3432.dll O20 - Winlogon Notify: 94583e92598 - C:\WINDOWS\System32\d3dx10_3432.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7894 bytes Logfile of random's system information tool 1.06 (written by random/random) Run by Scott at 2009-06-02 12:37:27 Microsoft Windows XP Professional Service Pack 3 System drive C: has 14 GB (18%) free of 76 GB Total RAM: 1023 MB (38% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:37:29 p.m., on 2/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Scott\Desktop\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\Scott.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (disabled by BHODemon) O2 - BHO: (no name) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file) O2 - BHO: (no name) - {CC0014FB-0E41-053C-2DCE-815FC1BE572B} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {e10264ee-a062-c94e-baf2-109a422825d2} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O20 - AppInit_DLLs: C:\WINDOWS\System32\d3dx10_3432.dll O20 - Winlogon Notify: 94583e92598 - C:\WINDOWS\System32\d3dx10_3432.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7889 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\OGADaily.job C:\WINDOWS\tasks\OGALogon.job C:\WINDOWS\tasks\User_Feed_Synchronization-{30D889D6-D2C8-4DD4-BC43-058010D1FD83}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6714ADBD-C6C1-42A8-BD84-9C9339059421}] TBSB05288 Class - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll [2008-08-15 2484224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC0014FB-0E41-053C-2DCE-815FC1BE572B}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-06 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e10264ee-a062-c94e-baf2-109a422825d2}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-06 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {10000000-1000-1000-1000-100000000000} - ECO Bar - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll [2008-08-15 2484224] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896] "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2009-05-16 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\System32\d3dx10_3432.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\94583e92598] C:\WINDOWS\System32\d3dx10_3432.dll [2009-05-19 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-12-02 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoFolderOptions"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Disabled:PnkBstrB" "C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Enabled:patchgrabber" "C:\Program Files\EA Games\Command and Conquer Generals\game.dat"="C:\Program Files\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88bce8b8-0f84-11de-ad7b-000d612a0c27}] shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5c4ba54-ee77-11dd-a486-000d612a0c27}] shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe ======File associations====== .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2009-06-02 12:37:27 ----D---- C:\rsit 2009-05-30 23:01:59 ----D---- C:\WINDOWS\pss 2009-05-28 02:41:35 ----D---- C:\Program Files\Windows Live SkyDrive 2009-05-26 21:56:50 ----D---- C:\Documents and Settings\Scott\Application Data\TeamViewer 2009-05-26 21:54:56 ----D---- C:\Program Files\TeamViewer 2009-05-25 11:22:14 ----D---- C:\Program Files\CCleaner 2009-05-24 12:58:14 ----A---- C:\WINDOWS\xcftb3342.exe 2009-05-24 12:58:11 ----D---- C:\Program Files\IEToolbar 2009-05-24 12:57:51 ----A---- C:\WINDOWS\ciqw1265.exe 2009-05-24 12:57:49 ----A---- C:\WINDOWS\lvdv15516.exe 2009-05-24 12:57:46 ----A---- C:\WINDOWS\eedfw84770.exe 2009-05-24 12:57:40 ----A---- C:\WINDOWS\xvisf2457.exe 2009-05-24 12:57:31 ----A---- C:\WINDOWS\kdiue732.txt 2009-05-24 11:00:49 ----RA---- C:\WINDOWS\USBGX17phmgunin.exe 2009-05-24 11:00:11 ----D---- C:\Program Files\GX17 USB-Handset Manager 2009-05-24 11:00:11 ----D---- C:\Documents and Settings\Scott\Application Data\MobileAction 2009-05-24 10:52:13 ----D---- C:\Program Files\SHARP GSM GPRS USB Driver 2009-05-19 10:39:33 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2009-05-17 13:51:39 ----D---- C:\WINDOWS\.jagex_cache_32 2009-05-17 12:40:58 ----A---- C:\WINDOWS\system32\Vv6hNRdecHls7Su.vbs 2009-05-17 12:40:56 ----A---- C:\WINDOWS\system32\ojvPK0Z.vbs 2009-05-17 12:37:08 ----A---- C:\WINDOWS\system32\ys2q2.vbs 2009-05-17 12:37:08 ----A---- C:\WINDOWS\system32\d3dx10_3432.dll 2009-05-17 12:15:13 ----D---- C:\Documents and Settings\Scott\Application Data\Google 2009-05-17 12:12:02 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-05-17 12:11:52 ----D---- C:\Program Files\Google 2009-05-17 12:10:36 ----D---- C:\WINDOWS\system32\Adobe 2009-05-16 14:22:49 ----D---- C:\Program Files\QuickTime ======List of files/folders modified in the last 1 months====== 2009-06-02 12:19:47 ----D---- C:\WINDOWS\Prefetch 2009-06-02 09:03:33 ----D---- C:\Program Files\Symantec AntiVirus 2009-06-02 09:03:06 ----D---- C:\WINDOWS\Temp 2009-06-01 23:46:36 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-31 01:21:16 ----D---- C:\WINDOWS 2009-05-30 23:27:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-30 23:27:37 ----D---- C:\WINDOWS\system32 2009-05-30 23:27:32 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-30 23:11:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-29 14:26:01 ----D---- C:\Program Files\xerox 2009-05-28 13:04:24 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-05-28 02:42:14 ----SHD---- C:\WINDOWS\Installer 2009-05-28 02:41:41 ----D---- C:\Program Files\Windows Live 2009-05-28 02:41:35 ----D---- C:\Program Files 2009-05-28 02:40:23 ----D---- C:\WINDOWS\Microsoft.NET 2009-05-28 02:19:55 ----D---- C:\WINDOWS\WinSxS 2009-05-28 02:18:31 ----RSD---- C:\WINDOWS\assembly 2009-05-28 02:10:23 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-05-28 02:10:23 ----D---- C:\WINDOWS\system32\drivers 2009-05-25 11:25:17 ----D---- C:\WINDOWS\Minidump 2009-05-25 11:25:17 ----D---- C:\WINDOWS\Debug 2009-05-24 14:55:18 ----HD---- C:\WINDOWS\inf 2009-05-24 14:55:00 ----D---- C:\WINDOWS\system32\en-US 2009-05-24 14:54:59 ----D---- C:\Program Files\Internet Explorer 2009-05-24 14:13:22 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-24 12:06:09 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent 2009-05-24 12:05:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-05-24 10:58:23 ----HD---- C:\Program Files\InstallShield Installation Information 2009-05-21 20:48:19 ----D---- C:\WINDOWS\Media 2009-05-21 20:48:18 ----D---- C:\WINDOWS\Help 2009-05-21 20:45:40 ----D---- C:\WINDOWS\ie8updates 2009-05-20 21:15:12 ----SHD---- C:\RECYCLER 2009-05-20 21:13:36 ----D---- C:\Documents and Settings 2009-05-19 15:37:09 ----A---- C:\WINDOWS\win.ini 2009-05-19 10:28:24 ----SHD---- C:\System Volume Information 2009-05-19 10:28:24 ----D---- C:\WINDOWS\system32\Restore 2009-05-19 09:40:35 ----D---- C:\WINDOWS\system32\LogFiles 2009-05-18 20:11:56 ----A---- C:\WINDOWS\system32\rundll32.exe 2009-05-17 12:12:32 ----D---- C:\Documents and Settings\Scott\Application Data\Adobe 2009-05-17 12:12:30 ----D---- C:\WINDOWS\system32\Macromed 2009-05-16 03:05:26 ----D---- C:\Documents and Settings\Scott\Application Data\uTorrent 2009-05-07 19:16:30 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-03 12:08:38 ----D---- C:\Documents and Settings\Scott\Application Data\Vso ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 36352] R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12856] R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys [] R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys [] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472] R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768] R2 SBKUPNT;SBKUPNT; \??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-15 404736] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928] R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-05-21 121856] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2003-03-31 625537] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090528.003\naveng.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090528.003\navex15.sys [] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824] R3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-22 174530] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-05 47360] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768] R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14592] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0; C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-08-03 24080] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-02 598016] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-06 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848] R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-04-15 2784285] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-06-02 12:37:32 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Silicon Image Raid\Uninst.isu" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20A4352A-237B-41DD-A6C0-3CD2F8E8D35C}\Setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9 ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} ConvertXtoDVD 3.3.0.96-->"C:\Program Files\VSO\ConvertX\3\unins000.exe" Corel VideoStudio 12-->C:\Program Files\InstallShield Installation Information\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\setup.exe -runfromtemp -l0x0409 Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37} Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu" GX17 USB-Handset Manager-->C:\WINDOWS\USBGX17phmgunin.exe C:\Program Files\GX17 USB-Handset Manager\FileList.ini HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hitman Blood Money-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Intel® PRO Network Adapters and Drivers-->Prounstl.exe Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79} Java 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} LimeWireTurbo-->C:\Program Files\LimeWireTurbo\uninstall.exe LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD} Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668} Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update
×
×
  • Create New...