Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HJT log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My HJT log

Unread postby Obsessionz » October 13th, 2008, 12:52 am

Um, my comp has been acting strange lately. In need of help.

---------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 12:50:36 AM, on 10/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mypops\ypops.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E57404E-8A78-440E-85C6-B1018B8BCCFC} - C:\WINDOWS\system32\pmnoNDVO.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DB036A52-3A88-466B-BD39-05A6D9D9B18A} - C:\WINDOWS\system32\awturRLe.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ypops] C:\Program Files\Mypops\ypops.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\DOCUME~1\Home\LOCALS~1\Temp\E_S16.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awturRLe - awturRLe.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: geBSigDs - geBSigDs.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
Obsessionz
Active Member
 
Posts: 9
Joined: October 13th, 2008, 12:45 am
Advertisement
Register to Remove

Re: My HJT log

Unread postby Shaba » October 14th, 2008, 8:45 am

Hi Obsessionz

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HJT log

Unread postby Obsessionz » October 15th, 2008, 4:56 am

As told, I recieved this.

--------------------------------------------------


2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Ares 2.0.9
AVI Codec Pack
Build Your Own Net Dream (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dofus 1.25.0
EPSON Printer Software
FlashGet 1.9.6.1073
Fraps (remove only)
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
ijji - Gunz
ijji Auto Installer
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo DeviceService
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Logitech Desktop Messenger
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
OCR Software by I.R.I.S. 10.0
QuickTime
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shop for HP Supplies
Sony Sound Forge Audio Studio 9.0
Sony Vegas Pro 8.0
SoundMAX
Spyware Doctor 6.0
System Requirements Lab
T-Mobile Wing™ User Manual
Tsunami-Filter-Pack
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Ventrilo Client
VeohTV BETA
Windows Communication Foundation
Windows Imaging Component
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
Obsessionz
Active Member
 
Posts: 9
Joined: October 13th, 2008, 12:45 am

Re: My HJT log

Unread postby Shaba » October 15th, 2008, 5:08 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Ares 2.0.9

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red)

Please run a new uninstall list scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HJT log

Unread postby Obsessionz » October 15th, 2008, 5:17 am

Okay.

--------------------------------------

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0
ArcSoft PhotoImpression 6
ArcSoft Print Creations
AVI Codec Pack
Build Your Own Net Dream (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dofus 1.25.0
EPSON Printer Software
FlashGet 1.9.6.1073
Fraps (remove only)
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
ijji - Gunz
ijji Auto Installer
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo DeviceService
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Logitech Desktop Messenger
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
OCR Software by I.R.I.S. 10.0
QuickTime
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shop for HP Supplies
Sony Sound Forge Audio Studio 9.0
Sony Vegas Pro 8.0
SoundMAX
Spyware Doctor 6.0
System Requirements Lab
T-Mobile Wing™ User Manual
Tsunami-Filter-Pack
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Ventrilo Client
VeohTV BETA
Windows Communication Foundation
Windows Imaging Component
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
Obsessionz
Active Member
 
Posts: 9
Joined: October 13th, 2008, 12:45 am

Re: My HJT log

Unread postby Shaba » October 15th, 2008, 5:33 am

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Post:

- mbam log
- rsit logs (taken after mbam run)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HJT log

Unread postby Obsessionz » October 15th, 2008, 3:15 pm

mbam log:

------------------------------------------

Malwarebytes' Anti-Malware 1.28
Database version: 1271
Windows 5.1.2600 Service Pack 3

10/15/2008 3:12:47 PM
mbam-log-2008-10-15 (15-12-47).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 160831
Time elapsed: 36 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awturrle (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e57404e-8a78-440e-85c6-b1018b8bccfc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e57404e-8a78-440e-85c6-b1018b8bccfc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bam (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f10 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vec3 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Sakora (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mjc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhcrwpj0ejc3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dance touch u die\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\awturRLe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bywiadpb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bpdaiwyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eoulfqlx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlqfluoe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\update.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\atmadm2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\nsh5.tmp\System.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86A28C12-EEE0-4974-BB9E-1B361C55AEE9}\RP179\A0093828.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJArOIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRjGv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcyaywt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\rhcrwpj0ejc3\rhcrwpj0ejc3.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCuTnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7fa02cd.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7fa02cd.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.

------------------------------------------------

log:

Malwarebytes' Anti-Malware 1.28
Database version: 1271
Windows 5.1.2600 Service Pack 3

10/15/2008 3:12:47 PM
mbam-log-2008-10-15 (15-12-47).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 160831
Time elapsed: 36 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awturrle (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e57404e-8a78-440e-85c6-b1018b8bccfc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e57404e-8a78-440e-85c6-b1018b8bccfc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bam (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f10 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vec3 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Sakora (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mjc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhcrwpj0ejc3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dance touch u die\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\awturRLe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bywiadpb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bpdaiwyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eoulfqlx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlqfluoe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\update.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\atmadm2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\nsh5.tmp\System.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86A28C12-EEE0-4974-BB9E-1B361C55AEE9}\RP179\A0093828.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJArOIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRjGv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcyaywt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\rhcrwpj0ejc3\rhcrwpj0ejc3.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCuTnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7fa02cd.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7fa02cd.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.

------------------------------------------

info:

Malwarebytes' Anti-Malware 1.28
Database version: 1271
Windows 5.1.2600 Service Pack 3

10/15/2008 3:12:47 PM
mbam-log-2008-10-15 (15-12-47).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 160831
Time elapsed: 36 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awturrle (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e57404e-8a78-440e-85c6-b1018b8bccfc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e57404e-8a78-440e-85c6-b1018b8bccfc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bam (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f10 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vec3 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Sakora (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mjc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhcrwpj0ejc3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dance touch u die\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\awturRLe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bywiadpb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bpdaiwyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eoulfqlx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlqfluoe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\update.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\atmadm2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\nsh5.tmp\System.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86A28C12-EEE0-4974-BB9E-1B361C55AEE9}\RP179\A0093828.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJArOIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRjGv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcyaywt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\rhcrwpj0ejc3\rhcrwpj0ejc3.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCuTnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7fa02cd.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7fa02cd.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
Obsessionz
Active Member
 
Posts: 9
Joined: October 13th, 2008, 12:45 am

Re: My HJT log

Unread postby Shaba » October 15th, 2008, 3:19 pm

You posted mbam log three times :)

Please post also rsit logs :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HJT log

Unread postby Obsessionz » October 15th, 2008, 3:30 pm

I thought I hit Paste. ><

Sorry.

log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Home at 2008-10-15 15:13:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 82 GB (54%) free of 153 GB
Total RAM: 502 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:44 PM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mypops\ypops.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Home\Desktop\RSIT.exe
C:\Program Files\trend micro\Home.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ypops] C:\Program Files\Mypops\ypops.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\DOCUME~1\Home\LOCALS~1\Temp\E_S16.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: geBSigDs - geBSigDs.dll (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7337 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-09-11 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-19 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"ypops"=C:\Program Files\Mypops\ypops.exe [2008-07-28 90624]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-25 2007088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EPSON Stylus CX8400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE [2007-02-15 179200]
""= []
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBSigDs]
geBSigDs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{565E374A-23FD-4FA2-AED5-5209A37A544B}"= []
"{06A1F910-762A-4660-B534-55B82571851C}"= []
"{DB036A52-3A88-466B-BD39-05A6D9D9B18A}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\pmnoNDVO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\ijji\ENGLISH\u_sf.exe"="C:\ijji\ENGLISH\u_sf.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\euro gunz 7.1\eurogz7.exe"="C:\Program Files\euro gunz 7.1\eurogz7.exe:*:Enabled:GunZProtect Licensed to EuroGunZ"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BYOND\bin\byond.exe"="C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1100dbc3-4585-11dd-b31d-8722b5fb0379}]
shell\Auto\command - F:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e99bd72-63ca-11dd-b426-001111869186}]
shell\Auto\command - F:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2c1ca10-4785-11dd-b339-001111869186}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2c1ca11-4785-11dd-b339-001111869186}]
shell\Auto\command - G:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-15 15:13:38 ----D---- C:\Program Files\trend micro
2008-10-15 15:13:37 ----D---- C:\rsit
2008-10-15 05:35:09 ----D---- C:\Documents and Settings\Home\Application Data\Malwarebytes
2008-10-15 05:35:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 05:35:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 14:39:37 ----D---- C:\Documents and Settings\Home\Application Data\HPAppData
2008-10-13 00:49:54 ----D---- C:\Program Files\Hijackthis
2008-10-12 06:40:01 ----D---- C:\Downloads
2008-10-12 06:12:13 ----D---- C:\Program Files\FlashGet
2008-10-07 02:02:50 ----D---- C:\Program Files\MSXML 4.0
2008-10-06 22:03:29 ----D---- C:\Documents and Settings\Home\Application Data\HP
2008-10-06 15:24:41 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-06 15:24:23 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2008-10-06 15:24:22 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2008-10-06 15:14:50 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-06 15:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpwwiax4.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpwtscl3.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpovst11.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\difxapi.dll
2008-10-06 15:12:59 ----D---- C:\Program Files\Common Files\HP
2008-10-06 15:12:58 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-10-06 15:12:57 ----D---- C:\Program Files\Hewlett-Packard
2008-10-06 15:12:07 ----RA---- C:\WINDOWS\hpzshl01.exe
2008-10-06 15:12:07 ----RA---- C:\WINDOWS\hpzmsi01.exe
2008-10-06 15:12:05 ----D---- C:\WINDOWS\yellowtail
2008-10-06 15:11:52 ----D---- C:\Program Files\HP
2008-10-06 03:05:30 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-06 02:42:27 ----D---- C:\Program Files\uTorrent
2008-10-06 02:42:26 ----D---- C:\Documents and Settings\Home\Application Data\uTorrent
2008-09-26 16:34:29 ----D---- C:\Program Files\RivaTuner v2.11

======List of files/folders modified in the last 1 months======

2008-10-15 15:13:38 ----RD---- C:\Program Files
2008-10-15 15:13:33 ----D---- C:\WINDOWS\Prefetch
2008-10-15 15:12:46 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 15:12:46 ----D---- C:\WINDOWS\system32
2008-10-15 15:12:46 ----D---- C:\WINDOWS
2008-10-15 15:11:50 ----D---- C:\Program Files\Mozilla Firefox
2008-10-15 14:00:28 ----D---- C:\WINDOWS\Temp
2008-10-15 05:35:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 01:26:15 ----A---- C:\WINDOWS\GunzLauncher.INI
2008-10-15 00:48:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-13 07:53:44 ----D---- C:\Program Files\Spyware Doctor
2008-10-08 22:16:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-07 02:02:55 ----SHD---- C:\WINDOWS\Installer
2008-10-07 02:02:55 ----HD---- C:\Config.Msi
2008-10-07 02:02:51 ----D---- C:\WINDOWS\WinSxS
2008-10-06 16:42:30 ----A---- C:\WINDOWS\win.ini
2008-10-06 15:13:25 ----D---- C:\WINDOWS\twain_32
2008-10-06 15:13:00 ----HD---- C:\WINDOWS\inf
2008-10-06 15:12:59 ----D---- C:\Program Files\Common Files
2008-10-06 15:12:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-06 03:17:28 ----D---- C:\Program Files\particleIllusion_3
2008-09-29 22:42:53 ----D---- C:\Temp
2008-09-27 03:28:40 ----RSD---- C:\WINDOWS\Fonts
2008-09-26 14:06:09 ----A---- C:\WINDOWS\system.ini
2008-09-24 13:32:26 ----D---- C:\Fraps
2008-09-23 14:31:35 ----D---- C:\Program Files\Dofus
2008-09-23 12:40:15 ----D---- C:\WINDOWS\system32\wbem
2008-09-23 12:40:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-23 12:40:10 ----SD---- C:\Documents and Settings\Home\Application Data\Microsoft
2008-09-17 15:04:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-17 03:42:10 ----D---- C:\WINDOWS\Help
2008-09-17 03:40:02 ----D---- C:\WINDOWS\system32\config
2008-09-17 03:39:02 ----D---- C:\WINDOWS\Registration
2008-09-17 03:33:14 ----A---- C:\WINDOWS\ntbtlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-09-18 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-09-18 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-09-18 356920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-18 1077640]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Obsessionz
Active Member
 
Posts: 9
Joined: October 13th, 2008, 12:45 am

Re: My HJT log

Unread postby Shaba » October 15th, 2008, 3:46 pm

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    :files
    C:\Program Files\uTorrent
    C:\Documents and Settings\Home\Application Data\uTorrent
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\FrostWire\FrostWire.exe
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBSigDs]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Ares\Ares.exe"=-
    "C:\Program Files\BitLord\BitLord.exe"=-
    "C:\Program Files\FrostWire\FrostWire.exe"=-
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    
    :commands
    [EmptyTemp]
    

  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

post:

- a fresh rsit log
- otmoveit3 log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HJT log

Unread postby Obsessionz » October 15th, 2008, 5:10 pm

ozon:

========== FILES ==========
C:\Program Files\uTorrent moved successfully.
C:\Documents and Settings\Home\Application Data\uTorrent moved successfully.
File/Folder C:\Program Files\Ares\Ares.exe not found.
File/Folder C:\Program Files\BitLord\BitLord.exe not found.
File/Folder C:\Program Files\FrostWire\FrostWire.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBSigDs\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Ares\Ares.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitLord\BitLord.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\FrostWire\FrostWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\etilqs_nTRVxQq9bBDyqODVZLzy scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\~DF9A56.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\~DF9A63.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\~DFA3A7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\~DFA3B2.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10152008_170023

Files moved on Reboot...
File C:\DOCUME~1\Home\LOCALS~1\Temp\etilqs_nTRVxQq9bBDyqODVZLzy not found!
File C:\DOCUME~1\Home\LOCALS~1\Temp\~DF9A56.tmp not found!
File C:\DOCUME~1\Home\LOCALS~1\Temp\~DF9A63.tmp not found!
File C:\DOCUME~1\Home\LOCALS~1\Temp\~DFA3A7.tmp not found!
File C:\DOCUME~1\Home\LOCALS~1\Temp\~DFA3B2.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\XUL.mfl moved successfully.


----------------------


log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Home at 2008-10-15 15:13:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 82 GB (54%) free of 153 GB
Total RAM: 502 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:44 PM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mypops\ypops.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Home\Desktop\RSIT.exe
C:\Program Files\trend micro\Home.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ypops] C:\Program Files\Mypops\ypops.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\DOCUME~1\Home\LOCALS~1\Temp\E_S16.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: geBSigDs - geBSigDs.dll (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7337 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-09-11 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-19 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"ypops"=C:\Program Files\Mypops\ypops.exe [2008-07-28 90624]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-25 2007088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EPSON Stylus CX8400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE [2007-02-15 179200]
""= []
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBSigDs]
geBSigDs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{565E374A-23FD-4FA2-AED5-5209A37A544B}"= []
"{06A1F910-762A-4660-B534-55B82571851C}"= []
"{DB036A52-3A88-466B-BD39-05A6D9D9B18A}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\pmnoNDVO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\ijji\ENGLISH\u_sf.exe"="C:\ijji\ENGLISH\u_sf.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\euro gunz 7.1\eurogz7.exe"="C:\Program Files\euro gunz 7.1\eurogz7.exe:*:Enabled:GunZProtect Licensed to EuroGunZ"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BYOND\bin\byond.exe"="C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1100dbc3-4585-11dd-b31d-8722b5fb0379}]
shell\Auto\command - F:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e99bd72-63ca-11dd-b426-001111869186}]
shell\Auto\command - F:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2c1ca10-4785-11dd-b339-001111869186}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2c1ca11-4785-11dd-b339-001111869186}]
shell\Auto\command - G:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-15 15:13:38 ----D---- C:\Program Files\trend micro
2008-10-15 15:13:37 ----D---- C:\rsit
2008-10-15 05:35:09 ----D---- C:\Documents and Settings\Home\Application Data\Malwarebytes
2008-10-15 05:35:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 05:35:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 14:39:37 ----D---- C:\Documents and Settings\Home\Application Data\HPAppData
2008-10-13 00:49:54 ----D---- C:\Program Files\Hijackthis
2008-10-12 06:40:01 ----D---- C:\Downloads
2008-10-12 06:12:13 ----D---- C:\Program Files\FlashGet
2008-10-07 02:02:50 ----D---- C:\Program Files\MSXML 4.0
2008-10-06 22:03:29 ----D---- C:\Documents and Settings\Home\Application Data\HP
2008-10-06 15:24:41 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-06 15:24:23 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2008-10-06 15:24:22 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2008-10-06 15:14:50 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-06 15:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpwwiax4.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpwtscl3.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpovst11.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\difxapi.dll
2008-10-06 15:12:59 ----D---- C:\Program Files\Common Files\HP
2008-10-06 15:12:58 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-10-06 15:12:57 ----D---- C:\Program Files\Hewlett-Packard
2008-10-06 15:12:07 ----RA---- C:\WINDOWS\hpzshl01.exe
2008-10-06 15:12:07 ----RA---- C:\WINDOWS\hpzmsi01.exe
2008-10-06 15:12:05 ----D---- C:\WINDOWS\yellowtail
2008-10-06 15:11:52 ----D---- C:\Program Files\HP
2008-10-06 03:05:30 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-06 02:42:27 ----D---- C:\Program Files\uTorrent
2008-10-06 02:42:26 ----D---- C:\Documents and Settings\Home\Application Data\uTorrent
2008-09-26 16:34:29 ----D---- C:\Program Files\RivaTuner v2.11

======List of files/folders modified in the last 1 months======

2008-10-15 15:13:38 ----RD---- C:\Program Files
2008-10-15 15:13:33 ----D---- C:\WINDOWS\Prefetch
2008-10-15 15:12:46 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 15:12:46 ----D---- C:\WINDOWS\system32
2008-10-15 15:12:46 ----D---- C:\WINDOWS
2008-10-15 15:11:50 ----D---- C:\Program Files\Mozilla Firefox
2008-10-15 14:00:28 ----D---- C:\WINDOWS\Temp
2008-10-15 05:35:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 01:26:15 ----A---- C:\WINDOWS\GunzLauncher.INI
2008-10-15 00:48:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-13 07:53:44 ----D---- C:\Program Files\Spyware Doctor
2008-10-08 22:16:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-07 02:02:55 ----SHD---- C:\WINDOWS\Installer
2008-10-07 02:02:55 ----HD---- C:\Config.Msi
2008-10-07 02:02:51 ----D---- C:\WINDOWS\WinSxS
2008-10-06 16:42:30 ----A---- C:\WINDOWS\win.ini
2008-10-06 15:13:25 ----D---- C:\WINDOWS\twain_32
2008-10-06 15:13:00 ----HD---- C:\WINDOWS\inf
2008-10-06 15:12:59 ----D---- C:\Program Files\Common Files
2008-10-06 15:12:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-06 03:17:28 ----D---- C:\Program Files\particleIllusion_3
2008-09-29 22:42:53 ----D---- C:\Temp
2008-09-27 03:28:40 ----RSD---- C:\WINDOWS\Fonts
2008-09-26 14:06:09 ----A---- C:\WINDOWS\system.ini
2008-09-24 13:32:26 ----D---- C:\Fraps
2008-09-23 14:31:35 ----D---- C:\Program Files\Dofus
2008-09-23 12:40:15 ----D---- C:\WINDOWS\system32\wbem
2008-09-23 12:40:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-23 12:40:10 ----SD---- C:\Documents and Settings\Home\Application Data\Microsoft
2008-09-17 15:04:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-17 03:42:10 ----D---- C:\WINDOWS\Help
2008-09-17 03:40:02 ----D---- C:\WINDOWS\system32\config
2008-09-17 03:39:02 ----D---- C:\WINDOWS\Registration
2008-09-17 03:33:14 ----A---- C:\WINDOWS\ntbtlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-09-18 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-09-18 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-09-18 356920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-18 1077640]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Obsessionz
Active Member
 
Posts: 9
Joined: October 13th, 2008, 12:45 am

Re: My HJT log

Unread postby Shaba » October 16th, 2008, 4:27 am

Is rsit log taken after otmoveit3 run?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HJT log

Unread postby Obsessionz » October 16th, 2008, 3:03 pm

I shall do it once more.
Obsessionz
Active Member
 
Posts: 9
Joined: October 13th, 2008, 12:45 am

Re: My HJT log

Unread postby Obsessionz » October 16th, 2008, 3:07 pm

Green bar:

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Ares\Ares.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitLord\BitLord.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\FrostWire\FrostWire.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\etilqs_DTbvCI4Wo0nEs23hA5nW scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\fla13.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\~DF7DFA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\~DF7E07.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\~DFA092.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Home\LOCALS~1\Temp\~DFA114.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\nn1s30ng.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10162008_150453




--------------------------


log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Home at 2008-10-16 15:06:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 86 GB (56%) free of 153 GB
Total RAM: 502 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:07 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mypops\ypops.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Home\Desktop\RSIT.exe
C:\Program Files\trend micro\Home.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ypops] C:\Program Files\Mypops\ypops.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\Home\Desktop\OTMoveIt3(2).exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\DOCUME~1\Home\LOCALS~1\Temp\E_S16.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7317 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-09-11 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-19 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"ypops"=C:\Program Files\Mypops\ypops.exe [2008-07-28 90624]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-25 2007088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTMoveIt"=C:\Documents and Settings\Home\Desktop\OTMoveIt3(2).exe [2008-10-16 334848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EPSON Stylus CX8400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE [2007-02-15 179200]
""= []
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{565E374A-23FD-4FA2-AED5-5209A37A544B}"= []
"{06A1F910-762A-4660-B534-55B82571851C}"= []
"{DB036A52-3A88-466B-BD39-05A6D9D9B18A}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\ijji\ENGLISH\u_sf.exe"="C:\ijji\ENGLISH\u_sf.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\euro gunz 7.1\eurogz7.exe"="C:\Program Files\euro gunz 7.1\eurogz7.exe:*:Enabled:GunZProtect Licensed to EuroGunZ"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BYOND\bin\byond.exe"="C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Freestylers Gaming Community\Freestyle Gunz\theduel.exe"="C:\Program Files\Freestylers Gaming Community\Freestyle Gunz\theduel.exe:*:Enabled:Xiao's Runnable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1100dbc3-4585-11dd-b31d-8722b5fb0379}]
shell\Auto\command - F:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e99bd72-63ca-11dd-b426-001111869186}]
shell\Auto\command - F:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2c1ca10-4785-11dd-b339-001111869186}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2c1ca11-4785-11dd-b339-001111869186}]
shell\Auto\command - G:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-16 02:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 22:13:43 ----D---- C:\Program Files\Freestylers Gaming Community
2008-10-15 17:00:23 ----D---- C:\_OTMoveIt
2008-10-15 15:13:38 ----D---- C:\Program Files\trend micro
2008-10-15 15:13:37 ----D---- C:\rsit
2008-10-15 05:35:09 ----D---- C:\Documents and Settings\Home\Application Data\Malwarebytes
2008-10-15 05:35:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 05:35:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 14:39:37 ----D---- C:\Documents and Settings\Home\Application Data\HPAppData
2008-10-13 00:49:54 ----D---- C:\Program Files\Hijackthis
2008-10-12 06:40:01 ----D---- C:\Downloads
2008-10-12 06:12:13 ----D---- C:\Program Files\FlashGet
2008-10-07 02:02:50 ----D---- C:\Program Files\MSXML 4.0
2008-10-06 22:03:29 ----D---- C:\Documents and Settings\Home\Application Data\HP
2008-10-06 15:24:41 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-06 15:24:23 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2008-10-06 15:24:22 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2008-10-06 15:14:50 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-06 15:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpwwiax4.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpwtscl3.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\hpovst11.dll
2008-10-06 15:13:14 ----RA---- C:\WINDOWS\system32\difxapi.dll
2008-10-06 15:12:59 ----D---- C:\Program Files\Common Files\HP
2008-10-06 15:12:58 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-10-06 15:12:57 ----D---- C:\Program Files\Hewlett-Packard
2008-10-06 15:12:07 ----RA---- C:\WINDOWS\hpzshl01.exe
2008-10-06 15:12:07 ----RA---- C:\WINDOWS\hpzmsi01.exe
2008-10-06 15:12:05 ----D---- C:\WINDOWS\yellowtail
2008-10-06 15:11:52 ----D---- C:\Program Files\HP
2008-10-06 03:05:30 ----A---- C:\WINDOWS\IsUninst.exe
2008-09-26 16:34:29 ----D---- C:\Program Files\RivaTuner v2.11

======List of files/folders modified in the last 1 months======

2008-10-16 15:05:02 ----D---- C:\WINDOWS\Temp
2008-10-16 14:54:49 ----D---- C:\Program Files\Mozilla Firefox
2008-10-16 04:36:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-16 04:10:20 ----A---- C:\WINDOWS\GunzLauncher.INI
2008-10-16 04:10:02 ----D---- C:\WINDOWS\system32\drivers
2008-10-16 03:50:33 ----D---- C:\WINDOWS
2008-10-16 03:48:51 ----D---- C:\WINDOWS\system32
2008-10-16 02:30:16 ----SHD---- C:\WINDOWS\Installer
2008-10-16 02:30:16 ----HD---- C:\Config.Msi
2008-10-16 02:30:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 02:28:51 ----HD---- C:\WINDOWS\inf
2008-10-16 02:28:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-16 02:28:32 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 02:28:28 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 02:27:27 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:26:50 ----D---- C:\WINDOWS\ie7updates
2008-10-16 00:50:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 22:15:49 ----D---- C:\WINDOWS\Prefetch
2008-10-15 22:13:43 ----RD---- C:\Program Files
2008-10-15 05:35:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-13 07:53:44 ----D---- C:\Program Files\Spyware Doctor
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-07 02:02:51 ----D---- C:\WINDOWS\WinSxS
2008-10-06 16:42:30 ----A---- C:\WINDOWS\win.ini
2008-10-06 15:13:25 ----D---- C:\WINDOWS\twain_32
2008-10-06 15:12:59 ----D---- C:\Program Files\Common Files
2008-10-06 15:12:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-06 03:17:28 ----D---- C:\Program Files\particleIllusion_3
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-29 22:42:53 ----D---- C:\Temp
2008-09-27 03:28:40 ----RSD---- C:\WINDOWS\Fonts
2008-09-26 14:06:09 ----A---- C:\WINDOWS\system.ini
2008-09-24 13:32:26 ----D---- C:\Fraps
2008-09-23 14:31:35 ----D---- C:\Program Files\Dofus
2008-09-23 12:40:15 ----D---- C:\WINDOWS\system32\wbem
2008-09-23 12:40:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-23 12:40:10 ----SD---- C:\Documents and Settings\Home\Application Data\Microsoft
2008-09-17 03:42:10 ----D---- C:\WINDOWS\Help
2008-09-17 03:40:02 ----D---- C:\WINDOWS\system32\config
2008-09-17 03:39:02 ----D---- C:\WINDOWS\Registration
2008-09-17 03:33:14 ----A---- C:\WINDOWS\ntbtlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-09-18 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-09-18 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-09-18 356920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-18 1077640]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Obsessionz
Active Member
 
Posts: 9
Joined: October 13th, 2008, 12:45 am

Re: My HJT log

Unread postby Shaba » October 16th, 2008, 3:13 pm

Yes, now it looks better :)

Does Spyware Doctor also have antivirus?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 88 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware