Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with computer please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with computer please

Unread postby bigdalt » November 5th, 2008, 12:09 am

hello i got my computer back from a family member and they reformated my computer and when i got it back i got on the internet and it worked great then the next time i turned it on some how i got spyware or adware on it and so i downloaded spybot search and destory and tired to get some of it off by failed to get all of it all. I cant get the automatic windows update to enable on and the error for automatic update is 1508 and random internet explorer windows pop up and pop ups all the time too. So if someone could help me that would be great

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:09 PM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [SpybotDeletingA6470] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1839] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: rvaukj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

--
End of file - 4493 bytes
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Advertisement
Register to Remove

Re: Help with computer please

Unread postby Shaba » November 6th, 2008, 5:43 am

Hi bigdalt

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help with computer please

Unread postby bigdalt » November 6th, 2008, 10:55 pm

the notepad wont show up after i click save list
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm

Re: Help with computer please

Unread postby Shaba » November 7th, 2008, 4:48 am

Then we use this:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help with computer please

Unread postby bigdalt » November 7th, 2008, 7:43 am

ok
Log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by bob at 2008-11-07 05:41:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 1023 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:44 AM, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\bob\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1DE7301A-9114-4C3A-88FE-25B3393A2EDD} - C:\WINDOWS\system32\ssqNDVOE.dll
O2 - BHO: (no name) - {3EC9496F-8752-49CF-BC8A-E258C8286DAE} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55A326C9-A153-486A-AB09-475C368EC82D} - C:\WINDOWS\system32\byXOiiFY.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {B3A72343-C1C0-1526-7420-E7E4B2698B60} - C:\WINDOWS\system32\npxugxcjvrcych.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DF0657C8-C1C8-482A-AEAB-81B65FA549B8} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: rvaukj.dll saiwnz.dll ablrbv.dll
O20 - Winlogon Notify: ssqNDVOE - C:\WINDOWS\SYSTEM32\ssqNDVOE.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Info:
info.txt logfile of random's system information tool 1.04 2008-11-07 05:41:50

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Deewoo Network Manager removal-->C:\WINDOWS\system32\lcntmtdl.exe -UPop
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lexmark X5100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RON Tool Agadoo-->C:\WINDOWS\system32\ojrmsoidskdfykyh.exe
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SiSoftware Sandra Lite XII.SP2c-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Test My Hardware 2.4-->"C:\Program Files\Test My Hardware\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
WildBlue Optimizer Ver 2008-05-01-->"C:\Program Files\WildBlue\unins000.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm

Re: Help with computer please

Unread postby Shaba » November 7th, 2008, 12:46 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.18.8

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:

Deewoo Network Manager removal
RON Tool Agadoo

Delete info.txt from c:\rsit folder

Please run a new RSIT scan when finished and post the logs back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help with computer please

Unread postby bigdalt » November 8th, 2008, 3:22 am

Logfile of random's system information tool 1.04 (written by random/random)
Run by bob at 2008-11-08 01:18:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:55 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\bob\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1DE7301A-9114-4C3A-88FE-25B3393A2EDD} - C:\WINDOWS\system32\ssqNDVOE.dll
O2 - BHO: (no name) - {3EC9496F-8752-49CF-BC8A-E258C8286DAE} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55A326C9-A153-486A-AB09-475C368EC82D} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {D7C7EC17-545F-4859-835C-7EE1BA9B6881} - C:\WINDOWS\system32\byXOiiFY.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DF0657C8-C1C8-482A-AEAB-81B65FA549B8} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: rvaukj.dll saiwnz.dll ablrbv.dll wcrdjx.dll
O20 - Winlogon Notify: ssqNDVOE - C:\WINDOWS\SYSTEM32\ssqNDVOE.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

--
End of file - 5129 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DE7301A-9114-4C3A-88FE-25B3393A2EDD}]
C:\WINDOWS\system32\ssqNDVOE.dll [2008-11-02 33280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC9496F-8752-49CF-BC8A-E258C8286DAE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55A326C9-A153-486A-AB09-475C368EC82D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7C7EC17-545F-4859-835C-7EE1BA9B6881}]
C:\WINDOWS\system32\byXOiiFY.dll [2008-11-02 282112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF0657C8-C1C8-482A-AEAB-81B65FA549B8}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facegame"=C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe [2008-11-02 56832]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\lcntmtdl.exe [2008-11-02 548928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ghfrxusueg]
C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-31 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{D8-8D-D0-07-DW}]
C:\windows\system32\rkwnw64s.exe [2008-11-02 200724]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="rvaukj.dll saiwnz.dll ablrbv.dll wcrdjx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqNDVOE]
C:\WINDOWS\system32\ssqNDVOE.dll [2008-11-02 33280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{1DE7301A-9114-4C3A-88FE-25B3393A2EDD}"=C:\WINDOWS\system32\ssqNDVOE.dll [2008-11-02 33280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\byXOiiFY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-08 01:17:07 ----SH---- C:\WINDOWS\system32\wqsapwpo.ini
2008-11-08 01:16:57 ----A---- C:\WINDOWS\system32\opwpasqw.dll
2008-11-08 01:16:48 ----A---- C:\WINDOWS\system32\wcrdjx.dll
2008-11-08 01:16:38 ----A---- C:\WINDOWS\system32\sgpcrcdr.dll
2008-11-07 05:41:26 ----D---- C:\rsit
2008-11-07 05:33:55 ----AH---- C:\aaw7boot.cmd
2008-11-06 21:31:26 ----D---- C:\Program Files\Lavasoft
2008-11-06 21:31:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-06 21:30:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-06 20:49:37 ----A---- C:\WINDOWS\system32\ablrbv.dll
2008-11-06 20:49:18 ----A---- C:\WINDOWS\system32\hkykrrau.dll
2008-11-06 20:46:28 ----SH---- C:\WINDOWS\system32\gwerowpf.ini
2008-11-06 20:46:21 ----A---- C:\WINDOWS\system32\fpworewg.dll
2008-11-05 19:21:13 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-05 19:17:30 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-05 19:16:35 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-05 17:42:50 ----D---- C:\Documents and Settings\bob\Application Data\Mozilla
2008-11-05 17:16:42 ----SH---- C:\WINDOWS\system32\eqpcmoqn.ini
2008-11-05 17:16:27 ----A---- C:\WINDOWS\system32\nqomcpqe.dll
2008-11-05 17:13:21 ----A---- C:\WINDOWS\system32\saiwnz.dll
2008-11-05 17:13:18 ----A---- C:\WINDOWS\system32\tboolqqh.dll
2008-11-04 22:07:47 ----D---- C:\Program Files\Trend Micro
2008-11-04 21:57:18 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-11-04 21:57:18 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-11-04 21:57:18 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-11-04 21:57:18 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-11-04 21:57:00 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-11-04 21:56:59 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-11-04 21:49:55 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-04 21:45:18 ----D---- C:\Program Files\Mozilla Firefox
2008-11-03 21:57:42 ----SH---- C:\WINDOWS\system32\gdbochfv.ini
2008-11-03 21:57:36 ----A---- C:\WINDOWS\system32\vfhcobdg.dll
2008-11-03 21:57:23 ----A---- C:\WINDOWS\system32\rvaukj.dll
2008-11-03 21:57:20 ----A---- C:\WINDOWS\system32\cvfkjign.dll
2008-11-03 19:02:48 ----A---- C:\WINDOWS\wininit.ini
2008-11-03 18:59:20 ----D---- C:\WINDOWS\fiii
2008-11-03 18:41:59 ----D---- C:\Documents and Settings\bob\Application Data\Gool
2008-11-03 18:36:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-03 18:36:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 21:06:32 ----D---- C:\WINDOWS\Sun
2008-11-02 21:01:33 ----D---- C:\Documents and Settings\bob\Application Data\Macromedia
2008-11-02 20:59:30 ----A---- C:\WINDOWS\system32\gomejg.dll
2008-11-02 20:59:20 ----A---- C:\WINDOWS\system32\ctjvfgim.dll
2008-11-02 20:55:44 ----SH---- C:\WINDOWS\system32\jdkhpwaq.ini
2008-11-02 20:52:59 ----A---- C:\WINDOWS\system32\rkwnw64s.exe
2008-11-02 20:25:50 ----A---- C:\WINDOWS\system32\rhwkbn(2).dll
2008-11-02 18:38:29 ----A---- C:\Documents and Settings\All Users\Application Data\xml81.tmp
2008-11-02 18:38:26 ----A---- C:\Documents and Settings\All Users\Application Data\xml80.tmp
2008-11-02 18:38:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml7F.tmp
2008-11-02 18:30:21 ----A---- C:\WINDOWS\system32\bbee49d6-.txt
2008-11-02 18:29:20 ----ASH---- C:\WINDOWS\system32\YFiiOXyb.ini2
2008-11-02 18:29:19 ----ASH---- C:\WINDOWS\system32\YFiiOXyb.ini
2008-11-02 18:28:50 ----A---- C:\WINDOWS\system32\byXOiiFY.dll
2008-11-02 18:27:02 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-11-02 18:26:33 ----SHD---- C:\WINDOWS\QnJlbmRhIElydmluZw
2008-11-02 18:25:49 ----A---- C:\WINDOWS\system32\lcntmtdl.exe
2008-11-02 18:25:24 ----D---- C:\Documents and Settings\bob\Application Data\Facegame
2008-11-02 18:25:21 ----A---- C:\WINDOWS\system32\g6.exe
2008-11-02 18:24:59 ----D---- C:\WINDOWS\system32\vb
2008-11-02 18:24:59 ----D---- C:\WINDOWS\system32\OT2
2008-11-02 18:24:59 ----D---- C:\WINDOWS\system32\im
2008-11-02 18:24:59 ----D---- C:\WINDOWS\system32\FPX
2008-11-02 18:24:21 ----D---- C:\WINDOWS\system32\QI02
2008-11-02 18:24:21 ----D---- C:\Temp
2008-11-02 18:23:35 ----A---- C:\WINDOWS\system32\ssqNDVOE.dll
2008-11-02 18:23:35 ----A---- C:\WINDOWS\system32\fccbXooo.dll
2008-11-02 18:03:39 ----D---- C:\Program Files\iPod
2008-11-02 18:03:34 ----D---- C:\Program Files\iTunes
2008-11-02 18:03:34 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-02 18:02:39 ----D---- C:\Program Files\Bonjour
2008-11-02 18:01:19 ----D---- C:\Program Files\QuickTime
2008-10-31 17:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-31 17:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-31 17:03:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-31 16:52:10 ----D---- C:\Documents and Settings\bob\Application Data\LimeWire
2008-10-31 16:51:36 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-31 16:51:36 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-31 16:51:36 ----A---- C:\WINDOWS\system32\java.exe
2008-10-31 16:51:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-31 16:50:53 ----D---- C:\Program Files\Java
2008-10-31 16:45:39 ----D---- C:\Documents and Settings\bob\Application Data\Sun
2008-10-31 16:41:41 ----D---- C:\Program Files\LimeWire
2008-10-31 16:12:00 ----A---- C:\Documents and Settings\All Users\Application Data\xml4.tmp
2008-10-31 16:12:00 ----A---- C:\Documents and Settings\All Users\Application Data\xml3.tmp
2008-10-31 16:12:00 ----A---- C:\Documents and Settings\All Users\Application Data\xml2.tmp
2008-10-31 16:12:00 ----A---- C:\Documents and Settings\All Users\Application Data\xml1.tmp
2008-10-31 16:10:15 ----D---- C:\Documents and Settings\bob\Application Data\Windows Search
2008-10-30 13:01:53 ----A---- C:\WINDOWS\RtlRack.ini
2008-10-30 12:11:00 ----D---- C:\Documents and Settings\bob\Application Data\Windows Desktop Search
2008-10-30 12:10:36 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-10-30 12:10:36 ----D---- C:\Program Files\Windows Desktop Search
2008-10-30 12:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-10-30 12:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-10-30 12:04:42 ----RSD---- C:\WINDOWS\assembly
2008-10-30 12:04:42 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-30 12:04:39 ----D---- C:\WINDOWS\system32\URTTemp
2008-10-30 11:52:38 ----D---- C:\WINDOWS\ie7updates
2008-10-30 11:23:49 ----D---- C:\WINDOWS\Prefetch
2008-10-30 11:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-30 11:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-30 11:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-30 11:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-30 11:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-30 11:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-30 11:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-30 11:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-30 11:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-30 11:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-30 11:20:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-30 11:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-30 11:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-30 11:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-30 11:14:50 ----D---- C:\WINDOWS\system32\scripting
2008-10-30 11:14:50 ----D---- C:\WINDOWS\l2schemas
2008-10-30 11:14:49 ----D---- C:\WINDOWS\system32\en
2008-10-30 11:14:49 ----D---- C:\WINDOWS\system32\bits
2008-10-30 11:12:41 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-30 11:09:15 ----D---- C:\WINDOWS\network diagnostic
2008-10-30 11:02:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-30 10:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-30 10:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-30 10:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-30 10:29:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-30 10:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-30 10:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-30 10:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-30 10:28:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-30 10:28:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-30 10:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-30 10:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-30 10:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-30 10:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-30 10:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-30 10:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-30 10:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-30 10:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-30 10:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-30 10:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-30 10:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-30 10:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-30 10:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-30 10:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-30 10:26:35 ----D---- C:\WINDOWS\WBEM
2008-10-30 10:26:34 ----D---- C:\WINDOWS\system32\en-US
2008-10-30 10:25:10 ----HDC---- C:\WINDOWS\ie7
2008-10-30 10:25:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-10-30 10:24:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-10-30 10:24:39 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-30 10:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-30 10:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-10-30 10:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-30 10:09:08 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-30 10:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-30 09:14:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-30 09:14:11 ----A---- C:\WINDOWS\avrack.ini
2008-10-30 09:13:55 ----D---- C:\Program Files\Realtek AC97
2008-10-30 08:44:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution

======List of files/folders modified in the last 1 months======

2008-11-08 01:17:31 ----D---- C:\WINDOWS\system32
2008-11-08 01:15:51 ----D---- C:\WINDOWS
2008-11-08 01:15:46 ----D---- C:\WINDOWS\Temp
2008-11-08 00:27:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-07 05:33:54 ----RSD---- C:\WINDOWS\Fonts
2008-11-06 21:32:43 ----SHD---- C:\WINDOWS\Installer
2008-11-06 21:31:26 ----RD---- C:\Program Files
2008-11-06 21:31:26 ----D---- C:\WINDOWS\system32\drivers
2008-11-06 21:30:39 ----D---- C:\Program Files\Common Files
2008-11-06 21:04:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-05 19:44:31 ----HD---- C:\WINDOWS\inf
2008-11-05 19:22:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-05 19:17:24 ----D---- C:\Program Files\Windows Media Player
2008-11-05 19:17:00 ----D---- C:\WINDOWS\Help
2008-11-05 19:16:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-04 07:12:32 ----SD---- C:\Documents and Settings\bob\Application Data\Microsoft
2008-11-03 20:36:32 ----SH---- C:\boot.ini
2008-11-03 20:36:32 ----A---- C:\WINDOWS\win.ini
2008-11-03 20:36:32 ----A---- C:\WINDOWS\system.ini
2008-11-03 20:36:20 ----D---- C:\WINDOWS\pss
2008-11-02 20:49:08 ----D---- C:\WINDOWS\system32\config
2008-11-02 20:48:55 ----D---- C:\WINDOWS\system32\wbem
2008-11-02 20:48:53 ----D---- C:\WINDOWS\Registration
2008-11-02 20:47:10 ----D---- C:\WINDOWS\system32\Restore
2008-11-02 18:04:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-02 18:01:34 ----D---- C:\Program Files\Common Files\Apple
2008-11-02 17:57:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 17:11:24 ----A---- C:\WINDOWS\imsins.BAK
2008-10-31 17:08:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-31 16:27:05 ----D---- C:\Program Files\Apple Software Update
2008-10-31 16:24:58 ----SD---- C:\WINDOWS\Tasks
2008-10-30 12:50:10 ----D---- C:\WINDOWS\WinSxS
2008-10-30 12:49:06 ----D---- C:\Program Files\Internet Explorer
2008-10-30 12:10:44 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-30 11:24:47 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-30 11:24:07 ----A---- C:\WINDOWS\setuplog.txt
2008-10-30 11:23:07 ----D---- C:\WINDOWS\system32\Setup
2008-10-30 11:23:07 ----D---- C:\WINDOWS\AppPatch
2008-10-30 11:19:58 ----D---- C:\Program Files\Messenger
2008-10-30 11:19:30 ----D---- C:\WINDOWS\security
2008-10-30 11:15:09 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-30 11:15:08 ----D---- C:\WINDOWS\ime
2008-10-30 11:14:51 ----D---- C:\WINDOWS\system32\usmt
2008-10-30 11:14:49 ----D---- C:\WINDOWS\PeerNet
2008-10-30 11:14:49 ----D---- C:\Program Files\Movie Maker
2008-10-30 11:12:25 ----D---- C:\WINDOWS\system32\npp
2008-10-30 11:12:25 ----D---- C:\WINDOWS\mui
2008-10-30 11:12:23 ----D---- C:\WINDOWS\msagent
2008-10-30 11:12:22 ----D---- C:\WINDOWS\srchasst
2008-10-30 11:12:21 ----D---- C:\Program Files\NetMeeting
2008-10-30 11:12:19 ----D---- C:\WINDOWS\system32\Com
2008-10-30 11:12:16 ----D---- C:\Program Files\Windows NT
2008-10-30 11:12:16 ----D---- C:\Program Files\Outlook Express
2008-10-30 11:12:11 ----D---- C:\Program Files\Common Files\System
2008-10-30 11:11:43 ----D---- C:\WINDOWS\system32\oobe
2008-10-30 11:11:41 ----D---- C:\WINDOWS\system
2008-10-30 11:02:30 ----D---- C:\WINDOWS\ehome
2008-10-30 10:40:52 ----D---- C:\WINDOWS\Debug
2008-10-30 10:39:46 ----D---- C:\Program Files\ATI Technologies
2008-10-30 10:26:27 ----D---- C:\WINDOWS\Media
2008-10-30 09:50:57 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-30 09:14:11 ----D---- C:\Program Files\AvRack
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-13 225664]
R1 tosdvdd;tosdvdd; C:\WINDOWS\System32\drivers\tosdvdd.sys [2008-11-02 86144]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
R3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMDM.sys [2001-08-17 871388]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 RTL8023;NETGEAR GA311 Gigabit Adapter NDIS Driver; C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS [2006-10-30 67456]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\nvmfdx32.sys [2007-01-15 1032104]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-31 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-23 98488]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-26 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-08 01:18:58

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lexmark X5100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SiSoftware Sandra Lite XII.SP2c-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Test My Hardware 2.4-->"C:\Program Files\Test My Hardware\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
WildBlue Optimizer Ver 2008-05-01-->"C:\Program Files\WildBlue\unins000.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm

Re: Help with computer please

Unread postby Shaba » November 8th, 2008, 5:47 am

Thank you :)

I see no antivirus installed so that is the next step.

Download and install one antivirus from below:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that, please rename HijackThis.exe to bigdalt,exe and post back a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help with computer please

Unread postby bigdalt » November 9th, 2008, 11:13 pm

i have ad-aware and spybot search and destory
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm

Re: Help with computer please

Unread postby Shaba » November 10th, 2008, 5:32 am

Yes but those are no antivirus programs, they are antispywares and don't protect same way as antiviruses.

Please install one antivirus from my list next :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help with computer please

Unread postby bigdalt » November 13th, 2008, 7:08 pm

Logfile of random's system information tool 1.04 (written by random/random)
Run by bob at 2008-11-13 17:06:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (61%) free of 38 GB
Total RAM: 1023 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:46 PM, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Documents and Settings\bob\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1DE7301A-9114-4C3A-88FE-25B3393A2EDD} - C:\WINDOWS\system32\ssqNDVOE.dll (file missing)
O2 - BHO: (no name) - {3EC9496F-8752-49CF-BC8A-E258C8286DAE} - (no file)
O2 - BHO: (no name) - {4C11E9F4-C545-4049-A7FF-43B14EBA411F} - C:\WINDOWS\system32\byXOiiFY.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55A326C9-A153-486A-AB09-475C368EC82D} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {D7C7EC17-545F-4859-835C-7EE1BA9B6881} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DF0657C8-C1C8-482A-AEAB-81B65FA549B8} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: rvaukj.dll saiwnz.dll ablrbv.dll wcrdjx.dll ztwanl.dll
O20 - Winlogon Notify: ssqNDVOE - ssqNDVOE.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

--
End of file - 6041 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DE7301A-9114-4C3A-88FE-25B3393A2EDD}]
C:\WINDOWS\system32\ssqNDVOE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC9496F-8752-49CF-BC8A-E258C8286DAE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C11E9F4-C545-4049-A7FF-43B14EBA411F}]
C:\WINDOWS\system32\byXOiiFY.dll [2008-11-02 282112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55A326C9-A153-486A-AB09-475C368EC82D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7C7EC17-545F-4859-835C-7EE1BA9B6881}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF0657C8-C1C8-482A-AEAB-81B65FA549B8}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facegame"=C:\Documents and Settings\bob\Application Data\Facegame\Facegame.exe [2008-11-02 56832]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\lcntmtdl.exe [2008-11-02 548928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ghfrxusueg]
C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-31 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{D8-8D-D0-07-DW}]
C:\windows\system32\rkwnw64s.exe [2008-11-02 200724]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="rvaukj.dll saiwnz.dll ablrbv.dll wcrdjx.dll ztwanl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqNDVOE]
ssqNDVOE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{1DE7301A-9114-4C3A-88FE-25B3393A2EDD}"=C:\WINDOWS\system32\ssqNDVOE.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\byXOiiFY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-13 16:47:27 ----D---- C:\Program Files\Avira
2008-11-13 16:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-11-13 07:10:18 ----A---- C:\WINDOWS\system32\ztwanl.dll
2008-11-13 07:10:09 ----A---- C:\WINDOWS\system32\xdfeptrd.dll
2008-11-08 01:47:59 ----D---- C:\Documents and Settings\bob\Application Data\Adobe
2008-11-08 01:17:07 ----ASH---- C:\WINDOWS\system32\wqsapwpo.ini
2008-11-08 01:16:57 ----A---- C:\WINDOWS\system32\opwpasqw.dll
2008-11-08 01:16:48 ----A---- C:\WINDOWS\system32\wcrdjx.dll
2008-11-08 01:16:38 ----A---- C:\WINDOWS\system32\sgpcrcdr.dll
2008-11-07 05:41:26 ----D---- C:\rsit
2008-11-07 05:33:55 ----AH---- C:\aaw7boot.cmd
2008-11-06 21:31:26 ----D---- C:\Program Files\Lavasoft
2008-11-06 21:31:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-06 21:30:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-06 20:49:18 ----A---- C:\WINDOWS\system32\hkykrrau.dll
2008-11-06 20:46:28 ----ASH---- C:\WINDOWS\system32\gwerowpf.ini
2008-11-06 20:46:21 ----A---- C:\WINDOWS\system32\fpworewg.dll
2008-11-05 19:21:13 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-11-05 19:17:30 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-05 19:16:35 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-05 17:42:50 ----D---- C:\Documents and Settings\bob\Application Data\Mozilla
2008-11-05 17:16:42 ----ASH---- C:\WINDOWS\system32\eqpcmoqn.ini
2008-11-05 17:16:27 ----A---- C:\WINDOWS\system32\nqomcpqe.dll
2008-11-05 17:13:21 ----A---- C:\WINDOWS\system32\saiwnz.dll
2008-11-05 17:13:18 ----A---- C:\WINDOWS\system32\tboolqqh.dll
2008-11-04 22:07:47 ----D---- C:\Program Files\Trend Micro
2008-11-04 21:57:18 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-11-04 21:57:18 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-11-04 21:57:18 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-11-04 21:57:18 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-11-04 21:57:00 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-11-04 21:56:59 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-11-04 21:49:55 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-04 21:45:18 ----D---- C:\Program Files\Mozilla Firefox
2008-11-03 21:57:42 ----ASH---- C:\WINDOWS\system32\gdbochfv.ini
2008-11-03 21:57:36 ----A---- C:\WINDOWS\system32\vfhcobdg.dll
2008-11-03 21:57:23 ----A---- C:\WINDOWS\system32\rvaukj.dll
2008-11-03 21:57:20 ----A---- C:\WINDOWS\system32\cvfkjign.dll
2008-11-03 19:02:48 ----A---- C:\WINDOWS\wininit.ini
2008-11-03 18:59:20 ----D---- C:\WINDOWS\fiii
2008-11-03 18:41:59 ----D---- C:\Documents and Settings\bob\Application Data\Gool
2008-11-03 18:36:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-03 18:36:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 21:06:32 ----D---- C:\WINDOWS\Sun
2008-11-02 21:01:33 ----D---- C:\Documents and Settings\bob\Application Data\Macromedia
2008-11-02 20:59:30 ----A---- C:\WINDOWS\system32\gomejg.dll
2008-11-02 20:59:20 ----A---- C:\WINDOWS\system32\ctjvfgim.dll
2008-11-02 20:55:44 ----ASH---- C:\WINDOWS\system32\jdkhpwaq.ini
2008-11-02 20:52:59 ----A---- C:\WINDOWS\system32\rkwnw64s.exe
2008-11-02 20:25:50 ----A---- C:\WINDOWS\system32\rhwkbn(2).dll
2008-11-02 18:38:29 ----A---- C:\Documents and Settings\All Users\Application Data\xml81.tmp
2008-11-02 18:38:26 ----A---- C:\Documents and Settings\All Users\Application Data\xml80.tmp
2008-11-02 18:38:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml7F.tmp
2008-11-02 18:30:21 ----A---- C:\WINDOWS\system32\bbee49d6-.txt
2008-11-02 18:29:20 ----ASH---- C:\WINDOWS\system32\YFiiOXyb.ini2
2008-11-02 18:29:19 ----ASH---- C:\WINDOWS\system32\YFiiOXyb.ini
2008-11-02 18:28:50 ----A---- C:\WINDOWS\system32\byXOiiFY.dll
2008-11-02 18:27:02 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-11-02 18:26:33 ----SHD---- C:\WINDOWS\QnJlbmRhIElydmluZw
2008-11-02 18:25:49 ----A---- C:\WINDOWS\system32\lcntmtdl.exe
2008-11-02 18:25:24 ----D---- C:\Documents and Settings\bob\Application Data\Facegame
2008-11-02 18:25:21 ----A---- C:\WINDOWS\system32\g6.exe
2008-11-02 18:24:59 ----D---- C:\WINDOWS\system32\vb
2008-11-02 18:24:59 ----D---- C:\WINDOWS\system32\OT2
2008-11-02 18:24:59 ----D---- C:\WINDOWS\system32\im
2008-11-02 18:24:59 ----D---- C:\WINDOWS\system32\FPX
2008-11-02 18:24:21 ----D---- C:\WINDOWS\system32\QI02
2008-11-02 18:24:21 ----D---- C:\Temp
2008-11-02 18:23:35 ----A---- C:\WINDOWS\system32\fccbXooo.dll
2008-11-02 18:23:35 ----A---- C:\ARK9.tmp
2008-11-02 18:03:39 ----D---- C:\Program Files\iPod
2008-11-02 18:03:34 ----D---- C:\Program Files\iTunes
2008-11-02 18:03:34 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-02 18:02:39 ----D---- C:\Program Files\Bonjour
2008-11-02 18:01:19 ----D---- C:\Program Files\QuickTime
2008-10-31 17:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-31 17:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-31 17:03:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-31 16:52:10 ----D---- C:\Documents and Settings\bob\Application Data\LimeWire
2008-10-31 16:51:36 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-31 16:51:36 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-31 16:51:36 ----A---- C:\WINDOWS\system32\java.exe
2008-10-31 16:51:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-31 16:50:53 ----D---- C:\Program Files\Java
2008-10-31 16:45:39 ----D---- C:\Documents and Settings\bob\Application Data\Sun
2008-10-31 16:41:41 ----D---- C:\Program Files\LimeWire
2008-10-31 16:12:00 ----A---- C:\Documents and Settings\All Users\Application Data\xml4.tmp
2008-10-31 16:12:00 ----A---- C:\Documents and Settings\All Users\Application Data\xml3.tmp
2008-10-31 16:12:00 ----A---- C:\Documents and Settings\All Users\Application Data\xml2.tmp
2008-10-31 16:12:00 ----A---- C:\Documents and Settings\All Users\Application Data\xml1.tmp
2008-10-31 16:10:15 ----D---- C:\Documents and Settings\bob\Application Data\Windows Search
2008-10-30 13:01:53 ----A---- C:\WINDOWS\RtlRack.ini
2008-10-30 12:11:00 ----D---- C:\Documents and Settings\bob\Application Data\Windows Desktop Search
2008-10-30 12:10:36 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-10-30 12:10:36 ----D---- C:\Program Files\Windows Desktop Search
2008-10-30 12:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-10-30 12:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-10-30 12:04:42 ----RSD---- C:\WINDOWS\assembly
2008-10-30 12:04:42 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-30 12:04:39 ----D---- C:\WINDOWS\system32\URTTemp
2008-10-30 11:52:38 ----D---- C:\WINDOWS\ie7updates
2008-10-30 11:23:49 ----D---- C:\WINDOWS\Prefetch
2008-10-30 11:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-30 11:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-30 11:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-30 11:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-30 11:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-30 11:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-30 11:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-30 11:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-30 11:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-30 11:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-30 11:20:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-30 11:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-30 11:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-30 11:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-30 11:14:50 ----D---- C:\WINDOWS\system32\scripting
2008-10-30 11:14:50 ----D---- C:\WINDOWS\l2schemas
2008-10-30 11:14:49 ----D---- C:\WINDOWS\system32\en
2008-10-30 11:14:49 ----D---- C:\WINDOWS\system32\bits
2008-10-30 11:12:41 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-30 11:09:15 ----D---- C:\WINDOWS\network diagnostic
2008-10-30 11:02:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-30 10:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-30 10:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-30 10:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-30 10:29:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-30 10:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-30 10:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-30 10:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-30 10:28:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-30 10:28:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-30 10:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-30 10:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-30 10:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-30 10:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-30 10:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-30 10:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-30 10:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-30 10:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-30 10:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-30 10:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-30 10:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-30 10:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-30 10:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-30 10:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-30 10:26:35 ----D---- C:\WINDOWS\WBEM
2008-10-30 10:26:34 ----D---- C:\WINDOWS\system32\en-US
2008-10-30 10:25:10 ----HDC---- C:\WINDOWS\ie7
2008-10-30 10:25:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-10-30 10:24:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-10-30 10:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-30 10:24:39 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-10-30 10:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-10-30 10:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-30 10:09:08 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-30 10:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-30 09:14:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-30 09:14:11 ----A---- C:\WINDOWS\avrack.ini
2008-10-30 09:13:55 ----D---- C:\Program Files\Realtek AC97
2008-10-30 08:44:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution

======List of files/folders modified in the last 1 months======

2008-11-13 17:06:58 ----D---- C:\WINDOWS\Temp
2008-11-13 17:02:16 ----D---- C:\WINDOWS\system32
2008-11-13 16:48:44 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-13 16:47:35 ----D---- C:\WINDOWS\system32\drivers
2008-11-13 16:47:27 ----RD---- C:\Program Files
2008-11-13 07:08:56 ----D---- C:\WINDOWS
2008-11-12 21:20:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-09 20:34:05 ----SD---- C:\Documents and Settings\bob\Application Data\Microsoft
2008-11-07 05:33:54 ----RSD---- C:\WINDOWS\Fonts
2008-11-06 21:32:43 ----SHD---- C:\WINDOWS\Installer
2008-11-06 21:30:39 ----D---- C:\Program Files\Common Files
2008-11-05 19:44:31 ----HD---- C:\WINDOWS\inf
2008-11-05 19:22:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-05 19:17:24 ----D---- C:\Program Files\Windows Media Player
2008-11-05 19:17:00 ----D---- C:\WINDOWS\Help
2008-11-05 19:16:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-03 20:36:32 ----SH---- C:\boot.ini
2008-11-03 20:36:32 ----A---- C:\WINDOWS\win.ini
2008-11-03 20:36:32 ----A---- C:\WINDOWS\system.ini
2008-11-03 20:36:20 ----D---- C:\WINDOWS\pss
2008-11-02 20:49:08 ----D---- C:\WINDOWS\system32\config
2008-11-02 20:48:55 ----D---- C:\WINDOWS\system32\wbem
2008-11-02 20:48:53 ----D---- C:\WINDOWS\Registration
2008-11-02 20:47:10 ----D---- C:\WINDOWS\system32\Restore
2008-11-02 18:04:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-02 18:01:34 ----D---- C:\Program Files\Common Files\Apple
2008-11-02 17:57:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 17:11:24 ----A---- C:\WINDOWS\imsins.BAK
2008-10-31 17:08:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-31 16:27:05 ----D---- C:\Program Files\Apple Software Update
2008-10-31 16:24:58 ----SD---- C:\WINDOWS\Tasks
2008-10-30 12:50:10 ----D---- C:\WINDOWS\WinSxS
2008-10-30 12:49:06 ----D---- C:\Program Files\Internet Explorer
2008-10-30 12:10:44 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-30 11:24:47 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-30 11:24:07 ----A---- C:\WINDOWS\setuplog.txt
2008-10-30 11:23:07 ----D---- C:\WINDOWS\system32\Setup
2008-10-30 11:23:07 ----D---- C:\WINDOWS\AppPatch
2008-10-30 11:19:58 ----D---- C:\Program Files\Messenger
2008-10-30 11:19:30 ----D---- C:\WINDOWS\security
2008-10-30 11:15:09 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-30 11:15:08 ----D---- C:\WINDOWS\ime
2008-10-30 11:14:51 ----D---- C:\WINDOWS\system32\usmt
2008-10-30 11:14:49 ----D---- C:\WINDOWS\PeerNet
2008-10-30 11:14:49 ----D---- C:\Program Files\Movie Maker
2008-10-30 11:12:25 ----D---- C:\WINDOWS\system32\npp
2008-10-30 11:12:25 ----D---- C:\WINDOWS\mui
2008-10-30 11:12:23 ----D---- C:\WINDOWS\msagent
2008-10-30 11:12:22 ----D---- C:\WINDOWS\srchasst
2008-10-30 11:12:21 ----D---- C:\Program Files\NetMeeting
2008-10-30 11:12:19 ----D---- C:\WINDOWS\system32\Com
2008-10-30 11:12:16 ----D---- C:\Program Files\Windows NT
2008-10-30 11:12:16 ----D---- C:\Program Files\Outlook Express
2008-10-30 11:12:11 ----D---- C:\Program Files\Common Files\System
2008-10-30 11:11:43 ----D---- C:\WINDOWS\system32\oobe
2008-10-30 11:11:41 ----D---- C:\WINDOWS\system
2008-10-30 11:02:30 ----D---- C:\WINDOWS\ehome
2008-10-30 10:40:52 ----D---- C:\WINDOWS\Debug
2008-10-30 10:39:46 ----D---- C:\Program Files\ATI Technologies
2008-10-30 10:26:27 ----D---- C:\WINDOWS\Media
2008-10-30 09:50:57 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-30 09:14:11 ----D---- C:\Program Files\AvRack
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-13 225664]
R1 tosdvdd;tosdvdd; C:\WINDOWS\System32\drivers\tosdvdd.sys [2008-11-02 86144]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
R3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMDM.sys [2001-08-17 871388]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 RTL8023;NETGEAR GA311 Gigabit Adapter NDIS Driver; C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS [2006-10-30 67456]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\nvmfdx32.sys [2007-01-15 1032104]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-31 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-23 98488]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-26 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm

Re: Help with computer please

Unread postby Shaba » November 14th, 2008, 5:14 am

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help with computer please

Unread postby bigdalt » November 15th, 2008, 10:36 pm

ComboFix 08-11-13.01 - bob 2008-11-15 7:55:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.654 [GMT -6:00]
Running from: c:\documents and settings\bob\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\bob\Application Data\Facegame
c:\documents and settings\bob\Application Data\Facegame\Facegame.exe
c:\documents and settings\bob\Application Data\Gool
c:\documents and settings\bob\Application Data\Gool\Gool.exe
c:\documents and settings\bob\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\bob\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\bob\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\tn3
c:\windows\system32\ctjvfgim.dll
c:\windows\system32\drivers\core.cache(2).dsk
c:\windows\system32\drivers\core.cache(3).dsk
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\drivers\tosdvdd.sys
c:\windows\system32\eqpcmoqn.ini
c:\windows\system32\gdbochfv.ini
c:\windows\system32\gomejg.dll
c:\windows\system32\gwerowpf.ini
c:\windows\system32\jdkhpwaq.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSINET.oca
c:\windows\system32\nqomcpqe.dll
c:\windows\system32\opwpasqw.dll
c:\windows\system32\pac.txt
c:\windows\system32\rhwkbn(2).dll
c:\windows\system32\rkwnw64s.exe
c:\windows\system32\sgpcrcdr.dll
c:\windows\system32\winpfz33.sys
c:\windows\system32\wqsapwpo.ini
c:\windows\system32\xdfeptrd.dll
c:\windows\system32\YFiiOXyb.ini
c:\windows\system32\YFiiOXyb.ini2
c:\windows\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_TOSDVDD
-------\Service_tosdvdd


((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.

2008-11-15 07:45 . 2008-11-15 07:45 127 --a------ c:\windows\system32\MRT.INI
2008-11-14 00:49 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 00:46 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 16:47 . 2008-11-13 16:47 <DIR> d-------- c:\program files\Avira
2008-11-13 16:47 . 2008-11-13 16:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-07 05:41 . 2008-11-08 01:18 <DIR> d-------- C:\rsit
2008-11-07 05:33 . 2008-11-07 05:33 84 --ah----- C:\aaw7boot.cmd
2008-11-06 21:31 . 2008-11-06 21:31 <DIR> d-------- c:\program files\Lavasoft
2008-11-06 21:31 . 2008-11-06 21:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 21:30 . 2008-11-06 21:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-05 19:17 . 2008-11-05 19:17 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-05 17:43 . 2008-11-05 17:43 0 --a------ c:\windows\nsreg.dat
2008-11-05 17:39 . 2008-11-06 21:12 4,062,621 --a------ C:\Breaking Benjamin - The Dairy Of Jane.mp3
2008-11-04 22:07 . 2008-11-04 22:07 <DIR> d-------- c:\program files\Trend Micro
2008-11-04 21:57 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-11-04 21:57 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-11-04 21:57 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-11-04 21:57 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-11-04 21:57 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-11-04 21:57 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-11-04 21:57 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-11-04 21:57 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-11-04 21:57 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-11-04 21:57 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2008-11-04 21:56 . 2008-04-13 19:09 6,144 --a------ c:\windows\system32\kbd106.dll
2008-11-04 21:56 . 2008-04-13 19:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2008-11-03 19:02 . 2008-11-12 21:09 534 --a------ c:\windows\wininit.ini
2008-11-03 18:59 . 2008-11-03 18:59 <DIR> d-------- c:\windows\fiii
2008-11-03 18:36 . 2008-11-03 20:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-03 18:36 . 2008-11-03 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 22:05 . 2008-11-02 22:05 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-02 21:06 . 2008-11-02 21:06 <DIR> d-------- c:\windows\Sun
2008-11-02 18:27 . 2008-11-02 18:27 147,456 --a------ c:\windows\system32\vbzip10.dll
2008-11-02 18:26 . 2008-11-07 05:33 <DIR> d--hs---- c:\windows\QnJlbmRhIElydmluZw
2008-11-02 18:25 . 2008-11-02 18:26 548,928 --a------ c:\windows\system32\lcntmtdl.exe
2008-11-02 18:25 . 2008-11-02 18:25 153,483 --a------ c:\windows\system32\g6.exe
2008-11-02 18:24 . 2008-11-02 18:25 <DIR> d-------- c:\windows\system32\vb
2008-11-02 18:24 . 2008-11-02 18:24 <DIR> d-------- c:\windows\system32\QI02
2008-11-02 18:24 . 2008-11-07 05:33 <DIR> d-------- c:\windows\system32\OT2
2008-11-02 18:24 . 2008-11-07 05:33 <DIR> d-------- c:\windows\system32\im
2008-11-02 18:24 . 2008-11-02 18:24 <DIR> d-------- c:\windows\system32\FPX
2008-11-02 18:24 . 2008-11-02 18:24 <DIR> d-------- c:\temp\NT32
2008-11-02 18:24 . 2008-11-15 07:56 <DIR> d-------- C:\Temp
2008-11-02 18:03 . 2008-11-02 18:04 <DIR> d-------- c:\program files\iTunes
2008-11-02 18:03 . 2008-11-02 18:03 <DIR> d-------- c:\program files\iPod
2008-11-02 18:03 . 2008-11-02 18:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-02 18:02 . 2008-11-02 18:02 <DIR> d-------- c:\program files\Bonjour
2008-11-02 18:01 . 2008-11-02 18:02 <DIR> d-------- c:\program files\QuickTime
2008-10-31 17:03 . 2006-02-28 06:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-31 17:03 . 2008-11-05 19:19 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-10-31 17:03 . 2008-11-05 19:19 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-10-31 16:52 . 2008-11-07 05:50 <DIR> d-------- c:\documents and settings\bob\Application Data\LimeWire
2008-10-31 16:51 . 2008-10-31 16:51 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-31 16:51 . 2008-10-31 16:51 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-31 16:50 . 2008-10-31 16:50 <DIR> d-------- c:\program files\Java
2008-10-31 16:41 . 2008-11-08 01:17 <DIR> d-------- c:\program files\LimeWire
2008-10-31 16:10 . 2008-10-31 16:10 <DIR> d-------- c:\documents and settings\bob\Application Data\Windows Search
2008-10-30 13:01 . 2008-10-31 16:56 169 --a------ c:\windows\RtlRack.ini
2008-10-30 12:14 . 2008-10-30 12:14 0 --a------ c:\windows\ativpsrm.bin
2008-10-30 12:11 . 2008-10-30 12:11 <DIR> d-------- c:\documents and settings\bob\Application Data\Windows Desktop Search
2008-10-30 12:10 . 2008-10-30 12:10 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-30 12:10 . 2008-10-30 12:10 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-30 12:10 . 2008-03-07 11:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-30 12:10 . 2008-03-07 11:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-30 12:10 . 2008-03-07 11:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-30 12:04 . 2008-10-30 12:05 <DIR> d-------- c:\windows\system32\URTTemp
2008-10-30 11:14 . 2008-10-30 11:14 <DIR> d-------- c:\windows\system32\scripting
2008-10-30 11:14 . 2008-10-30 11:14 <DIR> d-------- c:\windows\system32\en
2008-10-30 11:14 . 2008-10-30 11:14 <DIR> d-------- c:\windows\system32\bits
2008-10-30 11:14 . 2008-10-30 11:14 <DIR> d-------- c:\windows\l2schemas
2008-10-30 11:12 . 2008-10-30 11:12 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-30 10:54 . 2004-08-03 21:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-10-30 10:54 . 2004-08-03 21:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys
2008-10-30 10:54 . 2004-08-03 21:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys
2008-10-30 10:54 . 2004-07-17 21:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty
2008-10-30 10:54 . 2004-08-03 21:41 11,868 --------- c:\windows\system32\drivers\mdmxsdk.sys
2008-10-30 10:13 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-30 10:13 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-30 10:13 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-30 10:13 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-30 10:13 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-30 10:13 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-30 10:12 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-30 10:12 . 2008-08-14 04:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-10-30 10:11 . 2008-04-11 13:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-30 10:10 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-10-30 10:10 . 2008-06-13 05:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-30 10:10 . 2008-05-08 08:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-30 09:50 . 2008-10-30 09:50 <DIR> d--hs---- c:\documents and settings\bob\UserData
2008-10-30 09:14 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini
2008-10-30 09:13 . 2008-10-30 09:14 <DIR> d-------- c:\program files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 00:01 --------- d-----w c:\program files\Common Files\Apple
2008-10-31 22:27 --------- d-----w c:\program files\Apple Software Update
2008-10-30 16:39 --------- d-----w c:\program files\ATI Technologies
2008-10-30 15:14 --------- d-----w c:\program files\AvRack
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-08 11:37 --------- d-----w c:\program files\EA GAMES
2008-10-08 01:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-04 12:18 --------- d-----w c:\documents and settings\bob\Application Data\Apple Computer
2008-09-24 21:42 --------- d-----w c:\program files\ABBYY FineReader 5.0 Sprint
2008-09-24 21:40 --------- d-----w c:\program files\Lexmark X5100 Series
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rvaukj.dll saiwnz.dll ablrbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
--a------ 2008-11-02 18:26 548928 c:\windows\system32\lcntmtdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
--a------ 2003-03-04 06:49 86100 c:\program files\Lexmark X5100 Series\lxbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-31 16:51 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-23 98488]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1DE7301A-9114-4C3A-88FE-25B3393A2EDD} - c:\windows\system32\ssqNDVOE.dll
BHO-{3EC9496F-8752-49CF-BC8A-E258C8286DAE} - (no file)
BHO-{4C11E9F4-C545-4049-A7FF-43B14EBA411F} - c:\windows\system32\byXOiiFY.dll
BHO-{55A326C9-A153-486A-AB09-475C368EC82D} - (no file)
BHO-{D7C7EC17-545F-4859-835C-7EE1BA9B6881} - (no file)
BHO-{DF0657C8-C1C8-482A-AEAB-81B65FA549B8} - (no file)
HKCU-Run-Facegame - c:\documents and settings\bob\Application Data\Facegame\Facegame.exe
ShellExecuteHooks-{1DE7301A-9114-4C3A-88FE-25B3393A2EDD} - c:\windows\system32\ssqNDVOE.dll
Notify-ssqNDVOE - ssqNDVOE.dll
MSConfigStartUp-ghfrxusueg - c:\windows\system32\npxugxcjvrcych.dll
MSConfigStartUp-Host Process - c:\windows\Fonts\svchost.exe
MSConfigStartUp-{D8-8D-D0-07-DW} - c:\windows\system32\rkwnw64s.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\bob\Application Data\Mozilla\Firefox\Profiles\d9jljfwt.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 08:03:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
.
**************************************************************************
.
Completion time: 2008-11-15 8:08:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-15 14:08:21

Pre-Run: 24,114,667,520 bytes free
Post-Run: 24,057,073,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

264 --- E O F --- 2008-11-15 13:45:28


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:56 PM, on 11/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: rvaukj.dll saiwnz.dll ablrbv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

--
End of file - 4842 bytes
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm

Re: Help with computer please

Unread postby Shaba » November 16th, 2008, 6:07 am

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\system32\lcntmtdl.exe
c:\windows\system32\g6.exe

Folder::
c:\windows\QnJlbmRhIElydmluZw
c:\windows\system32\vb
c:\windows\system32\QI02
c:\windows\system32\OT2
c:\windows\system32\im
c:\windows\system32\FPX
c:\temp\NT32
c:\documents and settings\bob\Application Data\LimeWire
c:\program files\LimeWire

DirLook::
c:\windows\fiii

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help with computer please

Unread postby bigdalt » November 16th, 2008, 10:49 am

ComboFix 08-11-13.01 - bob 2008-11-16 8:39:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.656 [GMT -6:00]
Running from: c:\documents and settings\bob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bob\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\g6.exe
c:\windows\system32\lcntmtdl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\bob\Application Data\LimeWire
c:\documents and settings\bob\Application Data\LimeWire\active.mojito
c:\documents and settings\bob\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\bob\Application Data\LimeWire\createtimes.cache
c:\documents and settings\bob\Application Data\LimeWire\downloads.dat
c:\documents and settings\bob\Application Data\LimeWire\fileurns.bak
c:\documents and settings\bob\Application Data\LimeWire\fileurns.cache
c:\documents and settings\bob\Application Data\LimeWire\filters.props
c:\documents and settings\bob\Application Data\LimeWire\gnutella.net
c:\documents and settings\bob\Application Data\LimeWire\installation.props
c:\documents and settings\bob\Application Data\LimeWire\library.dat
c:\documents and settings\bob\Application Data\LimeWire\limewire.props
c:\documents and settings\bob\Application Data\LimeWire\mojito.props
c:\documents and settings\bob\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\bob\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\bob\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\bob\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\bob\Application Data\LimeWire\questions.props
c:\documents and settings\bob\Application Data\LimeWire\responses.cache
c:\documents and settings\bob\Application Data\LimeWire\simpp.xml
c:\documents and settings\bob\Application Data\LimeWire\spam.dat
c:\documents and settings\bob\Application Data\LimeWire\tables.props
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\bob\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\bob\Application Data\LimeWire\version.xml
c:\documents and settings\bob\Application Data\LimeWire\versions.props
c:\documents and settings\bob\Application Data\LimeWire\xml\data\audio.sxml2
c:\program files\LimeWire
c:\program files\LimeWire\Incomplete\CORRUPT-0-Drowning Pool - Let the bodies hit the floor!.mp3
c:\program files\LimeWire\Incomplete\CORRUPT-0-Five Finger Death Punch - Stranger Than Fiction .mp3
c:\program files\LimeWire\Incomplete\CORRUPT-0-Shinedown - I Dare You.mp3
c:\program files\LimeWire\Incomplete\T-3473408-Saliva - Ladies and Gentlemen.mp3
c:\program files\LimeWire\Incomplete\T-3620284-Trapt-Waiting.mp3
c:\program files\LimeWire\Incomplete\T-4062749-Breaking Benjerman - The Diary Of Jane.mp3
c:\program files\LimeWire\Incomplete\T-4943535-Rage Against The Machine - Bullet In Your Head.mp3
c:\program files\LimeWire\Incomplete\T-5053684-KoRn - Hold On.mp3
c:\program files\LimeWire\Incomplete\T-5091726-Disturbed - 10000 Fists.mp3
c:\program files\LimeWire\Incomplete\T-5173794-Korn - Evolution.mp3
c:\program files\LimeWire\Incomplete\T-5270395-Disturbed - Prayer.mp3
c:\program files\LimeWire\Incomplete\T-5844671-Breaking Benjamin - Firefly.mp3
c:\program files\LimeWire\Incomplete\T-5926285-Secondhand Serenade - It's Not Over.mp3
c:\program files\LimeWire\Incomplete\T-6926336-Breaking Benjamin - Breath.mp3
c:\program files\LimeWire\Incomplete\T-7263939-Bullet For My Valentine - The Poison.mp3
c:\program files\LimeWire\Incomplete\T-8349657-Breaking Benjamin - Until The End.mp3
c:\temp\NT32
c:\temp\NT32\zBV.log
c:\windows\QnJlbmRhIElydmluZw
c:\windows\system32\FPX
c:\windows\system32\FPX\PID556DL.exe
c:\windows\system32\g6.exe
c:\windows\system32\im
c:\windows\system32\lcntmtdl.exe
c:\windows\system32\OT2
c:\windows\system32\QI02
c:\windows\system32\QI02\QI022328.exe
c:\windows\system32\vb

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 07:45 . 2008-11-15 07:45 127 --a------ c:\windows\system32\MRT.INI
2008-11-14 00:49 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 00:46 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 16:47 . 2008-11-13 16:47 <DIR> d-------- c:\program files\Avira
2008-11-13 16:47 . 2008-11-13 16:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-07 05:41 . 2008-11-08 01:18 <DIR> d-------- C:\rsit
2008-11-07 05:33 . 2008-11-07 05:33 84 --ah----- C:\aaw7boot.cmd
2008-11-06 21:31 . 2008-11-06 21:31 <DIR> d-------- c:\program files\Lavasoft
2008-11-06 21:31 . 2008-11-06 21:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 21:30 . 2008-11-06 21:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-05 19:17 . 2008-11-05 19:17 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-05 17:43 . 2008-11-05 17:43 0 --a------ c:\windows\nsreg.dat
2008-11-05 17:39 . 2008-11-06 21:12 4,062,621 --a------ C:\Breaking Benjamin - The Dairy Of Jane.mp3
2008-11-04 22:07 . 2008-11-04 22:07 <DIR> d-------- c:\program files\Trend Micro
2008-11-04 21:57 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-11-04 21:57 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-11-04 21:57 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-11-04 21:57 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-11-04 21:57 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-11-04 21:57 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-11-04 21:57 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-11-04 21:57 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-11-04 21:57 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-11-04 21:57 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2008-11-04 21:56 . 2008-04-13 19:09 6,144 --a------ c:\windows\system32\kbd106.dll
2008-11-04 21:56 . 2008-04-13 19:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2008-11-03 19:02 . 2008-11-12 21:09 534 --a------ c:\windows\wininit.ini
2008-11-03 18:59 . 2008-11-03 18:59 <DIR> d-------- c:\windows\fiii
2008-11-03 18:36 . 2008-11-03 20:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-03 18:36 . 2008-11-03 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 22:05 . 2008-11-02 22:05 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-02 21:06 . 2008-11-02 21:06 <DIR> d-------- c:\windows\Sun
2008-11-02 18:27 . 2008-11-02 18:27 147,456 --a------ c:\windows\system32\vbzip10.dll
2008-11-02 18:24 . 2008-11-16 08:40 <DIR> d-------- C:\Temp
2008-11-02 18:03 . 2008-11-02 18:04 <DIR> d-------- c:\program files\iTunes
2008-11-02 18:03 . 2008-11-02 18:03 <DIR> d-------- c:\program files\iPod
2008-11-02 18:03 . 2008-11-02 18:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-02 18:02 . 2008-11-02 18:02 <DIR> d-------- c:\program files\Bonjour
2008-11-02 18:01 . 2008-11-02 18:02 <DIR> d-------- c:\program files\QuickTime
2008-10-31 17:03 . 2006-02-28 06:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-31 17:03 . 2008-11-05 19:19 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-10-31 17:03 . 2008-11-05 19:19 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-10-31 16:51 . 2008-10-31 16:51 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-31 16:51 . 2008-10-31 16:51 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-31 16:50 . 2008-10-31 16:50 <DIR> d-------- c:\program files\Java
2008-10-31 16:10 . 2008-10-31 16:10 <DIR> d-------- c:\documents and settings\bob\Application Data\Windows Search
2008-10-30 13:01 . 2008-10-31 16:56 169 --a------ c:\windows\RtlRack.ini
2008-10-30 12:14 . 2008-10-30 12:14 0 --a------ c:\windows\ativpsrm.bin
2008-10-30 12:11 . 2008-10-30 12:11 <DIR> d-------- c:\documents and settings\bob\Application Data\Windows Desktop Search
2008-10-30 12:10 . 2008-10-30 12:10 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-30 12:10 . 2008-10-30 12:10 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-30 12:10 . 2008-03-07 11:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-30 12:10 . 2008-03-07 11:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-30 12:10 . 2008-03-07 11:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-30 12:04 . 2008-10-30 12:05 <DIR> d-------- c:\windows\system32\URTTemp
2008-10-30 11:14 . 2008-10-30 11:14 <DIR> d-------- c:\windows\system32\scripting
2008-10-30 11:14 . 2008-10-30 11:14 <DIR> d-------- c:\windows\system32\en
2008-10-30 11:14 . 2008-10-30 11:14 <DIR> d-------- c:\windows\system32\bits
2008-10-30 11:14 . 2008-10-30 11:14 <DIR> d-------- c:\windows\l2schemas
2008-10-30 11:12 . 2008-10-30 11:12 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-30 10:54 . 2004-08-03 21:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-10-30 10:54 . 2004-08-03 21:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys
2008-10-30 10:54 . 2004-08-03 21:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys
2008-10-30 10:54 . 2004-07-17 21:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty
2008-10-30 10:54 . 2004-08-03 21:41 11,868 --------- c:\windows\system32\drivers\mdmxsdk.sys
2008-10-30 10:13 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-30 10:13 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-30 10:13 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-30 10:13 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-30 10:13 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-30 10:13 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-30 10:12 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-30 10:12 . 2008-08-14 04:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-10-30 10:11 . 2008-04-11 13:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-30 10:10 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-10-30 10:10 . 2008-06-13 05:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-30 10:10 . 2008-05-08 08:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-30 09:50 . 2008-10-30 09:50 <DIR> d--hs---- c:\documents and settings\bob\UserData
2008-10-30 09:14 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini
2008-10-30 09:13 . 2008-10-30 09:14 <DIR> d-------- c:\program files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 00:01 --------- d-----w c:\program files\Common Files\Apple
2008-10-31 22:27 --------- d-----w c:\program files\Apple Software Update
2008-10-30 16:39 --------- d-----w c:\program files\ATI Technologies
2008-10-30 15:14 --------- d-----w c:\program files\AvRack
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-08 11:37 --------- d-----w c:\program files\EA GAMES
2008-10-08 01:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-04 12:18 --------- d-----w c:\documents and settings\bob\Application Data\Apple Computer
2008-09-24 21:42 --------- d-----w c:\program files\ABBYY FineReader 5.0 Sprint
2008-09-24 21:40 --------- d-----w c:\program files\Lexmark X5100 Series
2008-09-24 02:17 311,296 ----a-w c:\windows\system32\SET14.tmp
2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\SET1D.tmp
2008-09-24 01:12 573,440 ----a-w c:\windows\system32\SET17.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 15:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\fiii ----

2008-11-03 19:02 4371 --a------ c:\windows\fiii\fiii.dat
2002-07-26 17:02 153088 --a------ c:\windows\fiii\wu


((((((((((((((((((((((((((((( snapshot@2008-11-15_ 8.07.20.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 02:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2008-06-27 21:03:55 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-11-16 02:19:44 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-11-16 14:36:44 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-16 14:14:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
--a------ 2003-03-04 06:49 86100 c:\program files\Lexmark X5100 Series\lxbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-31 16:51 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-23 98488]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ExploreUpdSched - c:\windows\system32\lcntmtdl.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 08:41:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-16 8:44:30
ComboFix-quarantined-files.txt 2008-11-16 14:43:42
ComboFix2.txt 2008-11-15 14:08:46

Pre-Run: 24,057,135,104 bytes free
Post-Run: 24,048,390,144 bytes free

270 --- E O F --- 2008-11-15 13:45:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:57 AM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

--
End of file - 4800 bytes
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware