Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Malware/possible trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Malware/possible trojan

Unread postby gizgiz » July 24th, 2008, 8:52 am

Was surfing the net, accidentally clicked on a popup and after a while, AVG reported I had a trojan (generic).

Some visible changes:

  • Icons are popping up
  • Wallpaper involuntarily changed
  • Quicklaunch icons changed (virus removal links)
  • Task manager disabled
  • C drive (which exists) cannot be found (not listed in Explorer)
  • Clock changed to "HH:MM: VIRUS ALERT"
  • Start menu blank

Any and all help appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23: VIRUS ALERT!, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\chinson\LOCALS~1\Temp\vistasp1.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: fdkowvbp - {9AEDF0D6-CAA4-4F20-8D07-CF85F7D81482} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE KOCOM KMC-90 Web Camera
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lphcemkj0e9d7] C:\WINDOWS\system32\lphcemkj0e9d7.exe
O4 - HKLM\..\Run: [Sys73.exe] C:\Windows\Sys73.exe
O4 - HKLM\..\Run: [Sys74.exe] C:\Windows\Sys74.exe
O4 - HKLM\..\Run: [Sys75.exe] C:\Windows\Sys75.exe
O4 - HKLM\..\Run: [Sys76.exe] C:\Windows\Sys76.exe
O4 - HKLM\..\Run: [SMrhcamkj0e9d7] C:\Program Files\rhcamkj0e9d7\rhcamkj0e9d7.exe
O4 - HKLM\..\Run: [4cd4a7f9] rundll32.exe "C:\WINDOWS\system32\qnbcmkox.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Sys73.exe] C:\Windows\Sys73.exe
O4 - HKCU\..\Run: [Sys74.exe] C:\Windows\Sys74.exe
O4 - HKCU\..\Run: [Sys75.exe] C:\Windows\Sys75.exe
O4 - HKCU\..\Run: [Sys76.exe] C:\Windows\Sys76.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?034bea1b1061437eaad46dde7e9b5084
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?034bea1b1061437eaad46dde7e9b5084
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-U ... E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: eqvwamkl - {22B285CE-6681-4967-9DD8-0278026EA450} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {0640A29A-EA7A-4D84-8310-4BBADD78A3DD} - C:\WINDOWS\wnslvxtf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10132 bytes
gizgiz
Active Member
 
Posts: 2
Joined: July 24th, 2008, 8:36 am
Top
Advertisement
Register to Remove

Re: Malware/possible trojan

Unread postby Shaba » July 25th, 2008, 2:26 am

Hi gizgiz

Rename HijackThis.exe to gizgiz.exe.

After that:

If you already have SDFix, please delete this copy and download it again as it's being updated regularly.

  1. Please download SDFix by AndyManchesta and save it to your desktop.
  2. Double click on SDFix.exe. By default, it will install to C:\.
  3. Click on Install.

Please print out or save this set of instructions as you will not have internet access during the fix.

Next, boot into Safe Mode.

:!: Let me know if you can't boot into Safe Mode. Do not continue with the fixes.

  1. When you see BIOS screen, start pressing F8.
  2. A boot menu will appear shortly.
  3. Using the up down arrows, select Safe Mode and press the Enter key.
  4. Windows will now load.
  5. Log in to your usual account.
  6. Navigate to C:\SDfix (if you installed it to the default location, otherwise, locate where you installed it)
  7. Double click on RunThis.bat
  8. Type Y to begin the cleanup process.
  9. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  10. Press any key to reboot.
  11. When the PC restarts the tool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  12. Once the desktop icons load, the SDFix report will open on screen. You can also find the report in SDFix folder, named Report.txt.

Post:

- a fresh HijackThis log
- SDFix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Malware/possible trojan

Unread postby gizgiz » July 25th, 2008, 6:01 am

Hi there

Thanks for the quick reply. As requested - Report.txt and a new HJT logfile.

HJT Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:27, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lphcemkj0e9d7.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\anything.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: (no name) - {00A848AD-EBED-4FF3-8151-F869DCEE9598} - C:\WINDOWS\system32\tuvVPgGA.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - D:\eREAD6.0\IEeREAD.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - D:\eREAD6.0\WebHook.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE KOCOM KMC-90 Web Camera
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lphcemkj0e9d7] C:\WINDOWS\system32\lphcemkj0e9d7.exe
O4 - HKLM\..\Run: [Sys73.exe] C:\Windows\Sys73.exe
O4 - HKLM\..\Run: [Sys74.exe] C:\Windows\Sys74.exe
O4 - HKLM\..\Run: [Sys75.exe] C:\Windows\Sys75.exe
O4 - HKLM\..\Run: [Sys76.exe] C:\Windows\Sys76.exe
O4 - HKLM\..\Run: [4cd4a7f9] rundll32.exe "C:\WINDOWS\system32\ybpqnhss.dll",b
O4 - HKLM\..\Run: [SMrhcamkj0e9d7] C:\Program Files\rhcamkj0e9d7\rhcamkj0e9d7.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Sys73.exe] C:\Windows\Sys73.exe
O4 - HKCU\..\Run: [Sys74.exe] C:\Windows\Sys74.exe
O4 - HKCU\..\Run: [Sys75.exe] C:\Windows\Sys75.exe
O4 - HKCU\..\Run: [Sys76.exe] C:\Windows\Sys76.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?034bea1b1061437eaad46dde7e9b5084
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?034bea1b1061437eaad46dde7e9b5084
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-U ... E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11016 bytes


Report.txt by SDFix


SDFix: Version 1.208
Run by chinson on 07/25/2008 Fri at 17:11

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\efcbxyww.dll - Deleted
C:\WINDOWS\SYSTEM32\PHCEMK~1.BMP - Deleted
C:\WINDOWS\SYSTEM32\BLPHCE~1.SCR - Deleted
C:\WINDOWS\EEGL.EXE - Deleted
C:\Documents and Settings\chinson\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk - Deleted
C:\Documents and Settings\chinson\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk - Deleted
C:\Documents and Settings\chinson\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\chinson\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\chinson\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\chinson\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\chinson\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\chinson\Favorites\Spyware&Malware Protection.url - Deleted
C:\Program Files\VAV\vav.cpl - Deleted
C:\Program Files\VAV\vav.ooo - Deleted
C:\Program Files\VAV\vav0.dat - Deleted
C:\Program Files\VAV\vav1.dat - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt1.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt2.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt5.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt54.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt59.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt5A.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt5E.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt6.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt60.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt61.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt64.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt6A.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt6B.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt6C.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt6E.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt6F.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt70.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt72.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt73.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt74.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt75.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt77.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt7A.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt85.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt87.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt8B.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt8C.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt93.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.tt9D.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttA0.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttA2.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttA7.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttAA.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttAC.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttAE.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttB3.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttB8.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttBA.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttBD.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttBF.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttC1.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttC3.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttC5.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttC9.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttCC.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\.ttCD.tmp - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\lwpwer.exe.bat - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\scksexde.exe.bat - Deleted
C:\WINDOWS\nfavxwdbtav.dll - Deleted
C:\Documents and Settings\chinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\lwpwer.exe.bat - Deleted
C:\DOCUME~1\chinson\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\WINDOWS\eqvwamkl.dll - Deleted
C:\WINDOWS\fdkowvbp.dll - Deleted
C:\WINDOWS\grswptdl.exe - Deleted
C:\WINDOWS\wnslvxtf.dll - Deleted



Folder C:\Documents and Settings\chinson\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 - Removed
Folder C:\Program Files\VAV - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 17:39:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:6311788e
"s2"=dword:a591b851
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fa,f3,d5,84,c1,f7,e6,cc,7e,80,7e,cf,50,b0,db,b9,6d,fd,e2,9b,88,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,13,bc,3f,3d,b8,d0,32,16,cf,22,72,f1,25,a1,1d,fa,95,..
"khjeh"=hex:80,e9,7d,1b,12,f3,80,b6,40,6e,99,61,f0,52,57,ce,c9,59,ec,a0,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:40,00,c2,4a,d9,4f,f0,14,b4,d3,d3,72,1e,17,57,c4,df,cd,7c,17,67,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fa,83,5e,72,63,40,24,36,07,22,c6,c5,49,63,91,57,35,67,39,36,f7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fa,f3,d5,84,c1,f7,e6,cc,7e,80,7e,cf,50,b0,db,b9,6d,fd,e2,9b,88,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,13,bc,3f,3d,b8,d0,32,16,cf,22,72,f1,25,a1,1d,fa,95,..
"khjeh"=hex:80,e9,7d,1b,12,f3,80,b6,40,6e,99,61,f0,52,57,ce,c9,59,ec,a0,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:40,00,c2,4a,d9,4f,f0,14,b4,d3,d3,72,1e,17,57,c4,df,cd,7c,17,67,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fa,83,5e,72,63,40,24,36,07,22,c6,c5,49,63,91,57,35,67,39,36,f7,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER ]
"DisplayName"="SUPER ?Version 2007.bld.22 (Mar 14, 2007)"
"UninstallString"="C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0"
"InstallDate"="2007-03-21 22:44:51"
"InstallLocation"="C:\Program Files\eRightSoft\SUPER"
"InstallSource"="C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\UB6JAH6N"
"DisplayIcon"="C:\Program Files\eRightSoft\SUPER\SUPER.exe"
"DisplayVersion"="Version 2007.bld.22 (Mar 14, 2007)"
"VersionMajor"=dword:00000000
"VersionMinor"=dword:00000000
"Publisher"="eRightSoft"
"HelpLink"="http://www.eRightSoft.com"
"URLInfoAbout"="http://www.eRightSoft.com"
"URLUpdateInfo"="http://www.eRightSoft.com"
"Contact"="support@eRightSoft.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"0? & 0?(P) (TrueType)????????"="DFFN_N3.TTC"
"0POP10W7 & 0POP10W7(P) (TrueType)??????"="DFFN_P7.TTC"
"0\x304450 & 0\x304450(P) (TrueType)??????????"="DFFN_B5.TTC"
"0O?& 0O?P) (TrueType)????????"="DTCN_K6.TTC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000ad
"TracesSuccessful"=dword:00000003
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D1700D94-253D-8F8B-62CA-EC69B59DD185}]
"abpoelhbeeckdnhhidbmldedfebndnbkpb"=hex:61,61,00,00
"bbpoelhbeeckdnhhidimaefihecjamobmlon"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\softnyx\\GunBound\\GunBound.gme"="C:\\Program Files\\softnyx\\GunBound\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\softnyx\\GunBound\\GunBound.exe"="C:\\Program Files\\softnyx\\GunBound\\GunBound.exe:*:Enabled:GunBound Startup Application"
"C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\drjoefo\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\drjoefo\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\drjoefo\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\drjoefo\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MAIET\\Gunz\\BAReport.exe"="C:\\Program Files\\MAIET\\Gunz\\BAReport.exe:*:Enabled:BAReport"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\softnyx\\Rakion\\Bin\\Rakion.bin"="C:\\Program Files\\softnyx\\Rakion\\Bin\\Rakion.bin:*:Enabled:Rakion"
"C:\\Program Files\\Steam\\SteamApps\\kchan\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\kchan\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\kchan\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\kchan\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\06719571a8f8b454dbcc06fb28efc20c\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\06719571a8f8b454dbcc06fb28efc20c\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\06719571a8f8b454dbcc06fb28efc20c\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\06719571a8f8b454dbcc06fb28efc20c\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Program Files\\TVU Player\\TVUPlayer.exe"="C:\\Program Files\\TVU Player\\TVUPlayer.exe:*:Enabled:TVUPlayer"
"C:\\Program Files\\adidas\\The Impossible Team Online Game\\Leading.exe"="C:\\Program Files\\adidas\\The Impossible Team Online Game\\Leading.exe:*:Enabled:Leading"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\PPLive\\PPlive.exe"="C:\\Program Files\\PPLive\\PPlive.exe:*:Enabled:PPLive"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe:*:Enabled:Football Manager 2007"
"C:\\Program Files\\Steam\\SteamApps\\kchan\\dedicated server\\hlds.exe"="C:\\Program Files\\Steam\\SteamApps\\kchan\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"="C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe:*:Enabled:Comrade"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\Photoshop Album Starter Edition.exe"="C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\Photoshop Album Starter Edition.exe:*:Enabled:Adobe Photoshop Album Starter Edition 3.0"
"C:\\Program Files\\Java\\jdk1.6.0\\bin\\javaw.exe"="C:\\Program Files\\Java\\jdk1.6.0\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\softnyx\\WolfTeam\\Wolfteam.bin"="C:\\Program Files\\softnyx\\WolfTeam\\Wolfteam.bin:*:Enabled:WolfTeam"
"C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe:*:Enabled:D-Link AirPlus Utility"
"D:\\Program Files\\Adobe\\Adobe Bridge CS3\\Bridge.exe"="D:\\Program Files\\Adobe\\Adobe Bridge CS3\\Bridge.exe:*:Enabled:Adobe Bridge CS3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\EA SPORTS\\NBA LIVE 06\\nbalive06.exe"="C:\\Program Files\\EA SPORTS\\NBA LIVE 06\\nbalive06.exe:*:Enabled:NBA LIVE 06"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"="D:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"="D:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:¦ÌTorrent"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 15 Aug 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 1 May 2007 1,552,896 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL0002.tmp"
Sun 6 May 2007 1,585,152 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL0003.tmp"
Sun 28 Jan 2007 28,160 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL0004.tmp"
Mon 7 May 2007 1,591,296 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL0005.tmp"
Wed 26 Sep 2007 61,440 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL0006.tmp"
Wed 9 May 2007 1,596,416 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL0480.tmp"
Tue 23 Jan 2007 22,016 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL1035.tmp"
Fri 18 May 2007 2,277,888 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL1240.tmp"
Sun 28 Jan 2007 25,600 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL2785.tmp"
Thu 17 May 2007 1,839,104 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL3651.tmp"
Sun 28 Jan 2007 25,600 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL3684.tmp"
Sun 28 Jan 2007 25,600 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL3751.tmp"
Sun 28 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\chinson\My Documents\~WRL3860.tmp"
Mon 19 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT4B.tmp"
Mon 1 Oct 2007 368,640 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temp\isp3F.tmp\_Setup.dll"
Mon 1 Oct 2007 368,640 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temp\isp61.tmp\_Setup.dll"
Mon 1 Oct 2007 368,640 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temp\isp94.tmp\_Setup.dll"
Mon 1 Oct 2007 368,640 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temp\ispCD.tmp\_Setup.dll"
Fri 16 Dec 2005 3,236,352 A..HR --- "C:\Documents and Settings\chinson\Local Settings\Temp\WDM\alcwdm64.sys"
Fri 16 Dec 2005 3,842,560 A..HR --- "C:\Documents and Settings\chinson\Local Settings\Temp\WDM\alcxwdm.sys"
Mon 27 Aug 2007 76,288 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temp\_PASFX981\7Z.DLL"
Mon 15 Aug 2005 4,348 ...H. --- "C:\Documents and Settings\chinson\My Documents\My Music\License Backup\drmv1key.bak"
Fri 25 Aug 2006 20 A..H. --- "C:\Documents and Settings\chinson\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 15 Aug 2005 400 A.SH. --- "C:\Documents and Settings\chinson\My Documents\My Music\License Backup\drmv2key.bak"
Wed 11 Jul 2007 18,783 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk141.tmp"
Thu 14 Dec 2006 4,776 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk28A.tmp"
Thu 14 Dec 2006 349 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk28C.tmp"
Thu 14 Dec 2006 8,724 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk28E.tmp"
Thu 14 Dec 2006 351 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk290.tmp"
Thu 14 Dec 2006 1,951 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk292.tmp"
Thu 14 Dec 2006 2,483 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk294.tmp"
Thu 14 Dec 2006 4,266 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk296.tmp"
Thu 14 Dec 2006 419 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk298.tmp"
Thu 14 Dec 2006 4,776 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk2C9.tmp"
Thu 14 Dec 2006 349 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk2CB.tmp"
Thu 14 Dec 2006 8,724 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk2CD.tmp"
Thu 14 Dec 2006 351 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk2CF.tmp"
Thu 14 Dec 2006 1,951 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk2D1.tmp"
Thu 14 Dec 2006 2,483 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk2D3.tmp"
Thu 14 Dec 2006 4,266 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk2D5.tmp"
Thu 14 Dec 2006 419 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\wbk2D7.tmp"
Wed 10 Jan 2007 5,318,240 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\GameSpy\Comrade\updates\ComradeFull142.exe"
Wed 29 Aug 2007 786 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.bak"
Wed 29 Aug 2007 14,283 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.bak"
Wed 29 Aug 2007 18,064 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.bak"
Wed 29 Aug 2007 20,648 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.bak"
Wed 29 Aug 2007 8,740 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.bak"
Wed 29 Aug 2007 1,510 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.bak"
Wed 29 Aug 2007 361 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.bak"
Wed 29 Aug 2007 451 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.bak"
Wed 29 Aug 2007 11,085 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.bak"
Wed 29 Aug 2007 361 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.bak"
Wed 29 Aug 2007 393 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.bak"
Tue 10 Aug 2004 126,976 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\epic_eula.dll"
Mon 2 Aug 2004 159,744 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Setup.exe"
Mon 21 Apr 2003 245,408 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\unicows.dll"
Fri 23 Jul 1993 210,944 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Ffactory\Msvcrt10.dll"
Thu 6 May 2004 121 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowNetworkScratch_OFF_D.reg"
Thu 6 May 2004 134 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowNetworkScratch_ON.reg"
Thu 6 May 2004 123 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowRemovableScrtch_OFF_D.reg"
Thu 6 May 2004 136 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowRemovableScrtch_ON.reg"
Thu 6 May 2004 117 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysImportClipbd_OFF_D.reg"
Thu 6 May 2004 130 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysImportClipbd_ON.reg"
Thu 6 May 2004 114 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysShowPalettes_OFF_D.reg"
Thu 6 May 2004 127 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysShowPalettes_ON.reg"
Thu 6 May 2004 124 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverRGBBlitCheck_OFF.reg"
Thu 6 May 2004 111 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverRGBBlitCheck_ON_D.reg"
Thu 6 May 2004 115 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverStickyCrsr_OFF_D.reg"
Thu 6 May 2004 128 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverStickyCrsr_ON.reg"
Thu 6 May 2004 115 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BlitSingleScanLines_OFF_D.reg"
Thu 6 May 2004 128 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BlitSingleScanLines_ON.reg"
Fri 3 Sep 2004 256 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BrokenLargeCursors_OFF.reg"
Fri 3 Sep 2004 256 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BrokenLargeCursors_ON_D.reg"
Thu 6 May 2004 120 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ClipboardSizeLimit_OFF.reg"
Thu 6 May 2004 105 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ClipboardSizeLimit_ON_D.reg"
Thu 6 May 2004 116 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\DisableScratchCmprs_OFF_D.reg"
Thu 6 May 2004 129 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\DisableScratchCmprs_ON.reg"
Thu 6 May 2004 109 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceProgress_OFF_D.reg"
Thu 6 May 2004 122 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceProgress_ON.reg"
Thu 6 May 2004 111 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceVMCompression_OFF_D.reg"
Thu 6 May 2004 124 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceVMCompression_ON.reg"
Thu 6 May 2004 110 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\IgnoreEXIFsRGB_OFF_D.reg"
Thu 6 May 2004 123 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\IgnoreEXIFsRGB_ON.reg"
Thu 6 May 2004 133 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\OptimizeResizeDrawing_OFF.reg"
Thu 6 May 2004 120 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\OptimizeResizeDrawing_ON_D.reg"
Thu 6 May 2004 118 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_NORM_D.reg"
Thu 6 May 2004 131 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_PASS.reg"
Thu 6 May 2004 131 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_PS_PASS.reg"
Thu 6 May 2004 111 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\RememberSlowFiles_OFF_D.reg"
Thu 6 May 2004 124 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\RememberSlowFiles_ON.reg"
Thu 6 May 2004 126 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ShowWindowsThumbnails_OFF.reg"
Thu 6 May 2004 113 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ShowWindowsThumbnails_ON_D.reg"
Thu 6 May 2004 109 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\TaskDebugging_OFF_D.reg"
Thu 6 May 2004 122 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\TaskDebugging_ON.reg"
Thu 6 May 2004 109 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UnlimitedPreviews_OFF_D.reg"
Thu 6 May 2004 124 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UnlimitedPreviews_ON.reg"
Thu 6 May 2004 119 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncIO_OFF.reg"
Thu 6 May 2004 106 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncIO_ON_D.reg"
Thu 6 May 2004 111 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncScratch_OFF_D.reg"
Thu 6 May 2004 124 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncScratch_ON.reg"
Thu 6 May 2004 129 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\WarnSavePrefsFailure_OFF.reg"
Thu 6 May 2004 114 A..H. --- "C:\Documents and Settings\chinson\Local Settings\Temporary Internet Files\Content.IE5\8ZFVUCT5\Photoshop TryOut\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\WarnSavePrefsFailure_ON_D.reg"

Finished!


Thanks!
gizgiz
Active Member
 
Posts: 2
Joined: July 24th, 2008, 8:36 am
Top

Re: Malware/possible trojan

Unread postby Shaba » July 25th, 2008, 6:36 am

Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Post:

- a fresh HijackThis log
- combofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Malware/possible trojan

Unread postby Shaba » July 30th, 2008, 1:15 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 432 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index