Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Requesting Help

[Fixed] Hijackthis! Logs - Requesting Help posted in the Security & Safety forums; System loads a BHO on start up every time. I am unable to stop this. System has been cleaned with AVG, Spybot, AD-Aware, etc. to no avail. System is extremely ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-09-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Some Experience
Mr. Wayne - See this Members User comments on their Profile page
Default Requesting Help
System loads a BHO on start up every time. I am unable to stop this. System has been cleaned with AVG, Spybot, AD-Aware, etc. to no avail. System is extremely slow especially when running Foxfire, system often hangs with a google or Yahoo search. However msn searches seem to work OK


Deckard's System Scanner v20071014.68
Run by Wayne Wiseman on 2008-06-09 17:31:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 5.24 GiB (less than 15%) free.

-- HijackThis (run as Wayne Wiseman.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:06 PM, on 6/9/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Wayne Wiseman\Desktop\dss.exe
C:\DOCUME~1\WAYNEW~1\LOCALS~1\TEMPOR~1\Content.IE5 \FVQEK6OF\WAYNEW~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Recordex USA Home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Recordex USA Home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {00552965-7DA5-471C-9703-8CC2084DC3B6} - (no file)
O2 - BHO: (no name) - {4AC3EC89-62E0-4996-AB44-5708066564A3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8CA4689D-056F-4AE2-B174-46D5318BFA0F} - C:\WINDOWS\system32\cbXNfGWP.dll
O2 - BHO: (no name) - {C83F6149-4782-4DAB-A478-96F195A376A2} - C:\WINDOWS\system32\xxyxXRlM.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [BMaf164450] Rundll32.exe "C:\WINDOWS\system32\bkaihqdg.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132523824031
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: xxyxXRlM - C:\WINDOWS\SYSTEM32\xxyxXRlM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6836 bytes
-- Files created between 2008-05-09 and 2008-06-09 -----------------------------
2008-06-09 10:19:43 82944 --a------ C:\WINDOWS\system32\fprbsqgo.dll
2008-06-09 10:16:43 96256 --a------ C:\WINDOWS\system32\kthgnjun.dll
2008-06-09 10:11:23 91136 --a------ C:\WINDOWS\system32\bkaihqdg.dll
2008-06-09 10:10:40 743394 --ahs---- C:\WINDOWS\system32\PWGfNXbc.ini2
2008-06-09 10:10:29 281088 --a------ C:\WINDOWS\system32\cbXNfGWP.dll
2008-06-08 22:10:59 96256 --a------ C:\WINDOWS\system32\jsylwcxo.dll
2008-06-08 22:04:59 91648 --a------ C:\WINDOWS\system32\wuqllmsr.dll
2008-06-08 21:37:56 728875 --ahs---- C:\WINDOWS\system32\MUCJPXyb.ini2
2008-06-08 15:16:35 96256 --a------ C:\WINDOWS\system32\aqnvftut.dll
2008-06-08 15:10:44 82944 --a------ C:\WINDOWS\system32\kbfyskxy.dll
2008-06-08 15:10:31 91648 --a------ C:\WINDOWS\system32\yetgfwah.dll
2008-06-08 14:25:35 735103 --ahs---- C:\WINDOWS\system32\YbdJRXyb.ini2
2008-06-08 12:19:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-08 12:12:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic Anti-Spyware
2008-06-08 10:55:15 82944 --a------ C:\WINDOWS\system32\dqqpsubn.dll
2008-06-08 10:52:14 96256 --a------ C:\WINDOWS\system32\pjmckdrr.dll
2008-06-08 10:49:21 91648 --a------ C:\WINDOWS\system32\vpaipbvp.dll
2008-06-08 10:34:11 728671 --ahs---- C:\WINDOWS\system32\FhjTBcdd.ini2
2008-06-08 10:09:44 82944 --a------ C:\WINDOWS\system32\akeoeond.dll
2008-06-08 10:06:45 96256 --a------ C:\WINDOWS\system32\kkljhsdd.dll
2008-06-08 10:03:52 91648 --a------ C:\WINDOWS\system32\eermcimi.dll
2008-06-07 10:06:21 96256 --a------ C:\WINDOWS\system32\uycnhjkt.dll
2008-06-07 10:03:21 82944 --a------ C:\WINDOWS\system32\flgimrde.dll
2008-06-07 10:02:24 91136 --a------ C:\WINDOWS\system32\agoviwvy.dll
2008-06-06 18:38:40 0 d-------- C:\Program Files\AnswersThatWork
2008-06-06 15:29:16 0 dr-h----- C:\Documents and Settings\Wayne Wiseman\Recent
2008-06-06 10:29:41 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Uniblue
2008-06-06 10:29:27 0 d-------- C:\Program Files\Uniblue
2008-06-06 08:59:48 95744 --a------ C:\WINDOWS\system32\daogbfoj.dll
2008-06-06 08:56:57 83456 --a------ C:\WINDOWS\system32\bgncjmah.dll
2008-06-06 08:56:44 91136 --a------ C:\WINDOWS\system32\weyqvbge.dll
2008-06-06 08:50:42 730206 --ahs---- C:\WINDOWS\system32\AJRtDfhk.ini2
2008-06-05 10:49:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-06-05 09:20:25 94720 --a------ C:\WINDOWS\system32\wkqthreb.dll
2008-06-05 09:14:26 81920 --a------ C:\WINDOWS\system32\yuyfwwjb.dll
2008-06-05 09:13:44 90624 --a------ C:\WINDOWS\system32\sbkjhdlm.dll
2008-06-05 09:08:24 732625 --ahs---- C:\WINDOWS\system32\RCfeLRqr.ini2
2008-06-04 16:41:22 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-04 16:39:29 0 d-------- C:\Program Files\Avi2Dvd
2008-06-04 14:57:59 0 d-------- C:\Program Files\RegCure
2008-06-04 14:36:10 82432 --a------ C:\WINDOWS\system32\ynbrkbkq.dll
2008-06-04 14:23:20 1422 --ahs---- C:\WINDOWS\system32\dcIikUtv.ini2
2008-06-04 12:37:46 82432 --a------ C:\WINDOWS\system32\pipemwxf.dll
2008-06-04 12:36:55 1448 --ahs---- C:\WINDOWS\system32\fhhklnnn.ini2
2008-06-04 12:26:54 28160 --a------ C:\WINDOWS\system32\xxyxXRlM.dll
2008-06-03 16:15:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
2008-06-03 16:09:39 0 d-------- C:\Program Files\Seagate
2008-06-03 16:09:39 0 d-------- C:\Program Files\Common Files\Seagate
2008-06-03 11:23:01 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Tidy Start Menu
2008-06-03 11:22:53 0 d-------- C:\Program Files\Tidy Start Menu
2008-05-26 11:12:28 11532 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-22 10:28:06 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\AdobeUM
2008-05-12 20:11:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-05-12 20:10:38 993216 --a------ C:\WINDOWS\system32\DVC.EXE
2008-05-12 20:10:35 57344 --a------ C:\WINDOWS\system32\StreamIO.dll <Not Verified; dicas digital image coding GmbH; mpegable StreamIO>
2008-05-12 20:10:35 1577045 --a------ C:\WINDOWS\system32\SaFireU.dll <Not Verified; Pinnacle Systems, Inc.; SaFire Unicode Video Processing DLL>
2008-05-12 20:10:35 32256 --a------ C:\WINDOWS\system32\pcleUtil.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Utilities>
2008-05-12 20:10:35 102400 --a------ C:\WINDOWS\system32\pcleSplice.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Splice Module>
2008-05-12 20:10:35 192512 --a------ C:\WINDOWS\system32\pcleIScl.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Image Scaler>
2008-05-12 20:10:35 114688 --a------ C:\WINDOWS\system32\pcleDVdc.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle DV Decoder>
2008-05-12 20:10:35 90112 --a------ C:\WINDOWS\system32\pcleDVcd.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle DV Encoder>
2008-05-12 20:10:35 262144 --a------ C:\WINDOWS\system32\MP4FileLib.dll <Not Verified; dicas digital image coding GmbH; mpegable MP4FileLib>
2008-05-12 20:10:35 262144 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-05-12 20:10:35 94208 --a------ C:\WINDOWS\system32\gbtoolsu.dll <Not Verified; Pinnacle Systems; Studio>
2008-05-12 20:10:35 41984 --a------ C:\WINDOWS\system32\futilu.dll <Not Verified; Pinnacle Systems; Studio>
2008-05-12 20:10:35 163840 --a------ C:\WINDOWS\system32\fileiou.dll <Not Verified; Pinnacle Systems; Studio>
2008-05-12 20:10:35 86016 --a------ C:\WINDOWS\system32\DVResampleru.dll
2008-05-12 20:10:35 778240 --a------ C:\WINDOWS\system32\dvframes.dll <Not Verified; Pinnacle Systems; Studio>
2008-05-12 20:10:35 1372160 --a------ C:\WINDOWS\system32\dsio.dll <Not Verified; Pinnacle Systems; Studio>
2008-05-12 20:10:35 262144 --a------ C:\WINDOWS\system32\dllzAAC.dll <Not Verified; zplane.development; zplane.development zAAC Codec>
2008-05-12 20:10:35 1191936 --a------ C:\WINDOWS\system32\dialogsu.dll <Not Verified; Pinnacle Systems; Studio>
2008-05-12 20:10:34 65536 --a------ C:\WINDOWS\system32\DecimateYUV420.dll <Not Verified; dicas digital image coding GmbH; mpegable Decimate>
2008-05-12 20:10:34 102400 --a------ C:\WINDOWS\system32\CSCSaFX.dll <Not Verified; Pinnacle Systems GmbH; CSCnvrt>
2008-05-12 20:10:34 585728 --a------ C:\WINDOWS\system32\AudioCodec.dll <Not Verified; dicas digital image coding GmbH; mpegable AudioCodec>
2008-05-12 20:10:34 98304 --a------ C:\WINDOWS\system32\ASA_DLL.dll <Not Verified; Pinnacle Systems Inc; Pinnacle Beat Analyzer>
2008-05-12 20:10:34 90112 --a------ C:\WINDOWS\system32\ACnvrtX.dll <Not Verified; Pinnacle Systems GmbH; Audio Converter>
2008-05-12 20:10:34 299008 --a------ C:\WINDOWS\system32\4codeDecoder.dll <Not Verified; dicas digital image coding GmbH; mpegable VideoCodec decoder>
2008-05-12 20:10:34 499712 --a------ C:\WINDOWS\system32\4code.dll <Not Verified; dicas digital image coding GmbH; mpegable VideoCodec>
2008-05-12 19:46:55 153088 --a------ C:\Program Files\UNWISE.EXE
2008-05-12 19:41:37 0 d-------- C:\WINDOWS\Cache
2008-05-12 19:34:03 0 d-------- C:\Program Files\proDAD
2008-05-12 19:26:28 0 d-------- C:\Program Files\AdorageI-SAL
2008-05-12 19:26:28 0 d-------- C:\Program Files\AdorageI-GfxDatas
2008-05-12 19:14:21 401408 --a------ C:\WINDOWS\system32\pvmjpg30.dll <Not Verified; Pegasus Imaging Corporation; PICVideo Codec Suite>
2008-05-12 19:13:53 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-05-12 19:11:58 0 d-------- C:\SmartSound Software
2008-05-12 19:10:12 14165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-05-12 19:10:06 41219 --a------ C:\WINDOWS\RSETPATH.exe <Not Verified; Pinnacle Systems; Pinnacle Systems RSETPATH>
2008-05-12 19:08:25 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2008-05-12 19:07:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-05-12 18:55:37 184320 --a------ C:\WINDOWS\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2008-05-12 18:55:37 73728 --a------ C:\WINDOWS\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2008-05-12 18:55:37 32768 --a------ C:\WINDOWS\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2008-05-12 18:55:37 233472 --a------ C:\WINDOWS\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2008-05-12 18:55:37 41984 --a------ C:\WINDOWS\system32\cacheX.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2008-05-12 18:55:37 126976 --a------ C:\WINDOWS\system32\AVIPrAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2008-05-12 18:55:15 171008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
2008-05-12 18:54:03 138752 --a------ C:\WINDOWS\system32\mase32.dll
2008-05-12 18:54:03 57856 --a------ C:\WINDOWS\system32\masd32.dll
2008-05-12 18:54:03 136192 --a------ C:\WINDOWS\system32\mamc32.dll <Not Verified; ; MAMC32 Dynamic Link Library>
2008-05-12 18:54:03 884736 --a------ C:\WINDOWS\system32\LMUIRes.dll <Not Verified; Fellowes, Inc.; MediaFACE>
2008-05-12 18:54:03 12288 --a------ C:\WINDOWS\system32\LMLRes.dll <Not Verified; Fellowes, Inc.; MediaFACE>
2008-05-12 18:54:02 196096 --a------ C:\WINDOWS\system32\macd32.dll <Not Verified; ; MACD32 Dynamic Link Library>
2008-05-12 18:53:59 27648 --a------ C:\WINDOWS\system32\ma32.dll
2008-05-12 18:52:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-05-12 18:52:08 0 d-------- C:\Program Files\Pinnacle
2008-05-12 18:51:43 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\InstallShield

-- Find3M Report ---------------------------------------------------------------
2008-06-08 23:26:18 0 d-------- C:\Program Files\Lavasoft
2008-06-08 23:25:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 12:16:37 0 d-a------ C:\Program Files\Common Files
2008-06-08 11:29:41 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\SolidDocuments
2008-06-06 15:38:21 0 d-------- C:\Program Files\Microsoft Games
2008-06-05 10:50:07 0 d-------- C:\Program Files\Google
2008-06-04 20:05:37 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Ahead
2008-06-04 13:09:02 0 d-------- C:\Program Files\SpywareBlaster
2008-05-26 10:43:22 0 d-------- C:\Program Files\DivX
2008-05-12 19:17:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 19:10:49 95 --a------ C:\AUTOEXEC.BAT
2008-05-05 09:44:59 0 d-------- C:\Program Files\AVG
2008-05-04 18:46:07 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\ImgBurn
2008-05-04 18:45:24 0 d-------- C:\Program Files\ImgBurn
2008-05-04 18:44:40 0 d-------- C:\Program Files\Cheat Engine
2008-05-04 12:20:33 0 d-------- C:\Program Files\Videocharge Software
2008-04-15 13:47:10 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Watermark Master
2008-04-14 21:15:53 0 d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Adobe
2008-04-14 20:27:21 0 d-------- C:\Program Files\SpywareGuard
2008-04-09 23:03:35 0 d-------- C:\Program Files\QuickTime
2008-04-09 16:44:02 0 d-------- C:\Program Files\Printfil
2008-04-09 16:19:37 73 ---h----- C:\WINDOWS\161491552.dll

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00552965-7DA5-471C-9703-8CC2084DC3B6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AC3EC89-62E0-4996-AB44-5708066564A3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA4689D-056F-4AE2-B174-46D5318BFA0F}]
06/09/2008 10:10 AM 281088 --a------ C:\WINDOWS\system32\cbXNfGWP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C83F6149-4782-4DAB-A478-96F195A376A2}]
06/04/2008 12:26 PM 28160 --a------ C:\WINDOWS\system32\xxyxXRlM.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 02:03 PM]
"S3TRAY2"="S3tray2.exe" [02/25/2003 05:33 AM C:\WINDOWS\system32\S3tray2.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 04:17 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 09:45 AM]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [02/20/2007 02:07 AM]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [08/08/2007 05:47 PM]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [08/08/2007 06:00 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [08/08/2007 05:51 PM]
"VTPreset"="VTPreset.exe" [02/24/2004 09:17 PM C:\WINDOWS\system32\VTPreset.exe]
"BMaf164450"="C:\WINDOWS\system32\bkaihqdg.dll " [06/09/2008 10:11 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
C:\Documents and Settings\Wayne Wiseman\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 8:05:35 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C83F6149-4782-4DAB-A478-96F195A376A2}"= C:\WINDOWS\system32\xxyxXRlM.dll [06/04/2008 12:26 PM 28160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxXRlM]
xxyxXRlM.dll 06/04/2008 12:26 PM 28160 C:\WINDOWS\system32\xxyxXRlM.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\WINDOWS\system32\cbXNfGWP
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"KBD"=C:\HP\KBD\KBD.EXE
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.ex e
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
AutoRun\command- F:\Info.exe folder.htt 480 480


-- End of Deckard's System Scanner: finished at 2008-06-09 17:34:23 ------------
Attached Files
File Type: txt main.txt (23.0 KB, 2 views)


Last edited by Pancake; 06-10-2008 at 01:47 AM. Reason: Copied and pasted for better viewing....
  #2  
Old 06-10-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,543
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Requesting Help
Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
=======================================
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 06-10-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Some Experience
Mr. Wayne - See this Members User comments on their Profile page
Default Re: Requesting Help
Attached are the new reports you requested

ComboFix 08-06-09.7 - Wayne Wiseman 2008-06-10 10:51:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.622 [GMT -4:00]
Running from: C:\Documents and Settings\Wayne Wiseman\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\161491552.dll
C:\WINDOWS\BMaf164450.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AJRtDfhk.ini
C:\WINDOWS\system32\AJRtDfhk.ini2
C:\WINDOWS\system32\akeoeond.dll
C:\WINDOWS\system32\aodxwnmk.dll
C:\WINDOWS\system32\aqnvftut.dll
C:\WINDOWS\system32\bgncjmah.dll
C:\WINDOWS\system32\bjwwfyuy.ini
C:\WINDOWS\system32\bkaihqdg.dll
C:\WINDOWS\system32\daogbfoj.dll
C:\WINDOWS\system32\dcIikUtv.ini
C:\WINDOWS\system32\dcIikUtv.ini2
C:\WINDOWS\system32\dnoeoeka.ini
C:\WINDOWS\system32\dqqpsubn.dll
C:\WINDOWS\system32\edrmiglf.ini
C:\WINDOWS\system32\eermcimi.dll
C:\WINDOWS\system32\fhhklnnn.ini
C:\WINDOWS\system32\fhhklnnn.ini2
C:\WINDOWS\system32\FhjTBcdd.ini
C:\WINDOWS\system32\FhjTBcdd.ini2
C:\WINDOWS\system32\flivqdsm.ini
C:\WINDOWS\system32\fprbsqgo.dll
C:\WINDOWS\system32\fxwmepip.ini
C:\WINDOWS\system32\hamjcngb.ini
C:\WINDOWS\system32\jsylwcxo.dll
C:\WINDOWS\system32\kbfyskxy.dll
C:\WINDOWS\system32\kkljhsdd.dll
C:\WINDOWS\system32\kthgnjun.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msdqvilf.dll
C:\WINDOWS\system32\MUCJPXyb.ini
C:\WINDOWS\system32\MUCJPXyb.ini2
C:\WINDOWS\system32\nbuspqqd.ini
C:\WINDOWS\system32\ogqsbrpf.ini
C:\WINDOWS\system32\omlhsrht.ini
C:\WINDOWS\system32\pipemwxf.dll
C:\WINDOWS\system32\pjmckdrr.dll
C:\WINDOWS\system32\PWGfNXbc.ini
C:\WINDOWS\system32\PWGfNXbc.ini2
C:\WINDOWS\system32\qkbkrbny.ini
C:\WINDOWS\system32\RCfeLRqr.ini
C:\WINDOWS\system32\RCfeLRqr.ini2
C:\WINDOWS\system32\sbkjhdlm.dll
C:\WINDOWS\system32\svrjvyas.dll
C:\WINDOWS\system32\Uttwyyxx.ini
C:\WINDOWS\system32\Uttwyyxx.ini2
C:\WINDOWS\system32\uycnhjkt.dll
C:\WINDOWS\system32\vpaipbvp.dll
C:\WINDOWS\system32\weyqvbge.dll
C:\WINDOWS\system32\wkqthreb.dll
C:\WINDOWS\system32\wuqllmsr.dll
C:\WINDOWS\system32\xxyxXRlM.dll
C:\WINDOWS\system32\YbdJRXyb.ini
C:\WINDOWS\system32\YbdJRXyb.ini2
C:\WINDOWS\system32\yetgfwah.dll
C:\WINDOWS\system32\ynbrkbkq.dll
C:\WINDOWS\system32\yuyfwwjb.dll
C:\WINDOWS\system32\yxksyfbk.ini
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.
2008-06-10 09:38 . 2008-06-10 09:38 281,088 --a------ C:\WINDOWS\system32\xxyywttU.dll
2008-06-09 17:01 . 2008-06-09 17:01 <DIR> d-------- C:\Deckard
2008-06-08 12:19 . 2008-06-08 12:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-08 12:12 . 2008-06-08 12:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic Anti-Spyware
2008-06-07 10:03 . 2008-06-07 10:03 82,944 --a------ C:\WINDOWS\system32\flgimrde.dll
2008-06-07 10:02 . 2008-06-07 10:02 91,136 --a------ C:\WINDOWS\system32\agoviwvy.dll
2008-06-06 18:38 . 2008-06-06 18:38 <DIR> d-------- C:\Program Files\AnswersThatWork
2008-06-06 10:29 . 2008-06-06 11:53 <DIR> d-------- C:\Program Files\Uniblue
2008-06-06 10:29 . 2008-06-06 10:29 <DIR> d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Uniblue
2008-06-05 10:49 . 2008-06-09 18:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-06-04 16:41 . 2008-06-04 16:41 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-04 16:39 . 2008-06-04 19:57 <DIR> d-------- C:\Program Files\Avi2Dvd
2008-06-04 14:57 . 2008-06-04 16:18 <DIR> d-------- C:\Program Files\RegCure
2008-06-03 16:15 . 2008-06-03 16:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
2008-06-03 16:09 . 2008-06-03 16:09 <DIR> d-------- C:\Program Files\Seagate
2008-06-03 16:09 . 2008-06-03 16:10 <DIR> d-------- C:\Program Files\Common Files\Seagate
2008-06-03 11:23 . 2008-06-03 11:23 <DIR> d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Tidy Start Menu
2008-06-03 11:22 . 2008-06-03 11:22 <DIR> d-------- C:\Program Files\Tidy Start Menu
2008-05-26 11:12 . 2008-06-04 10:30 11,532 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-22 10:28 . 2008-05-22 10:28 <DIR> d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\AdobeUM
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:51 . 2008-05-25 10:01 17 --a------ C:\WINDOWS\MovingPicture.ini
2008-05-12 19:46 . 2002-07-26 17:02 153,088 --a------ C:\Program Files\UNWISE.EXE
2008-05-12 19:46 . 2005-12-21 10:14 100,957 --a------ C:\WINDOWS\system32\drivers\emDevice.sys
2008-05-12 19:41 . 2008-05-12 19:41 <DIR> d-------- C:\WINDOWS\Cache
2008-05-12 19:34 . 2008-05-12 19:34 <DIR> d-------- C:\Program Files\proDAD
2008-05-12 19:26 . 2008-05-12 19:26 <DIR> d-------- C:\Program Files\AdorageI-SAL
2008-05-12 19:26 . 2008-05-12 19:28 <DIR> d-------- C:\Program Files\AdorageI-GfxDatas
2008-05-12 19:14 . 2002-09-24 10:12 2,653,888 --a------ C:\WINDOWS\system32\LTRDG13n.OCX
2008-05-12 19:14 . 2002-09-24 10:12 534,192 --a------ C:\WINDOWS\system32\LTRVW13N.OCX
2008-05-12 19:14 . 2002-09-24 10:12 466,624 --a------ C:\WINDOWS\system32\LTRPR13n.DLL
2008-05-12 19:14 . 2005-07-12 13:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2008-05-12 19:14 . 2002-09-24 10:12 194,248 --a------ C:\WINDOWS\system32\LTRFD13n.DLL
2008-05-12 19:11 . 2008-05-12 19:11 <DIR> d-------- C:\SmartSound Software
2008-05-12 19:10 . 2004-02-24 12:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2008-05-12 19:10 . 2005-02-09 11:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-05-12 19:07 . 2008-05-12 19:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-05-12 18:55 . 2006-04-11 16:03 233,472 --a------ C:\WINDOWS\system32\DiskIO.dll
2008-05-12 18:55 . 2006-04-11 16:03 184,320 --a------ C:\WINDOWS\system32\RALMain.dll
2008-05-12 18:55 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-05-12 18:55 . 2004-01-02 13:28 126,976 --a------ C:\WINDOWS\system32\AVIPrAx.dll
2008-05-12 18:55 . 2001-12-11 23:21 73,728 --a------ C:\WINDOWS\system32\MMAviAx.dll
2008-05-12 18:55 . 2007-03-06 17:53 41,984 --a------ C:\WINDOWS\system32\cacheX.dll
2008-05-12 18:55 . 2005-12-12 16:57 32,768 --a------ C:\WINDOWS\system32\MLPagAx.dll
2008-05-12 18:53 . 2003-03-19 06:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-12 18:53 . 2002-01-05 12:18 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-05-12 18:53 . 2003-11-25 05:02 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2008-05-12 18:52 . 2008-05-12 19:12 <DIR> d-------- C:\Program Files\Pinnacle
2008-05-12 18:52 . 2008-05-12 19:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-05-12 18:51 . 2008-05-12 18:51 <DIR> d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-09 03:26 --------- d-----w C:\Program Files\Lavasoft
2008-06-09 03:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 15:29 --------- d-----w C:\Documents and Settings\Wayne Wiseman\Application Data\SolidDocuments
2008-06-08 14:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-06 19:38 --------- d-----w C:\Program Files\Microsoft Games
2008-06-05 14:50 --------- d-----w C:\Program Files\Google
2008-06-05 00:05 --------- d-----w C:\Documents and Settings\Wayne Wiseman\Application Data\Ahead
2008-06-04 18:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-04 17:09 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-04 17:09 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-03 20:10 400,864 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-06-03 20:10 32,768 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-06-03 20:10 120,992 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-26 14:43 --------- d-----w C:\Program Files\DivX
2008-05-12 23:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 13:45 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-05 13:45 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-05 13:44 --------- d-----w C:\Program Files\AVG
2008-05-05 13:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-04 22:46 --------- d-----w C:\Documents and Settings\Wayne Wiseman\Application Data\ImgBurn
2008-05-04 22:45 --------- d-----w C:\Program Files\ImgBurn
2008-05-04 22:44 --------- d-----w C:\Program Files\Cheat Engine
2008-05-04 16:20 --------- d-----w C:\Program Files\Videocharge Software
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-15 17:47 --------- d-----w C:\Documents and Settings\Wayne Wiseman\Application Data\Watermark Master
2008-04-15 00:27 --------- d-----w C:\Program Files\SpywareGuard
2008-04-10 03:03 --------- d-----w C:\Program Files\QuickTime
2008-04-09 20:44 10,534 ----a-w C:\Documents and Settings\All Users.WINDOWS\rndismp.sys
2008-01-15 21:32 31,672 ----a-w C:\Documents and Settings\Wayne Wiseman\Application Data\GDIPFONTCACHEV1.DAT
2005-10-12 14:57 108,232 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-01-25 19:34 88 --sha-r C:\WINDOWS\system32\6755166785.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00552965-7DA5-471C-9703-8CC2084DC3B6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AC3EC89-62E0-4996-AB44-5708066564A3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61fc8e6e-7af3-4b98-9c50-a02eddb8319f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74EADE88-3E9C-4588-A1DF-F9C1DB2923AE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA4689D-056F-4AE2-B174-46D5318BFA0F}]
C:\WINDOWS\system32\cbXNfGWP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C83F6149-4782-4DAB-A478-96F195A376A2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9D15847-787F-40A3-BE0D-035D49CC766A}]
2008-06-10 09:38 281088 --a------ C:\WINDOWS\system32\xxyywttU.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"S3TRAY2"="S3tray2.exe" [2003-02-25 05:33 69632 C:\WINDOWS\system32\S3tray2.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17 90112]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-05 09:45 1177368]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 02:07 199752]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-08 17:47 1169456]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-08 18:00 1945424]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-08-08 17:51 148760]
"VTPreset"="VTPreset.exe" [2004-02-24 21:17 45056 C:\WINDOWS\system32\VTPreset.exe]
C:\Documents and Settings\Wayne Wiseman\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxXRlM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"KBD"=C:\HP\KBD\KBD.EXE
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.ex e
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FTP Commander\\Ftpcomm.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-05 09:45]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-05 09:45]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-05 09:45]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-05 09:45]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 03:00:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 18:58:12 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-04 18:58:11 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 11:03:59
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Soliddocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\verclsid.exe
.
************************************************** ************************
.
Completion time: 2008-06-10 11:25:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 15:24:44
Pre-Run: 5,567,823,872 bytes free
Post-Run: 5,534,003,200 bytes free
269 --- E O F --- 2008-05-20 00:17:43
================================================== ===
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:39 PM, on 6/10/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wayne Wiseman\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Recordex USA Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Recordex USA Home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8CA4689D-056F-4AE2-B174-46D5318BFA0F} - C:\WINDOWS\system32\cbXNfGWP.dll (file missing)
O2 - BHO: (no name) - {D9D15847-787F-40A3-BE0D-035D49CC766A} - C:\WINDOWS\system32\xxyywttU.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132523824031
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6848 bytes
Attached Files
File Type: txt ComboFixlog.txt (16.2 KB, 1 views)
File Type: txt SDFixreport.txt (4.9 KB, 1 views)
File Type: log hijackthis.log (6.7 KB, 1 views)


Last edited by Pancake; 06-10-2008 at 11:21 PM. Reason: Copy and pasted for better viewing
  #4  
Old 06-10-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,543
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Requesting Help
Before we can carry on with your cleanup we need to install your Recovery Console.
Go to Microsoft's website => How to obtain Windows XP Setup boot disks
Select the download that's appropriate for your Operating System


Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 06-10-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Some Experience
Mr. Wayne - See this Members User comments on their Profile page
Default Re: Requesting Help
I am running Windows XP Pro, Version 2002, Service Pack 3 v3264

Should I use the sp2 ???
  #6  
Old 06-11-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Some Experience
Mr. Wayne - See this Members User comments on their Profile page
Default Re: Requesting Help
I use sp2 option and have run the new ComboFix & HijackThis files attached

Can you please copy any paste your logs.Thanks




ComboFix 08-06-09.7 - Wayne Wiseman 2008-06-10 19:54:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.536 [GMT -4:00]
Running from: C:\Documents and Settings\Wayne Wiseman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wayne Wiseman\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMaf164450.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\freafwcl.dll
C:\WINDOWS\system32\lcwfaerf.ini
C:\WINDOWS\system32\Uttwyyxx.ini
C:\WINDOWS\system32\Uttwyyxx.ini2
C:\WINDOWS\system32\wknyhaao.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.
2008-06-10 20:02 . 2008-06-10 20:02 21 --a------ C:\WINDOWS\pskt.ini
2008-06-10 20:01 . 2008-06-10 20:01 0 --a------ C:\WINDOWS\BMaf164450.xml
2008-06-10 13:27 . 2008-06-10 13:27 91,136 --a------ C:\WINDOWS\system32\yeyycafn.dll
2008-06-10 12:07 . 2008-06-10 12:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-10 12:02 . 2008-06-10 12:42 <DIR> d-------- C:\SDFix
2008-06-10 09:38 . 2008-06-10 09:38 281,088 --a------ C:\WINDOWS\system32\xxyywttU.dll
2008-06-09 17:01 . 2008-06-09 17:01 <DIR> d-------- C:\Deckard
2008-06-08 12:19 . 2008-06-08 12:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-08 12:12 . 2008-06-08 12:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic Anti-Spyware
2008-06-07 10:03 . 2008-06-07 10:03 82,944 --a------ C:\WINDOWS\system32\flgimrde.dll
2008-06-07 10:02 . 2008-06-07 10:02 91,136 --a------ C:\WINDOWS\system32\agoviwvy.dll
2008-06-06 18:38 . 2008-06-06 18:38 <DIR> d-------- C:\Program Files\AnswersThatWork
2008-06-06 10:29 . 2008-06-06 11:53 <DIR> d-------- C:\Program Files\Uniblue
2008-06-06 10:29 . 2008-06-06 10:29 <DIR> d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Uniblue
2008-06-05 10:49 . 2008-06-10 19:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-06-04 16:41 . 2008-06-04 16:41 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-04 16:39 . 2008-06-04 19:57 <DIR> d-------- C:\Program Files\Avi2Dvd
2008-06-04 14:57 . 2008-06-04 16:18 <DIR> d-------- C:\Program Files\RegCure
2008-06-03 16:15 . 2008-06-03 16:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
2008-06-03 16:09 . 2008-06-03 16:09 <DIR> d-------- C:\Program Files\Seagate
2008-06-03 16:09 . 2008-06-03 16:10 <DIR> d-------- C:\Program Files\Common Files\Seagate
2008-06-03 11:23 . 2008-06-03 11:23 <DIR> d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\Tidy Start Menu
2008-06-03 11:22 . 2008-06-03 11:22 <DIR> d-------- C:\Program Files\Tidy Start Menu
2008-05-26 11:12 . 2008-06-04 10:30 11,532 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-22 10:28 . 2008-05-22 10:28 <DIR> d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\AdobeUM
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:51 . 2008-05-25 10:01 17 --a------ C:\WINDOWS\MovingPicture.ini
2008-05-12 19:46 . 2002-07-26 17:02 153,088 --a------ C:\Program Files\UNWISE.EXE
2008-05-12 19:46 . 2005-12-21 10:14 100,957 --a------ C:\WINDOWS\system32\drivers\emDevice.sys
2008-05-12 19:41 . 2008-05-12 19:41 <DIR> d-------- C:\WINDOWS\Cache
2008-05-12 19:34 . 2008-05-12 19:34 <DIR> d-------- C:\Program Files\proDAD
2008-05-12 19:26 . 2008-05-12 19:26 <DIR> d-------- C:\Program Files\AdorageI-SAL
2008-05-12 19:26 . 2008-05-12 19:28 <DIR> d-------- C:\Program Files\AdorageI-GfxDatas
2008-05-12 19:14 . 2002-09-24 10:12 2,653,888 --a------ C:\WINDOWS\system32\LTRDG13n.OCX
2008-05-12 19:14 . 2002-09-24 10:12 534,192 --a------ C:\WINDOWS\system32\LTRVW13N.OCX
2008-05-12 19:14 . 2002-09-24 10:12 466,624 --a------ C:\WINDOWS\system32\LTRPR13n.DLL
2008-05-12 19:14 . 2005-07-12 13:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2008-05-12 19:14 . 2002-09-24 10:12 194,248 --a------ C:\WINDOWS\system32\LTRFD13n.DLL
2008-05-12 19:11 . 2008-05-12 19:11 <DIR> d-------- C:\SmartSound Software
2008-05-12 19:10 . 2004-02-24 12:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2008-05-12 19:10 . 2005-02-09 11:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-05-12 19:07 . 2008-05-12 19:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-05-12 18:55 . 2006-04-11 16:03 233,472 --a------ C:\WINDOWS\system32\DiskIO.dll
2008-05-12 18:55 . 2006-04-11 16:03 184,320 --a------ C:\WINDOWS\system32\RALMain.dll
2008-05-12 18:55 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-05-12 18:55 . 2004-01-02 13:28 126,976 --a------ C:\WINDOWS\system32\AVIPrAx.dll
2008-05-12 18:55 . 2001-12-11 23:21 73,728 --a------ C:\WINDOWS\system32\MMAviAx.dll
2008-05-12 18:55 . 2007-03-06 17:53 41,984 --a------ C:\WINDOWS\system32\cacheX.dll
2008-05-12 18:55 . 2005-12-12 16:57 32,768 --a------ C:\WINDOWS\system32\MLPagAx.dll
2008-05-12 18:53 . 2003-03-19 06:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-12 18:53 . 2002-01-05 12:18 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-05-12 18:53 . 2003-11-25 05:02 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2008-05-12 18:52 . 2008-05-12 19:12 <DIR> d-------- C:\Program Files\Pinnacle
2008-05-12 18:52 . 2008-05-12 19:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-05-12 18:51 . 2008-05-12 18:51 <DIR> d-------- C:\Documents and Settings\Wayne Wiseman\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-10 18:03 --------- d-----w C:\Documents and Settings\Wayne Wiseman\Application Data\SolidDocuments
2008-06-09 03:26 --------- d-----w C:\Program Files\Lavasoft
2008-06-09 03:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 14:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-06 19:38 --------- d-----w C:\Program Files\Microsoft Games
2008-06-05 14:50 --------- d-----w C:\Program Files\Google
2008-06-05 00:05 --------- d-----w C:\Documents and Settings\Wayne Wiseman\Application Data\Ahead
2008-06-04 18:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-04 17:09 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-04 17:09 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-03 20:10 400,864 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-06-03 20:10 32,768 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-06-03 20:10 120,992 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-26 14:43 --------- d-----w C:\Program Files\DivX
2008-05-12 23:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 13:45 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-05 13:45 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-05 13:45 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-05 13:44 --------- d-----w C:\Program Files\AVG
2008-05-05 13:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-04 22:46 --------- d-----w C:\Documents and Settings\Wayne Wiseman\Application Data\ImgBurn
2008-05-04 22:45 --------- d-----w C:\Program Files\ImgBurn
2008-05-04 22:44 --------- d-----w C:\Program Files\Cheat Engine
2008-05-04 16:20 --------- d-----w C:\Program Files\Videocharge Software
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-15 17:47 --------- d-----w C:\Documents and Settings\Wayne Wiseman\Application Data\Watermark Master
2008-04-15 00:27 --------- d-----w C:\Program Files\SpywareGuard
2008-04-09 20:44 10,534 ----a-w C:\Documents and Settings\All Users.WINDOWS\rndismp.sys
2008-01-15 21:32 31,672 ----a-w C:\Documents and Settings\Wayne Wiseman\Application Data\GDIPFONTCACHEV1.DAT
2005-10-12 14:57 108,232 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-01-25 19:34 88 --sha-r C:\WINDOWS\system32\6755166785.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_11.24.23.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 15:03:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 00:00:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-09 18:23:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-10 16:08:07 6,828,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-06-10 16:08:07 122,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-09 18:23:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-10 16:07:53 6,828,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-06-10 16:07:53 122,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4b26667d-6952-4d83-8ebd-4f31bf7ea546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA4689D-056F-4AE2-B174-46D5318BFA0F}]
C:\WINDOWS\system32\cbXNfGWP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93C52279-A756-4E6D-8E53-4A583B402B55}]
2008-06-10 09:38 281088 --a------ C:\WINDOWS\system32\xxyywttU.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"S3TRAY2"="S3tray2.exe" [2003-02-25 05:33 69632 C:\WINDOWS\system32\S3tray2.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17 90112]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-05 09:45 1177368]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 02:07 199752]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-08 17:47 1169456]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-08 18:00 1945424]
&qu