Unknown problem: afinding.exe, nobicyst.exe, perfs.exe, routing.exe, wserving.exe
I recently found these files on my computer afinding.exe, nobicyst.exe, perfs.exe, routing.exe, wserving.exe i have blocked some of them from accessing the internet. Here is the scan results from Hijack this by trend micro:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:55:46 PM, on 8/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\afinding.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\McAfee\MBK\MBackMonitor.exe F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe f:\program files\common files\mcafee\mna\mcnasvc.exe f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe F:\Program Files\McAfee\MPF\MPFSrv.exe F:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe F:\WINDOWS\system32\Nobicyt.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\IoctlSvc.exe F:\WINDOWS\system32\routing.exe F:\Program Files\SiteAdvisor\6261\SAService.exe F:\WINDOWS\System32\PAStiSvc.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\wserving.exe F:\WINDOWS\Explorer.EXE f:\PROGRA~1\mcafee.com\agent\mcagent.exe F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe F:\Program Files\SiteAdvisor\6261\SiteAdv.exe F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe F:\Program Files\Microsoft ActiveSync\wcescomm.exe F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe F:\PROGRA~1\MI3AA1~1\rapimgr.exe F:\Program Files\iPod\bin\iPodService.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\OUTLOO~2\OFFICE11\OUTLOOK.EXE F:\Program Files\Internet Explorer\iexplore.exe F:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla FireFox\firefox.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - f:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SiteAdvisor] "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] F:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McAfee Backup] F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] F:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AllToTray] F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE O4 - HKCU\..\Run: [Mini-XP] F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe O4 - Startup: Shortcut to BNUBot.lnk = Bot\BNUBot.exe O4 - Startup: Shortcut to l2uthless Ops.lnk = l2uthless_Ops\l2uthless Ops.exe O4 - Global Startup: Shortcut to pg2.lnk = C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://landryserver/connectcomputer/nshelp.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://landryserver/Remote/msrdp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local O23 - Service: AFinding Service (AFinding) - Unknown owner - F:\WINDOWS\system32\afinding.exe O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - F:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - F:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - F:\WINDOWS\system32\msmsn.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - F:\WINDOWS\system32\Nobicyt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Routing Service (Routing) - Unknown owner - F:\WINDOWS\system32\routing.exe O23 - Service: SiteAdvisor Service - Unknown owner - F:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe O23 - Service: WServing Service (WServing) - Unknown owner - F:\WINDOWS\system32\wserving.exe -- End of file - 11332 bytes Please help! Thanks In Advance!!!!!!:D |
Hello skiniemini,
Good, you started your own thread and now we can start checking things there. Yes, infection is showing here, so let's get more details and then start repairs from those. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges. Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK): "%userprofile%\desktop\dss.exe" /config When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following: System Restore Temp Cleanup Process Modules Then under Options, place a check next to the following: Backup Registry Hives Don't make any other changes at this time. Then click the "Scan!" button to start the scan. Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder) You can use extra posts here if needed for that. |
Main.txt:
Deckard's System Scanner v20071014.68 Run by mason on 2008-08-07 10:09:32 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. -- HijackThis (run as mason.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:17 AM, on 8/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\afinding.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\McAfee\MBK\MBackMonitor.exe F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe f:\program files\common files\mcafee\mna\mcnasvc.exe f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe F:\Program Files\McAfee\MPF\MPFSrv.exe F:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe F:\WINDOWS\system32\Nobicyt.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\IoctlSvc.exe F:\WINDOWS\system32\routing.exe F:\Program Files\SiteAdvisor\6261\SAService.exe F:\WINDOWS\System32\PAStiSvc.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\wserving.exe F:\WINDOWS\Explorer.EXE f:\PROGRA~1\mcafee.com\agent\mcagent.exe F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe F:\Program Files\SiteAdvisor\6261\SiteAdv.exe F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\Program Files\Microsoft ActiveSync\wcescomm.exe F:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\PeerGuardian2\pg2.exe F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\WINDOWS\system32\wuauclt.exe f:\PROGRA~1\mcafee\msc\mcuimgr.exe F:\Documents and Settings\Mason\My Documents\dss.exe F:\PROGRA~1\TRENDM~1\HIJACK~1\mason.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mason R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - f:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SiteAdvisor] "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] F:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McAfee Backup] F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] F:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AllToTray] F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE O4 - HKCU\..\Run: [Mini-XP] F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe O4 - Startup: Shortcut to BNUBot.lnk = Bot\BNUBot.exe O4 - Startup: Shortcut to l2uthless Ops.lnk = l2uthless_Ops\l2uthless Ops.exe O4 - Global Startup: Shortcut to pg2.lnk = C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://landryserver/connectcomputer/nshelp.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local O23 - Service: AFinding Service (AFinding) - Unknown owner - F:\WINDOWS\system32\afinding.exe O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - F:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - F:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - F:\WINDOWS\system32\msmsn.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - F:\WINDOWS\system32\Nobicyt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Routing Service (Routing) - Unknown owner - F:\WINDOWS\system32\routing.exe O23 - Service: SiteAdvisor Service - Unknown owner - F:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe O23 - Service: WServing Service (WServing) - Unknown owner - F:\WINDOWS\system32\wserving.exe -- End of file - 10916 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 pcouffin (VSO Software pcouffin) - f:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys S3 NetHook_ControlCenter (ArtOfPing ControlCenter) - f:\program files\pingfu iris\controlcenter.sys (file missing) S3 NetHook_Interceptor (ArtOfPing TDI Interceptor) - f:\program files\pingfu iris\interceptor.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AFinding (AFinding Service) - f:\windows\system32\afinding.exe R2 Bonjour Service - "f:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 Nero BackItUp Scheduler 3 - c:\program files\nero 8\nero\nero8\nero backitup\nbservice.exe R2 NOBICYT (NOBICYT Service) - f:\windows\system32\nobicyt.exe R2 PLFlash DeviceIoControl Service - f:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application> R2 Routing (Routing Service) - f:\windows\system32\routing.exe R2 WServing (WServing Service) - f:\windows\system32\wserving.exe S2 msmsnkd (Microsoft Network Message Service) - f:\windows\system32\msmsn.exe (file missing) S4 perfmons - f:\windows\system32\perfs.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8139/810x Family Fast Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8139/810x Family Fast Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98 Service: RTL8023xp -- Scheduled Tasks ------------------------------------------------------------- 2008-08-04 11:18:04 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-08-01 01:00:00 352 --a------ F:\WINDOWS\Tasks\McQcTask.job 2008-07-15 01:00:00 350 --a------ F:\WINDOWS\Tasks\McDefragTask.job -- Files created between 2008-07-07 and 2008-08-07 ----------------------------- 2008-08-06 13:54:20 0 d-------- F:\Program Files\Trend Micro 2008-08-06 10:45:01 0 d-------- F:\Documents and Settings\Mason\.housecall6.6 <HOUSEC~1.6> 2008-08-05 10:42:41 0 d-------- F:\Program Files\U5Me Operator 2008-08-05 08:50:17 0 d-------- F:\WINDOWS\pss 2008-08-03 09:11:46 0 d-------- F:\Program Files\LG Electronics 2008-08-01 16:38:05 61440 --a------ F:\WINDOWS\system32\msudf.exe 2008-08-01 13:43:53 0 d-------- F:\Documents and Settings\LocalService\Application Data\Macromedia 2008-08-01 13:43:52 0 d-------- F:\Documents and Settings\LocalService\Application Data\Adobe 2008-08-01 12:16:49 0 d-------- F:\Program Files\TallStick 2008-07-31 16:36:23 0 d-------- F:\Documents and Settings\All Users\Application Data\InstalledPackages 2008-07-31 16:36:16 0 d-------- F:\Documents and Settings\All Users\Application Data\SyncClient 2008-07-31 16:35:53 0 d-------- F:\Program Files\Wireless Sync 2008-07-27 15:47:44 0 d-------- F:\Documents and Settings\Mason\Application Data\ArtOfPing 2008-07-26 01:26:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Mozilla 2008-07-26 01:20:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\ArtOfPing 2008-07-26 01:19:28 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Macromedia 2008-07-26 01:19:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Adobe 2008-07-26 01:04:20 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\McAfee 2008-07-26 01:03:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Nero 2008-07-26 01:03:54 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\SiteAdvisor 2008-07-26 01:03:19 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Identities 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Templates <TEMPLA~1> 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Start Menu <STARTM~1> 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\SendTo 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Recent 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\PrintHood <PRINTH~1> 2008-07-26 01:03:02 2359296 --ah----- F:\Documents and Settings\Mason.LANDRY2\ntuser.dat 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\NetHood 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\My Documents <MYDOCU~1> 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Local Settings <LOCALS~1> 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Favorites <FAVORI~1> 2008-07-26 01:03:02 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Desktop 2008-07-26 01:03:02 0 d--hs---- F:\Documents and Settings\Mason.LANDRY2\Cookies 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Application Data <APPLIC~1> 2008-07-26 01:03:02 0 d---s---- F:\Documents and Settings\Mason.LANDRY2\Application Data\Microsoft 2008-07-25 13:00:33 0 d-------- F:\Documents and Settings\Mason\Application Data\Winamp 2008-07-23 09:54:06 0 d--hs---- F:\WINDOWS\ftpcache 2008-07-14 23:56:49 0 d-------- F:\Program Files\Microsoft ActiveSync 2008-07-14 22:37:03 0 d-------- F:\Program Files\Microsoft Silverlight 2008-07-14 14:07:17 0 d-------- F:\Program Files\Mozilla ActiveX Control v1.7.12 2008-07-14 11:53:08 0 d-------- F:\WINDOWS\system32\xlive 2008-07-14 11:48:02 0 d-------- F:\Program Files\Microsoft XNA 2008-07-14 11:36:03 0 d-------- F:\Program Files\iPod 2008-07-14 11:14:58 0 d-------- F:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-14 11:00:17 0 d-------- F:\WINDOWS\system32\FxsTmp 2008-07-14 10:53:42 2560 --a------ F:\WINDOWS\_MSRSTRT.EXE 2008-07-14 09:49:34 0 d-------- F:\Program Files\ElcomSoft See Next Post |
Continued from last post:
2008-07-13 23:26:50 0 d-------- F:\Documents and Settings\Mason\Application Data\WinRAR 2008-07-13 23:05:11 0 d-------- F:\Documents and Settings\LocalService\Application Data\McAfee 2008-07-13 23:04:27 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Application Data\Identities 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Templates <TEMPLA~1> 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Start Menu <STARTM~1> 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\SendTo 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Recent 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\PrintHood <PRINTH~1> 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\NetHood 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\My Documents <MYDOCU~1> 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Local Settings <LOCALS~1> 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Favorites <FAVORI~1> 2008-07-13 23:03:13 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Desktop 2008-07-13 23:03:13 0 d--hs---- F:\Documents and Settings\__sbs_netsetup__\Cookies 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Application Data <APPLIC~1> 2008-07-13 23:03:13 0 d---s---- F:\Documents and Settings\__sbs_netsetup__\Application Data\Microsoft 2008-07-13 23:03:12 2097152 --ah----- F:\Documents and Settings\__sbs_netsetup__\ntuser.dat 2008-07-13 22:32:58 0 d-------- F:\WINDOWS\SchCache 2008-07-13 20:59:28 0 d-------- F:\Program Files\Microsoft.NET 2008-07-13 20:58:51 0 d-------- F:\Program Files\Common Files\Merge Modules 2008-07-13 20:58:50 0 d-------- F:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-13 20:57:14 0 d-------- F:\Program Files\Microsoft SDKs 2008-07-13 20:22:48 0 d-------- F:\Program Files\MSBuild 2008-07-13 20:22:39 0 d-------- F:\WINDOWS\system32\XPSViewer 2008-07-13 20:22:31 0 d-------- F:\Program Files\Reference Assemblies 2008-07-13 20:16:11 0 d-------- F:\Program Files\MSXML 6.0 2008-07-13 18:11:16 0 d-------- F:\Documents and Settings\All Users\Application Data\vsosdk 2008-07-13 13:37:51 0 d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-13 13:28:04 0 d-------- F:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-07-13 13:28:02 0 d-------- F:\Program Files\DVD Shrink 2008-07-13 13:27:11 47360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-07-13 13:27:11 0 d-------- F:\Documents and Settings\Mason\Application Data\Vso 2008-07-13 13:27:11 47360 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-07-13 13:26:59 0 d-------- F:\Program Files\DVDFab 5 2008-07-13 11:49:05 0 d-------- F:\Documents and Settings\Mason\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1 2008-07-13 00:25:13 0 --a------ F:\WINDOWS\nsreg.dat 2008-07-13 00:25:03 0 d-------- F:\Documents and Settings\Mason\Application Data\Mozilla 2008-07-12 19:03:11 0 d-------- F:\Program Files\OpenOffice.org 2.4 2008-07-12 18:16:44 0 d-------- F:\Documents and Settings\Mason\Application Data\OpenOffice.org2 2008-07-12 13:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-07-12 10:26:34 0 d-------- F:\Program Files\Common Files\Adobe AIR 2008-07-12 10:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe 2008-07-12 10:24:59 0 d-------- F:\Program Files\Common Files\Adobe 2008-07-12 10:22:13 0 d-------- F:\Documents and Settings\All Users\Application Data\NOS 2008-07-12 10:22:11 0 d-------- F:\Program Files\NOS 2008-07-11 22:21:07 768 --a------ F:\WINDOWS\system32\d3d8caps.dat 2008-07-11 16:26:17 0 d-------- F:\Program Files\Chat4Support Operator 2008-07-10 19:05:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Actual Tools 2008-07-10 17:55:44 0 d-------- F:\Program Files\AllToTray 2008-07-09 23:03:13 0 d-------- F:\Program Files\Boldcenter 2008-07-09 14:09:00 0 d-------- F:\Program Files\StealthBot 2008-07-08 14:54:38 0 d-------- F:\Documents and Settings\Mason\Application Data\FileZilla 2008-07-08 14:53:55 0 d-------- F:\Program Files\FileZilla FTP Client 2008-07-08 14:32:38 0 d-------- F:\Documents and Settings\All Users\Application Data\TEMP 2008-07-08 14:32:33 0 d--h----- F:\Documents and Settings\Mason\Application Data\IFLTemp 2008-07-08 14:32:21 0 d-------- F:\Program Files\IncrediFlash Intro and Banner Studio 1.2 2008-07-08 13:05:23 131584 --a------ F:\WINDOWS\system32\SpoonUninstall.exe 2008-07-08 09:16:40 0 d-------- F:\Program Files\SourceTec 2008-07-08 09:15:51 177 --a------ F:\DelUS.bat 2008-07-08 08:30:56 0 d-------- F:\Program Files\Common Files\Macromedia Shared 2008-07-08 08:29:30 0 d-------- F:\Documents and Settings\All Users\Application Data\Macromedia 2008-07-08 08:28:15 0 d-------- F:\Program Files\Macromedia 2008-07-07 18:39:12 23 --a------ F:\Documents and Settings\Mason\jagex_runescape_preferences.dat <JAGEX_~1.DAT> 2008-07-07 18:38:52 0 d-------- F:\WINDOWS\Sun 2008-07-07 18:38:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Sun 2008-07-07 18:37:50 0 d-------- F:\Program Files\Java 2008-07-07 18:37:00 0 d-------- F:\Program Files\Common Files\Java 2008-07-07 12:44:01 0 d-------- F:\Program Files\Common Files\Blizzard Entertainment 2008-07-07 10:00:52 0 d-------- F:\Program Files\Windows Media Connect 2 2008-07-07 09:57:07 0 d-------- F:\WINDOWS\system32\LogFiles 2008-07-07 09:57:07 0 d-------- F:\WINDOWS\system32\drivers\UMDF -- Find3M Report --------------------------------------------------------------- 2008-08-06 10:36:21 0 d-------- F:\Documents and Settings\Mason\Application Data\uTorrent 2008-08-04 13:40:12 0 d-------- F:\Program Files\McAfee 2008-08-03 10:18:08 0 d--h----- F:\Program Files\InstallShield Installation Information 2008-08-03 10:12:51 2528 --a------ F:\Documents and Settings\Mason\Application Data\$_hpcst$.hpc 2008-08-03 09:22:49 0 d-------- F:\Documents and Settings\Mason\Application Data\Apple Computer 2008-07-25 19:14:46 664 --a------ F:\WINDOWS\system32\d3d9caps.dat 2008-07-13 23:57:39 0 d-------- F:\Program Files\Common Files 2008-07-13 17:01:20 0 d-------- F:\Documents and Settings\Mason\Application Data\Adobe 2008-07-13 13:30:34 0 d-------- F:\Program Files\Apple Software Update 2008-07-13 13:27:24 34 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.log 2008-07-13 13:27:11 1144 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.inf 2008-07-13 13:27:11 7887 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.cat 2008-07-08 08:31:52 0 d-------- F:\Documents and Settings\Mason\Application Data\Macromedia 2008-07-06 22:14:41 0 d-------- F:\Program Files\Bonjour 2008-07-06 22:14:29 0 d-------- F:\Program Files\QuickTime 2008-07-06 22:12:48 0 d-------- F:\Program Files\Common Files\Apple 2008-07-06 22:03:44 0 d-------- F:\Program Files\Common Files\PCCamera 2008-07-06 22:03:43 0 d-------- F:\Program Files\PC VGA Camera 2008-07-06 21:57:25 0 d-------- F:\Program Files\Microsoft IntelliPoint 2008-07-06 21:56:30 0 d-------- F:\Program Files\Microsoft IntelliType Pro 2008-07-06 21:36:54 0 d-------- F:\Program Files\MSXML 4.0 2008-07-06 20:53:56 0 d-------- F:\Documents and Settings\Mason\Application Data\McAfee 2008-07-06 19:48:39 0 d-------- F:\Program Files\Windows Live 2008-07-06 19:46:52 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller 2008-07-06 17:14:16 0 d-------- F:\Program Files\SiteAdvisor 2008-07-06 17:13:49 0 d-------- F:\Program Files\Common Files\McAfee 2008-07-06 17:13:26 0 d-------- F:\Documents and Settings\Mason\Application Data\SiteAdvisor 2008-07-03 17:52:10 0 d-------- F:\Program Files\McAfee.com 2008-07-03 11:18:15 0 d-------- F:\Program Files\uTorrent 2008-06-26 15:07:12 0 d-------- F:\Documents and Settings\Mason\Application Data\Ahead 2008-06-26 14:08:08 0 d-------- F:\Program Files\NeroInstall.bak 2008-06-26 14:06:14 0 d-------- F:\Documents and Settings\Mason\Application Data\Nero 2008-06-26 14:04:41 0 d-------- F:\Program Files\Common Files\Nero 2008-06-25 20:48:10 0 d-------- F:\Documents and Settings\Mason\Application Data\Identities 2008-06-25 20:25:49 0 d-------- F:\Program Files\Wal-Mart Music Downloads Store 2008-06-25 20:25:41 0 d-------- F:\Program Files\Common Files\InstallShield 2008-06-25 19:35:31 0 d-------- F:\Program Files\VIA 2008-06-25 19:34:23 0 d-------- F:\Program Files\Realtek Sound Manager 2008-06-25 19:34:23 0 d-------- F:\Program Files\AvRack 2008-06-25 19:33:22 0 d-------- F:\Program Files\AMD 2008-06-25 19:11:35 0 d-------- F:\Program Files\TechTracker 2008-06-25 18:33:57 0 d-------- F:\Program Files\Realtek 2008-06-25 18:33:50 315392 --a------ F:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-06-25 18:28:14 0 d-------- F:\Program Files\SystemRequirementsLab 2008-06-25 17:52:57 0 d-------- F:\Program Files\Messenger 2008-06-25 17:17:44 0 d-------- F:\Program Files\Microsoft Windows Small Business Server 2008-06-25 16:32:34 0 d-------- F:\Program Files\microsoft frontpage 2008-06-25 16:29:54 0 d--h----- F:\Program Files\WindowsUpdate 2008-06-25 16:29:48 0 d-------- F:\Program Files\Online Services 2008-06-25 16:28:57 0 d-------- F:\Program Files\Common Files\MSSoap 2008-06-25 16:28:48 0 d-------- F:\Program Files\Movie Maker 2008-06-25 16:27:49 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat 2008-06-25 16:26:56 0 d-------- F:\Program Files\MSN Gaming Zone 2008-06-25 16:26:47 0 d-------- F:\Program Files\Windows NT 2008-06-25 10:14:41 0 d-------- F:\Program Files\Common Files\ODBC 2008-06-25 10:14:38 0 d-------- F:\Program Files\Common Files\SpeechEngines 2008-06-25 10:14:09 62 --ahs---- F:\Documents and Settings\Mason\Application Data\desktop.ini 2008-05-16 14:01:00 1630208 --a------ F:\WINDOWS\system32\nwiz.exe 2008-05-16 14:01:00 1019904 --a------ F:\WINDOWS\system32\nvwimg.dll 2008-05-16 14:01:00 1703936 --a------ F:\WINDOWS\system32\nvwdmcpl.dll 2008-05-16 14:01:00 466944 --a------ F:\WINDOWS\system32\nvshell.dll 2008-05-16 14:01:00 1486848 --a------ F:\WINDOWS\system32\nview.dll 2008-05-16 14:01:00 1339392 --a------ F:\WINDOWS\system32\nvdspsch.exe 2008-05-16 14:01:00 442368 --a------ F:\WINDOWS\system32\nvappbar.exe 2008-05-16 14:01:00 425984 --a------ F:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] 06/11/2008 10:33 PM 75128 --a------ F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] 11/26/2007 10:46 AM 324936 --a------ f:\PROGRA~1\mcafee\msk\mcapbho.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM] "nwiz"="nwiz.exe" [05/16/2008 02:01 PM F:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="F:\WINDOWS\system32\NvMcTray. dll" [05/16/2008 02:01 PM] "SoundMan"="SOUNDMAN.EXE" [11/15/2004 04:20 AM F:\WINDOWS\SOUNDMAN.EXE] "ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM] "NeroFilterCheck"="F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM] "NBKeyScan"="C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM] "SiteAdvisor"="F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 05:12 PM] "McENUI"="F:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM] "mcagent_exe"="F:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM] "McAfee Backup"="F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM] "MBkLogOnHook"="F:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM] "itype"="F:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 07:08 PM] "IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 05:52 PM] "QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM] "SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM] "Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM] "AppleSyncNotifier"="F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM] "MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM] "AllToTray"="F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE " [] "Mini-XP"="F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe" [] "Vidalia"="F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [] "H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM] "WinMinimizer"="E:\WMinimizer\WindowMinimizer. exe" [] F:\Documents and Settings\Mason\Start Menu\Programs\Startup\ Shortcut to BNUBot.lnk - F:\Documents and Settings\Mason\My Documents\Bot\BNUBot.exe [7/10/2008 12:18:21 AM] Shortcut to l2uthless Ops.lnk - F:\Documents and Settings\Mason\My Documents\l2uthless_Ops\l2uthless Ops.exe [3/16/2008 9:55:32 PM] F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Shortcut to pg2.lnk - C:\Program Files\PeerGuardian2\pg2.exe [1/12/2007 8:23:44 PM] VIA RAID TOOL.lnk - F:\Program Files\VIA\RAID\raid_tool.exe [6/25/2008 7:35:32 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoWelcomeScreen"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" *Newly Created Service* - PGFILTER -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8940 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-08-07 10:12:17 ------------ |
extra.txt:
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Sempron(tm) Processor 2600+ Percentage of Memory in Use: 69% Physical Memory (total/avail): 511.49 MiB / 157.5 MiB Pagefile Memory (total/avail): 1246.61 MiB / 657.06 MiB Virtual Memory (total/avail): 2047.88 MiB / 1946.35 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 151.86 GiB total, 47.13 GiB free. D: is Fixed (FAT32) - 4.01 GiB total, 0.53 GiB free. F: is Fixed (NTFS) - 38.06 GiB total, 8.71 GiB free. G: is CDROM (No Media) H: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Maxtor 6L200P0 - 189.92 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 151.86 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 38.06 GiB - F: \\.\PHYSICALDRIVE1 - ST34310A - 4.01 GiB - 1 partition \PARTITION0 (bootable) - Unknown - 4.01 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: McAfee Personal Firewall v (McAfee) AV: McAfee VirusScan v (McAfee) [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup" "F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "F:\\Games\\Call of Duty 2\\CoD2MP_s.exe"="F:\\Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WIN DOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup" "F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:Orb" "F:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="F:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb Application" "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=F:\Documents and Settings\All Users APPDATA=F:\Documents and Settings\Mason\Application Data BLASTER=A220 I5 D1 P330 CLASSPATH=.;F:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=F:\Program Files\Common Files COMPUTERNAME=LANDRY2 ComSpec=F:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=F: HOMEPATH=\Documents and Settings\Mason LOGONSERVER=\\LANDRYSERVER NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\Sys tem32\Wbem;F:\Program Files\QuickTime\QTSystem\;;C:\UPS\Common\SuppAsst\ lib;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 28 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=1c00 ProgramFiles=F:\Program Files PROMPT=$P$G QTJAVA=F:\Program Files\QuickTime\QTSystem\QTJava.zip SBSSERVER=LANDRYSERVER SESSIONNAME=Console SystemDrive=F: SystemRoot=F:\WINDOWS TEMP=F:\DOCUME~1\Mason\LOCALS~1\Temp TMP=F:\DOCUME~1\Mason\LOCALS~1\Temp USERDNSDOMAIN=LANDRYNETWORK.LOCAL USERDOMAIN=LANDRYNETWORK USERNAME=mason USERPROFILE=F:\Documents and Settings\Mason VS90COMNTOOLS=C:\Program Files\Visual C++ 2008 Express Edition\Common7\Tools\ windir=F:\WINDOWS XNAGSShared=F:\Program Files\Common Files\Microsoft Shared\XNA\ XNAGSv2=F:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\ -- User Profiles --------------------------------------------------------------- Mason.LANDRY2 (new local, admin) __sbs_netsetup__ (new local, admin) Administrator (admin) Mason (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero 8\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> F:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> F:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> F:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> F:\WINDOWS\UNNeroVision.exe /UNINSTALL --> F:\WINDOWS\UNRecode.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf µTorrent --> "F:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Acrobat.com --> F:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR --> F:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe Adobe Flash Player Plugin --> F:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Athlon 64 Processor Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9 AutoTunnel GG --> "F:\Program Files\AutoTunnel GG\uninstall.exe" Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} BT PhoneManager LiveUpdate --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D0E00354-A8C2-40D6-8ED8-26B3A4B1AF85}\setup.exe" -l0x9 Chat4Support Operator 2.1.2 Build 0710 --> "F:\Program Files\Chat4Support Operator\unins000.exe" DVD Shrink 3.2 --> "F:\Program Files\DVD Shrink\unins000.exe" DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.5 --> "F:\Program Files\DVDFab 5\unins000.exe" FileZilla Client 3.0.11.1 --> F:\Program Files\FileZilla FTP Client\uninstall.exe High Definition Audio Driver Package - KB888111 --> "F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\s puninst.exe" HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "F:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe" iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Korean Fonts Support For Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-900000000003} LG USB Modem driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG Macromedia Contribute 3.11 --> MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA} McAfee SecurityCenter --> F:\Program Files\McAfee\MSC\mcuninst.exe Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe" Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E} Microsoft Office Outlook 2003 --> MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe" Microsoft Visual C# 2005 Express Edition - ENU --> C:\Program Files\Visual C# 2005 Express Edition\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe Microsoft Visual C# 2005 Express Edition - ENU --> MsiExec.exe /X{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8} Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749) --> F:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {B6B0F76A-873E-438E-BC25-6704193DD344} /package {7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8} Microsoft Visual C++ 2008 Express Edition - ENU --> C:\Program Files\Visual C++ 2008 Express Edition\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe Microsoft Visual C++ 2008 Express Edition - ENU --> MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738} Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350} Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06} Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D} Microsoft XNA Framework Redistributable 2.0 --> MsiExec.exe /I{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A} Microsoft XNA Game Studio 2.0 --> F:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Setup\Bootstrapper.exe Microsoft XNA Game Studio 2.0 --> MsiExec.exe /I{C357E2C9-091F-4B12-BB1C-2E7B19112BC4} Microsoft XNA Game Studio 2.0 (ARP entry) --> MsiExec.exe /I{070B87FB-CD1A-45AA-9E5E-484E5964C6ED} Microsoft XNA Game Studio 2.0 (Redists) --> MsiExec.exe /I{31EA6FCB-6C53-4BA7-BE88-9BA788899C2C} Microsoft XNA Game Studio 2.0 (shared components) --> MsiExec.exe /I{C18DA187-6C0D-4B8E-99AE-74D5C588AFB6} Microsoft XNA Game Studio 2.0 (spacewar) --> MsiExec.exe /I{3432C2AA-BB3E-44B3-B5ED-EF36E0241100} Microsoft XNA Game Studio 2.0 (xnaliveproxy) --> MsiExec.exe /I{9B96628C-8898-4FED-9612-25631C27AB13} Microsoft XNA Game Studio 2.0 Documentation --> MsiExec.exe /I{3B5A6E00-2B27-4E1A-8A33-E3A40DEFD4DC} Mozilla ActiveX Control v1.7.12 --> F:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla FireFox\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers --> F:\WINDOWS\system32\nvuninst.exe UninstallGUI OpenOffice.org 2.4 --> MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B} PC VGA Camera --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{F6C4EE06-DA6D-45DC-A129-04166F5FF238} /l1033 QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Realtek AC'97 Audio --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE Realtek High Definition Audio Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Shadow Copy Client --> MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA} System Requirements Lab --> F:\Program Files\SystemRequirementsLab\Uninstall.exe Thrillville(TM): '07 --> F:\Program Files\InstallShield Installation Information\{3BC8D2F1-8CA2-4AF9-99C7-8598AFFDEF8F}\setup.exe -runfromtemp -l0x0409 VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VIA Platform Device Manager --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VolusionLiveChat --> MsiExec.exe /I{BAFDD9A5-0E66-41B9-B163-1F217CFA7919} Wal-Mart Music Downloads Store --> MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283} Warcraft III --> F:\Program Files\Common Files\Blizzard Entertainment\Warcraft III (3)\Uninstall.exe Winamp --> "C:\Program Files\Winamp\UninstWA.exe" Windows Imaging Component --> "F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe " See Next Post |
Contined from last post:
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe" WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe XML Paper Specification Shared Components Pack 1.0 --> YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86} -- Application Event Log ------------------------------------------------------- Event Record #/Type2206 / Error Event Submitted/Written: 08/07/2008 08:57:58 AM Event ID/Source: 15 / AutoEnrollment Event Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Event Record #/Type2205 / Error Event Submitted/Written: 08/07/2008 00:57:58 AM Event ID/Source: 15 / AutoEnrollment Event Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Event Record #/Type2200 / Success Event Submitted/Written: 08/06/2008 05:00:53 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2197 / Error Event Submitted/Written: 08/06/2008 04:57:04 PM Event ID/Source: 1030 / Userenv Event Description: Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Event Record #/Type2196 / Error Event Submitted/Written: 08/06/2008 04:56:58 PM Event ID/Source: 1030 / Userenv Event Description: Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type3486 / Warning Event Submitted/Written: 08/07/2008 07:49:58 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type3485 / Error Event Submitted/Written: 08/07/2008 06:44:12 AM Event ID/Source: 5719 / NETLOGON Event Description: No Domain Controller is available for domain LANDRYNETWORK due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Event Record #/Type3481 / Error Event Submitted/Written: 08/06/2008 10:42:46 PM Event ID/Source: 5719 / NETLOGON Event Description: No Domain Controller is available for domain LANDRYNETWORK due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Event Record #/Type3477 / Warning Event Submitted/Written: 08/06/2008 06:10:49 PM Event ID/Source: 11191 / DnsApi Event Description: The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter with settings: Adapter Name : {175D649A-F8CB-4995-A0BF-B1062C91EBA6} Host Name : landry2 Adapter-specific Domain Suffix : landrynetwork.local DNS server list : 192.168.1.104 Sent update to server : <?> IP Address : 192.1.1.1 The system could not remove these PTR RRs because because of a system problem. For specific error code, see the record data displayed below. Event Record #/Type3476 / Warning Event Submitted/Written: 08/06/2008 06:10:49 PM Event ID/Source: 11197 / DnsApi Event Description: The system failed to update and remove host (A) resource records (RRs) for network adapter with settings: Adapter Name : {175D649A-F8CB-4995-A0BF-B1062C91EBA6} Host Name : landry2 Primary Domain Suffix : landrynetwork.local DNS server list : 192.168.1.104 Sent update to server : 192.1.1.1 IP Address(es) : 192.168.1.105 The reason the update request failed was because of a system problem. For specific error code, see the record data displayed below. -- End of Deckard's System Scanner: finished at 2008-08-07 10:12:17 ------------ |
Gaming, hacks, bots, risk taking and serious infection. Not a new scenario here. Let's start some repairs.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Open Notepad (Start - Run, type notepad and press Enter). Code:
@ECHO OFF Be sure to include the "" quotes in the name. Then click on servstop.bat. A window will open briefly but nothing more to complete the changes. -------------------------------- Then you will want to print or have other access to a copy of the next steps, as some will be done without net access or in Safe Mode. Download SDFix.exe and save it to your desktop. Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now. ================================================== = Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script. Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here. ============================= After the reboot reconnect to net access and Download Malwarebytes' Anti-Malware from Here or Here. Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. ============================ Then still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK): "%userprofile%\desktop\dss.exe" /config When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following: System Restore Temp Cleanup Process Modules Then under Extra Log, uncheck all the boxes except this one: Security Center Don't make any other changes at this time. Then click the "Scan!" button to start the scan. Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder) Post that along with the Malwarebytes log and the SDFix report.txt log please. |
main.txt:
Deckard's System Scanner v20071014.68 Run by Mason on 2008-08-07 21:16:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 82% (more than 75%). -- HijackThis (run as Mason.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:16:23 PM, on 8/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\McAfee\MBK\MBackMonitor.exe F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe f:\program files\common files\mcafee\mna\mcnasvc.exe f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe F:\Program Files\McAfee\MPF\MPFSrv.exe F:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\IoctlSvc.exe F:\Program Files\SiteAdvisor\6261\SAService.exe F:\WINDOWS\System32\PAStiSvc.exe F:\WINDOWS\system32\svchost.exe f:\PROGRA~1\mcafee.com\agent\mcagent.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe F:\WINDOWS\system32\notepad.exe F:\WINDOWS\system32\wuauclt.exe F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe F:\Program Files\SiteAdvisor\6261\SiteAdv.exe F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\Program Files\Microsoft ActiveSync\wcescomm.exe F:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\PeerGuardian2\pg2.exe F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe F:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla FireFox\firefox.exe F:\WINDOWS\system32\NOTEPAD.EXE F:\Documents and Settings\Mason\desktop\dss.exe F:\PROGRA~1\TRENDM~1\HIJACK~1\Mason.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mason R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - f:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SiteAdvisor] "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] F:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McAfee Backup] F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] F:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AllToTray] F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE O4 - HKCU\..\Run: [Mini-XP] F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe O4 - Startup: Shortcut to BNUBot.lnk = Bot\BNUBot.exe O4 - Startup: Shortcut to l2uthless Ops.lnk = l2uthless_Ops\l2uthless Ops.exe O4 - Global Startup: Shortcut to pg2.lnk = C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://landryserver/connectcomputer/nshelp.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - F:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - F:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SiteAdvisor Service - Unknown owner - F:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe -- End of file - 10450 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 catchme - f:\docume~1\mason\locals~1\temp\catchme.sys (file missing) R3 pcouffin (VSO Software pcouffin) - f:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys S3 NetHook_ControlCenter (ArtOfPing ControlCenter) - f:\program files\pingfu iris\controlcenter.sys (file missing) S3 NetHook_Interceptor (ArtOfPing TDI Interceptor) - f:\program files\pingfu iris\interceptor.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service - "f:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 Nero BackItUp Scheduler 3 - c:\program files\nero 8\nero\nero8\nero backitup\nbservice.exe R2 PLFlash DeviceIoControl Service - f:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application> S? AFinding - S? perfmons - S? Routing - S? WServing - S4 msmsnkd (Microsoft Network Message Service) - f:\windows\system32\msmsn.exe (file missing) S4 NOBICYT (NOBICYT Service) - f:\windows\system32\nobicyt.exe |
contined from last post:
-- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8139/810x Family Fast Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8139/810x Family Fast Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98 Service: RTL8023xp -- Scheduled Tasks ------------------------------------------------------------- 2008-08-04 11:18:04 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-08-01 01:00:00 352 --a------ F:\WINDOWS\Tasks\McQcTask.job 2008-07-15 01:00:00 350 --a------ F:\WINDOWS\Tasks\McDefragTask.job -- Files created between 2008-07-07 and 2008-08-07 ----------------------------- 2008-08-07 21:01:50 0 d-------- F:\Documents and Settings\Mason\Application Data\Malwarebytes 2008-08-07 21:01:34 0 d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-07 21:01:33 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware 2008-08-07 20:38:02 0 d-------- F:\WINDOWS\ERUNT 2008-08-06 13:54:20 0 d-------- F:\Program Files\Trend Micro 2008-08-06 10:45:01 0 d-------- F:\Documents and Settings\Mason\.housecall6.6 2008-08-05 10:42:41 0 d-------- F:\Program Files\U5Me Operator 2008-08-05 08:50:17 0 d-------- F:\WINDOWS\pss 2008-08-03 09:11:46 0 d-------- F:\Program Files\LG Electronics 2008-08-01 16:38:05 61440 --a------ F:\WINDOWS\system32\msudf.exe 2008-08-01 13:43:53 0 d-------- F:\Documents and Settings\LocalService\Application Data\Macromedia 2008-08-01 13:43:52 0 d-------- F:\Documents and Settings\LocalService\Application Data\Adobe 2008-08-01 12:16:49 0 d-------- F:\Program Files\TallStick 2008-07-31 16:36:23 0 d-------- F:\Documents and Settings\All Users\Application Data\InstalledPackages 2008-07-31 16:36:16 0 d-------- F:\Documents and Settings\All Users\Application Data\SyncClient 2008-07-31 16:35:53 0 d-------- F:\Program Files\Wireless Sync 2008-07-27 15:47:44 0 d-------- F:\Documents and Settings\Mason\Application Data\ArtOfPing 2008-07-26 01:26:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Mozilla 2008-07-26 01:20:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\ArtOfPing 2008-07-26 01:19:28 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Macromedia 2008-07-26 01:19:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Adobe 2008-07-26 01:04:20 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\McAfee 2008-07-26 01:03:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Nero 2008-07-26 01:03:54 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\SiteAdvisor 2008-07-26 01:03:19 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Identities 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Templates 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Start Menu 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\SendTo 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Recent 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\PrintHood 2008-07-26 01:03:02 2359296 --ah----- F:\Documents and Settings\Mason.LANDRY2\ntuser.dat 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\NetHood 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\My Documents 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Local Settings 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Favorites 2008-07-26 01:03:02 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Desktop 2008-07-26 01:03:02 0 d--hs---- F:\Documents and Settings\Mason.LANDRY2\Cookies 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Application Data 2008-07-26 01:03:02 0 d---s---- F:\Documents and Settings\Mason.LANDRY2\Application Data\Microsoft 2008-07-25 13:00:33 0 d-------- F:\Documents and Settings\Mason\Application Data\Winamp 2008-07-23 09:54:06 0 d--hs---- F:\WINDOWS\ftpcache 2008-07-14 23:56:49 0 d-------- F:\Program Files\Microsoft ActiveSync 2008-07-14 22:37:03 0 d-------- F:\Program Files\Microsoft Silverlight 2008-07-14 14:07:17 0 d-------- F:\Program Files\Mozilla ActiveX Control v1.7.12 2008-07-14 11:53:08 0 d-------- F:\WINDOWS\system32\xlive 2008-07-14 11:48:02 0 d-------- F:\Program Files\Microsoft XNA 2008-07-14 11:36:03 0 d-------- F:\Program Files\iPod 2008-07-14 11:14:58 0 d-------- F:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-14 11:00:17 0 d-------- F:\WINDOWS\system32\FxsTmp 2008-07-14 10:53:42 2560 --a------ F:\WINDOWS\_MSRSTRT.EXE 2008-07-14 09:49:34 0 d-------- F:\Program Files\ElcomSoft 2008-07-13 23:26:50 0 d-------- F:\Documents and Settings\Mason\Application Data\WinRAR 2008-07-13 23:05:11 0 d-------- F:\Documents and Settings\LocalService\Application Data\McAfee 2008-07-13 23:04:27 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Application Data\Identities 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Templates 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Start Menu 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\SendTo 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Recent 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\PrintHood 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\NetHood 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\My Documents 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Local Settings 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Favorites 2008-07-13 23:03:13 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Desktop 2008-07-13 23:03:13 0 d--hs---- F:\Documents and Settings\__sbs_netsetup__\Cookies 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Application Data 2008-07-13 23:03:13 0 d---s---- F:\Documents and Settings\__sbs_netsetup__\Application Data\Microsoft 2008-07-13 23:03:12 2097152 --ah----- F:\Documents and Settings\__sbs_netsetup__\ntuser.dat 2008-07-13 22:32:58 0 d-------- F:\WINDOWS\SchCache 2008-07-13 20:59:28 0 d-------- F:\Program Files\Microsoft.NET 2008-07-13 20:58:51 0 d-------- F:\Program Files\Common Files\Merge Modules 2008-07-13 20:58:50 0 d-------- F:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-13 20:57:14 0 d-------- F:\Program Files\Microsoft SDKs 2008-07-13 20:22:48 0 d-------- F:\Program Files\MSBuild 2008-07-13 20:22:39 0 d-------- F:\WINDOWS\system32\XPSViewer 2008-07-13 20:22:31 0 d-------- F:\Program Files\Reference Assemblies 2008-07-13 20:16:11 0 d-------- F:\Program Files\MSXML 6.0 2008-07-13 18:11:16 0 d-------- F:\Documents and Settings\All Users\Application Data\vsosdk 2008-07-13 13:37:51 0 d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-13 13:28:04 0 d-------- F:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-07-13 13:28:02 0 d-------- F:\Program Files\DVD Shrink 2008-07-13 13:27:11 47360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-07-13 13:27:11 0 d-------- F:\Documents and Settings\Mason\Application Data\Vso 2008-07-13 13:27:11 47360 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-07-13 13:26:59 0 d-------- F:\Program Files\DVDFab 5 2008-07-13 11:49:05 0 d-------- F:\Documents and Settings\Mason\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1 2008-07-13 00:25:13 0 --a------ F:\WINDOWS\nsreg.dat 2008-07-13 00:25:03 0 d-------- F:\Documents and Settings\Mason\Application Data\Mozilla 2008-07-12 19:03:11 0 d-------- F:\Program Files\OpenOffice.org 2.4 2008-07-12 18:16:44 0 d-------- F:\Documents and Settings\Mason\Application Data\OpenOffice.org2 2008-07-12 13:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-07-12 10:26:34 0 d-------- F:\Program Files\Common Files\Adobe AIR 2008-07-12 10:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe 2008-07-12 10:24:59 0 d-------- F:\Program Files\Common Files\Adobe 2008-07-12 10:22:13 0 d-------- F:\Documents and Settings\All Users\Application Data\NOS 2008-07-12 10:22:11 0 d-------- F:\Program Files\NOS 2008-07-11 22:21:07 768 --a------ F:\WINDOWS\system32\d3d8caps.dat 2008-07-11 16:26:17 0 d-------- F:\Program Files\Chat4Support Operator 2008-07-10 19:05:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Actual Tools 2008-07-10 17:55:44 0 d-------- F:\Program Files\AllToTray 2008-07-09 23:03:13 0 d-------- F:\Program Files\Boldcenter 2008-07-09 14:09:00 0 d-------- F:\Program Files\StealthBot 2008-07-08 14:54:38 0 d-------- F:\Documents and Settings\Mason\Application Data\FileZilla 2008-07-08 14:53:55 0 d-------- F:\Program Files\FileZilla FTP Client 2008-07-08 14:32:38 0 d-------- F:\Documents and Settings\All Users\Application Data\TEMP 2008-07-08 14:32:33 0 d--h----- F:\Documents and Settings\Mason\Application Data\IFLTemp 2008-07-08 14:32:21 0 d-------- F:\Program Files\IncrediFlash Intro and Banner Studio 1.2 2008-07-08 13:05:23 131584 --a------ F:\WINDOWS\system32\SpoonUninstall.exe 2008-07-08 09:16:40 0 d-------- F:\Program Files\SourceTec 2008-07-08 09:15:51 177 --a------ F:\DelUS.bat 2008-07-08 08:30:56 0 d-------- F:\Program Files\Common Files\Macromedia Shared 2008-07-08 08:29:30 0 d-------- F:\Documents and Settings\All Users\Application Data\Macromedia 2008-07-08 08:28:15 0 d-------- F:\Program Files\Macromedia 2008-07-07 18:39:12 23 --a------ F:\Documents and Settings\Mason\jagex_runescape_preferences.dat 2008-07-07 18:38:52 0 d-------- F:\WINDOWS\Sun 2008-07-07 18:38:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Sun 2008-07-07 18:37:50 0 d-------- F:\Program Files\Java 2008-07-07 18:37:00 0 d-------- F:\Program Files\Common Files\Java 2008-07-07 12:44:01 0 d-------- F:\Program Files\Common Files\Blizzard Entertainment 2008-07-07 10:00:52 0 d-------- F:\Program Files\Windows Media Connect 2 2008-07-07 09:57:07 0 d-------- F:\WINDOWS\system32\LogFiles 2008-07-07 09:57:07 0 d-------- F:\WINDOWS\system32\drivers\UMDF -- Find3M Report --------------------------------------------------------------- 2008-08-07 13:17:23 0 d-------- F:\Documents and Settings\Mason\Application Data\uTorrent 2008-08-04 13:40:12 0 d-------- F:\Program Files\McAfee 2008-08-03 10:18:08 0 d--h----- F:\Program Files\InstallShield Installation Information 2008-08-03 10:12:51 2528 --a------ F:\Documents and Settings\Mason\Application Data\$_hpcst$.hpc 2008-08-03 09:22:49 0 d-------- F:\Documents and Settings\Mason\Application Data\Apple Computer 2008-07-25 19:14:46 664 --a------ F:\WINDOWS\system32\d3d9caps.dat 2008-07-13 23:57:39 0 d-------- F:\Program Files\Common Files 2008-07-13 17:01:20 0 d-------- F:\Documents and Settings\Mason\Application Data\Adobe 2008-07-13 13:30:34 0 d-------- F:\Program Files\Apple Software Update 2008-07-13 13:27:24 34 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.log 2008-07-13 13:27:11 1144 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.inf 2008-07-13 13:27:11 7887 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.cat 2008-07-08 08:31:52 0 d-------- F:\Documents and Settings\Mason\Application Data\Macromedia 2008-07-06 22:14:41 0 d-------- F:\Program Files\Bonjour 2008-07-06 22:14:29 0 d-------- F:\Program Files\QuickTime 2008-07-06 22:12:48 0 d-------- F:\Program Files\Common Files\Apple 2008-07-06 22:03:44 0 d-------- F:\Program Files\Common Files\PCCamera 2008-07-06 22:03:43 0 d-------- F:\Program Files\PC VGA Camera 2008-07-06 21:57:25 0 d-------- F:\Program Files\Microsoft IntelliPoint 2008-07-06 21:56:30 0 d-------- F:\Program Files\Microsoft IntelliType Pro 2008-07-06 21:36:54 0 d-------- F:\Program Files\MSXML 4.0 2008-07-06 20:53:56 0 d-------- F:\Documents and Settings\Mason\Application Data\McAfee 2008-07-06 19:48:39 0 d-------- F:\Program Files\Windows Live 2008-07-06 19:46:52 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller 2008-07-06 17:14:16 0 d-------- F:\Program Files\SiteAdvisor 2008-07-06 17:13:49 0 d-------- F:\Program Files\Common Files\McAfee 2008-07-06 17:13:26 0 d-------- F:\Documents and Settings\Mason\Application Data\SiteAdvisor 2008-07-03 17:52:10 0 d-------- F:\Program Files\McAfee.com 2008-07-03 11:18:15 0 d-------- F:\Program Files\uTorrent 2008-06-26 15:07:12 0 d-------- F:\Documents and Settings\Mason\Application Data\Ahead 2008-06-26 14:08:08 0 d-------- F:\Program Files\NeroInstall.bak 2008-06-26 14:06:14 0 d-------- F:\Documents and Settings\Mason\Application Data\Nero 2008-06-26 14:04:41 0 d-------- F:\Program Files\Common Files\Nero 2008-06-25 20:48:10 0 d-------- F:\Documents and Settings\Mason\Application Data\Identities 2008-06-25 20:25:49 0 d-------- F:\Program Files\Wal-Mart Music Downloads Store 2008-06-25 20:25:41 0 d-------- F:\Program Files\Common Files\InstallShield 2008-06-25 19:35:31 0 d-------- F:\Program Files\VIA 2008-06-25 19:34:23 0 d-------- F:\Program Files\Realtek Sound Manager 2008-06-25 19:34:23 0 d-------- F:\Program Files\AvRack 2008-06-25 19:33:22 0 d-------- F:\Program Files\AMD 2008-06-25 19:11:35 0 d-------- F:\Program Files\TechTracker 2008-06-25 18:33:57 0 d-------- F:\Program Files\Realtek 2008-06-25 18:33:50 315392 --a------ F:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-06-25 18:28:14 0 d-------- F:\Program Files\SystemRequirementsLab 2008-06-25 17:52:57 0 d-------- F:\Program Files\Messenger 2008-06-25 17:17:44 0 d-------- F:\Program Files\Microsoft Windows Small Business Server 2008-06-25 16:32:34 0 d-------- F:\Program Files\microsoft frontpage 2008-06-25 16:29:54 0 d--h----- F:\Program Files\WindowsUpdate 2008-06-25 16:29:48 0 d-------- F:\Program Files\Online Services 2008-06-25 16:28:57 0 d-------- F:\Program Files\Common Files\MSSoap 2008-06-25 16:28:48 0 d-------- F:\Program Files\Movie Maker 2008-06-25 16:27:49 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat 2008-06-25 16:26:56 0 d-------- F:\Program Files\MSN Gaming Zone 2008-06-25 16:26:47 0 d-------- F:\Program Files\Windows NT 2008-06-25 10:14:41 0 d-------- F:\Program Files\Common Files\ODBC 2008-06-25 10:14:38 0 d-------- F:\Program Files\Common Files\SpeechEngines 2008-06-25 10:14:09 62 --ahs---- F:\Documents and Settings\Mason\Application Data\desktop.ini 2008-05-16 14:01:00 1630208 --a------ F:\WINDOWS\system32\nwiz.exe 2008-05-16 14:01:00 1019904 --a------ F:\WINDOWS\system32\nvwimg.dll 2008-05-16 14:01:00 1703936 --a------ F:\WINDOWS\system32\nvwdmcpl.dll 2008-05-16 14:01:00 466944 --a------ F:\WINDOWS\system32\nvshell.dll 2008-05-16 14:01:00 1486848 --a------ F:\WINDOWS\system32\nview.dll 2008-05-16 14:01:00 1339392 --a------ F:\WINDOWS\system32\nvdspsch.exe 2008-05-16 14:01:00 442368 --a------ F:\WINDOWS\system32\nvappbar.exe 2008-05-16 14:01:00 425984 --a------ F:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] 06/11/2008 10:33 PM 75128 --a------ F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] 11/26/2007 10:46 AM 324936 --a------ f:\PROGRA~1\mcafee\msk\mcapbho.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM] "nwiz"="nwiz.exe" [05/16/2008 02:01 PM F:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="F:\WINDOWS\system32\NvMcTray. dll" [05/16/2008 02:01 PM] "SoundMan"="SOUNDMAN.EXE" [11/15/2004 04:20 AM F:\WINDOWS\SOUNDMAN.EXE] "ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM] "NeroFilterCheck"="F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM] |
Continued from last post:
"NBKeyScan"="C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM] "SiteAdvisor"="F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 05:12 PM] "McENUI"="F:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM] "mcagent_exe"="F:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM] "McAfee Backup"="F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM] "MBkLogOnHook"="F:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM] "itype"="F:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 07:08 PM] "IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 05:52 PM] "QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM] "SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM] "Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM] "AppleSyncNotifier"="F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM] "MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM] "AllToTray"="F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE " [] "Mini-XP"="F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe" [] "Vidalia"="F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [] "H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM] "WinMinimizer"="E:\WMinimizer\WindowMinimizer. exe" [] F:\Documents and Settings\Mason\Start Menu\Programs\Startup\ Shortcut to BNUBot.lnk - F:\Documents and Settings\Mason\My Documents\Bot\BNUBot.exe [7/10/2008 12:18:21 AM] Shortcut to l2uthless Ops.lnk - F:\Documents and Settings\Mason\My Documents\l2uthless_Ops\l2uthless Ops.exe [3/16/2008 9:55:32 PM] F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Shortcut to pg2.lnk - C:\Program Files\PeerGuardian2\pg2.exe [1/12/2007 8:23:44 PM] VIA RAID TOOL.lnk - F:\Program Files\VIA\RAID\raid_tool.exe [6/25/2008 7:35:32 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoWelcomeScreen"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" *Newly Created Service* - PGFILTER -- End of Deckard's System Scanner: finished at 2008-08-07 21:17:32 ------------ |
extra.txt:
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: McAfee Personal Firewall v (McAfee) AV: McAfee VirusScan v (McAfee) [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup" "F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "F:\\Games\\Call of Duty 2\\CoD2MP_s.exe"="F:\\Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WIN DOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup" "F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:Orb" "F:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="F:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb Application" "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" -- End of Deckard's System Scanner: finished at 2008-08-07 21:17:32 ------------ |
Report.txt from SDFix:
SDFix: Version 1.214 Run by Mason on Thu 08/07/2008 at 08:40 PM Microsoft Windows XP [Version 5.1.2600] Running From: F:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: F:\WINDOWS\system32\comsa32.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-07 20:52:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WIN DOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent" "F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup" "F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:Orb" "F:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="F:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb Application" "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup" "F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "F:\\Games\\Call of Duty 2\\CoD2MP_s.exe"="F:\\Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" Remaining Files : File Backups: - F:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 21 Jul 2008 20,487 A.SHR --- "F:\Program Files\McAfee\MQC\MRU.bak" Mon 21 Jul 2008 265 A.SHR --- "F:\Program Files\McAfee\MQC\qcconf.bak" Mon 7 Jul 2008 0 A.SH. --- "F:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 16 Jul 2008 0 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\0d3b5d19 cc06db007bbe6584808bfa9e\BIT4.tmp" Wed 25 Jun 2008 0 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\f7db876e 78b88fd8276fd7d29cb7e4eb\BIT1.tmp" Mon 13 Dec 2004 295,812 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\080070f6 461c8001578e5e4cd4bb024b\download\BITA4.tmp" Fri 22 Sep 2006 279,513 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\f040a43a 7788e207ef67f26bf9f0471f\download\BIT8F.tmp" Finished! |
Malwarebytes' log:
Malwarebytes' Anti-Malware 1.24 Database version: 1032 Windows 5.1.2600 Service Pack 2 9:13:56 PM 8/7/2008 mbam-log-8-7-2008 (21-13-56).txt Scan type: Quick Scan Objects scanned: 51185 Time elapsed: 10 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AFinding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Routing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WServing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\a finding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\a finding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w serving (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\w serving (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r outing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\r outing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: F:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Quarantined and deleted successfully. F:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Quarantined and deleted successfully. F:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
It did not remove tcexfst.sys (this one plays random sounds), and it did not remove atsxyzd.sys and msudf.exe and nobicyt.exe and sytsyctd.sys . Please tell me if any of these arent viruses.
Thanks In Advance!! |
Yes, a few holdouts we still need to address. Unfortunately particular scans only show particular views, so we'll need to add some others here for the files you just mentioned. Since they do not all show in the logs so far, post back the exact locations of those files (such as xxxx.sys is C:\Windows\System32\Drivers\xxxx.sys).
Download gmer.zip from here. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder. When you have done this, doubleclick on Gmer.exe to run it. Under the Rootkit/Malware tab look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ---------------------------- Also Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread. |
All times are GMT +1. The time now is 02:31 PM. |
Copyright © Cyber Tech Help. All rights reserved. All other trademarks are the property of their respective owners.