Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old August 7th, 2008, 01:37 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Unknown problem: afinding.exe, nobicyst.exe, perfs.exe, routing.exe, wserving.exe

I recently found these files on my computer afinding.exe, nobicyst.exe, perfs.exe, routing.exe, wserving.exe i have blocked some of them from accessing the internet. Here is the scan results from Hijack this by trend micro:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:46 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\afinding.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\McAfee\MBK\MBackMonitor.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
F:\WINDOWS\system32\Nobicyt.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\IoctlSvc.exe
F:\WINDOWS\system32\routing.exe
F:\Program Files\SiteAdvisor\6261\SAService.exe
F:\WINDOWS\System32\PAStiSvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\wserving.exe
F:\WINDOWS\Explorer.EXE
f:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\SiteAdvisor\6261\SiteAdv.exe
F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\OUTLOO~2\OFFICE11\OUTLOOK.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla FireFox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - f:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] F:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] F:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AllToTray] F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE
O4 - HKCU\..\Run: [Mini-XP] F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe
O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe
O4 - Startup: Shortcut to BNUBot.lnk = Bot\BNUBot.exe
O4 - Startup: Shortcut to l2uthless Ops.lnk = l2uthless_Ops\l2uthless Ops.exe
O4 - Global Startup: Shortcut to pg2.lnk = C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://landryserver/connectcomputer/nshelp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://landryserver/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local
O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local
O23 - Service: AFinding Service (AFinding) - Unknown owner - F:\WINDOWS\system32\afinding.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - F:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - F:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - F:\WINDOWS\system32\msmsn.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - F:\WINDOWS\system32\Nobicyt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - F:\WINDOWS\system32\routing.exe
O23 - Service: SiteAdvisor Service - Unknown owner - F:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WServing Service (WServing) - Unknown owner - F:\WINDOWS\system32\wserving.exe

--
End of file - 11332 bytes



Please help!

Thanks In Advance!!!!!!
Reply With Quote


  #2  
Old August 7th, 2008, 05:47 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,255
Hello skiniemini,

Good, you started your own thread and now we can start checking things there. Yes, infection is showing here, so let's get more details and then start repairs from those.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

You can use extra posts here if needed for that.
Reply With Quote
  #3  
Old August 7th, 2008, 06:55 PM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Main.txt:

Deckard's System Scanner v20071014.68
Run by mason on 2008-08-07 10:09:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.



-- HijackThis (run as mason.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:17 AM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\afinding.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\McAfee\MBK\MBackMonitor.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
F:\WINDOWS\system32\Nobicyt.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\IoctlSvc.exe
F:\WINDOWS\system32\routing.exe
F:\Program Files\SiteAdvisor\6261\SAService.exe
F:\WINDOWS\System32\PAStiSvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\wserving.exe
F:\WINDOWS\Explorer.EXE
f:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\SiteAdvisor\6261\SiteAdv.exe
F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\WINDOWS\system32\wuauclt.exe
f:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\Documents and Settings\Mason\My Documents\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\mason.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mason
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - f:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] F:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] F:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AllToTray] F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE
O4 - HKCU\..\Run: [Mini-XP] F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe
O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe
O4 - Startup: Shortcut to BNUBot.lnk = Bot\BNUBot.exe
O4 - Startup: Shortcut to l2uthless Ops.lnk = l2uthless_Ops\l2uthless Ops.exe
O4 - Global Startup: Shortcut to pg2.lnk = C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://landryserver/connectcomputer/nshelp.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local
O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local
O23 - Service: AFinding Service (AFinding) - Unknown owner - F:\WINDOWS\system32\afinding.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - F:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - F:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - F:\WINDOWS\system32\msmsn.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - F:\WINDOWS\system32\Nobicyt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - F:\WINDOWS\system32\routing.exe
O23 - Service: SiteAdvisor Service - Unknown owner - F:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WServing Service (WServing) - Unknown owner - F:\WINDOWS\system32\wserving.exe

--
End of file - 10916 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - f:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 NetHook_ControlCenter (ArtOfPing ControlCenter) - f:\program files\pingfu iris\controlcenter.sys (file missing)
S3 NetHook_Interceptor (ArtOfPing TDI Interceptor) - f:\program files\pingfu iris\interceptor.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AFinding (AFinding Service) - f:\windows\system32\afinding.exe
R2 Bonjour Service - "f:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero 8\nero\nero8\nero backitup\nbservice.exe
R2 NOBICYT (NOBICYT Service) - f:\windows\system32\nobicyt.exe
R2 PLFlash DeviceIoControl Service - f:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 Routing (Routing Service) - f:\windows\system32\routing.exe
R2 WServing (WServing Service) - f:\windows\system32\wserving.exe

S2 msmsnkd (Microsoft Network Message Service) - f:\windows\system32\msmsn.exe (file missing)
S4 perfmons - f:\windows\system32\perfs.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98
Service: RTL8023xp


-- Scheduled Tasks -------------------------------------------------------------

2008-08-04 11:18:04 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-01 01:00:00 352 --a------ F:\WINDOWS\Tasks\McQcTask.job
2008-07-15 01:00:00 350 --a------ F:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-06 13:54:20 0 d-------- F:\Program Files\Trend Micro
2008-08-06 10:45:01 0 d-------- F:\Documents and Settings\Mason\.housecall6.6 <HOUSEC~1.6>
2008-08-05 10:42:41 0 d-------- F:\Program Files\U5Me Operator
2008-08-05 08:50:17 0 d-------- F:\WINDOWS\pss
2008-08-03 09:11:46 0 d-------- F:\Program Files\LG Electronics
2008-08-01 16:38:05 61440 --a------ F:\WINDOWS\system32\msudf.exe
2008-08-01 13:43:53 0 d-------- F:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-01 13:43:52 0 d-------- F:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-01 12:16:49 0 d-------- F:\Program Files\TallStick
2008-07-31 16:36:23 0 d-------- F:\Documents and Settings\All Users\Application Data\InstalledPackages
2008-07-31 16:36:16 0 d-------- F:\Documents and Settings\All Users\Application Data\SyncClient
2008-07-31 16:35:53 0 d-------- F:\Program Files\Wireless Sync
2008-07-27 15:47:44 0 d-------- F:\Documents and Settings\Mason\Application Data\ArtOfPing
2008-07-26 01:26:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Mozilla
2008-07-26 01:20:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\ArtOfPing
2008-07-26 01:19:28 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Macromedia
2008-07-26 01:19:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Adobe
2008-07-26 01:04:20 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\McAfee
2008-07-26 01:03:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Nero
2008-07-26 01:03:54 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\SiteAdvisor
2008-07-26 01:03:19 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Identities
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Templates <TEMPLA~1>
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Start Menu <STARTM~1>
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\SendTo
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Recent
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\PrintHood <PRINTH~1>
2008-07-26 01:03:02 2359296 --ah----- F:\Documents and Settings\Mason.LANDRY2\ntuser.dat
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\NetHood
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\My Documents <MYDOCU~1>
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Local Settings <LOCALS~1>
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Favorites <FAVORI~1>
2008-07-26 01:03:02 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Desktop
2008-07-26 01:03:02 0 d--hs---- F:\Documents and Settings\Mason.LANDRY2\Cookies
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Application Data <APPLIC~1>
2008-07-26 01:03:02 0 d---s---- F:\Documents and Settings\Mason.LANDRY2\Application Data\Microsoft
2008-07-25 13:00:33 0 d-------- F:\Documents and Settings\Mason\Application Data\Winamp
2008-07-23 09:54:06 0 d--hs---- F:\WINDOWS\ftpcache
2008-07-14 23:56:49 0 d-------- F:\Program Files\Microsoft ActiveSync
2008-07-14 22:37:03 0 d-------- F:\Program Files\Microsoft Silverlight
2008-07-14 14:07:17 0 d-------- F:\Program Files\Mozilla ActiveX Control v1.7.12
2008-07-14 11:53:08 0 d-------- F:\WINDOWS\system32\xlive
2008-07-14 11:48:02 0 d-------- F:\Program Files\Microsoft XNA
2008-07-14 11:36:03 0 d-------- F:\Program Files\iPod
2008-07-14 11:14:58 0 d-------- F:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-14 11:00:17 0 d-------- F:\WINDOWS\system32\FxsTmp
2008-07-14 10:53:42 2560 --a------ F:\WINDOWS\_MSRSTRT.EXE
2008-07-14 09:49:34 0 d-------- F:\Program Files\ElcomSoft

See Next Post
Reply With Quote
  #4  
Old August 7th, 2008, 06:56 PM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Continued from last post:

2008-07-13 23:26:50 0 d-------- F:\Documents and Settings\Mason\Application Data\WinRAR
2008-07-13 23:05:11 0 d-------- F:\Documents and Settings\LocalService\Application Data\McAfee
2008-07-13 23:04:27 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Application Data\Identities
2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Templates <TEMPLA~1>
2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Start Menu <STARTM~1>
2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\SendTo
2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Recent
2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\PrintHood <PRINTH~1>
2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\NetHood
2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\My Documents <MYDOCU~1>
2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Local Settings <LOCALS~1>
2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Favorites <FAVORI~1>
2008-07-13 23:03:13 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Desktop
2008-07-13 23:03:13 0 d--hs---- F:\Documents and Settings\__sbs_netsetup__\Cookies
2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Application Data <APPLIC~1>
2008-07-13 23:03:13 0 d---s---- F:\Documents and Settings\__sbs_netsetup__\Application Data\Microsoft
2008-07-13 23:03:12 2097152 --ah----- F:\Documents and Settings\__sbs_netsetup__\ntuser.dat
2008-07-13 22:32:58 0 d-------- F:\WINDOWS\SchCache
2008-07-13 20:59:28 0 d-------- F:\Program Files\Microsoft.NET
2008-07-13 20:58:51 0 d-------- F:\Program Files\Common Files\Merge Modules
2008-07-13 20:58:50 0 d-------- F:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-13 20:57:14 0 d-------- F:\Program Files\Microsoft SDKs
2008-07-13 20:22:48 0 d-------- F:\Program Files\MSBuild
2008-07-13 20:22:39 0 d-------- F:\WINDOWS\system32\XPSViewer
2008-07-13 20:22:31 0 d-------- F:\Program Files\Reference Assemblies
2008-07-13 20:16:11 0 d-------- F:\Program Files\MSXML 6.0
2008-07-13 18:11:16 0 d-------- F:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-13 13:37:51 0 d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-13 13:28:04 0 d-------- F:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-13 13:28:02 0 d-------- F:\Program Files\DVD Shrink
2008-07-13 13:27:11 47360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-13 13:27:11 0 d-------- F:\Documents and Settings\Mason\Application Data\Vso
2008-07-13 13:27:11 47360 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-13 13:26:59 0 d-------- F:\Program Files\DVDFab 5
2008-07-13 11:49:05 0 d-------- F:\Documents and Settings\Mason\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1
2008-07-13 00:25:13 0 --a------ F:\WINDOWS\nsreg.dat
2008-07-13 00:25:03 0 d-------- F:\Documents and Settings\Mason\Application Data\Mozilla
2008-07-12 19:03:11 0 d-------- F:\Program Files\OpenOffice.org 2.4
2008-07-12 18:16:44 0 d-------- F:\Documents and Settings\Mason\Application Data\OpenOffice.org2
2008-07-12 13:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-12 10:26:34 0 d-------- F:\Program Files\Common Files\Adobe AIR
2008-07-12 10:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2008-07-12 10:24:59 0 d-------- F:\Program Files\Common Files\Adobe
2008-07-12 10:22:13 0 d-------- F:\Documents and Settings\All Users\Application Data\NOS
2008-07-12 10:22:11 0 d-------- F:\Program Files\NOS
2008-07-11 22:21:07 768 --a------ F:\WINDOWS\system32\d3d8caps.dat
2008-07-11 16:26:17 0 d-------- F:\Program Files\Chat4Support Operator
2008-07-10 19:05:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Actual Tools
2008-07-10 17:55:44 0 d-------- F:\Program Files\AllToTray
2008-07-09 23:03:13 0 d-------- F:\Program Files\Boldcenter
2008-07-09 14:09:00 0 d-------- F:\Program Files\StealthBot
2008-07-08 14:54:38 0 d-------- F:\Documents and Settings\Mason\Application Data\FileZilla
2008-07-08 14:53:55 0 d-------- F:\Program Files\FileZilla FTP Client
2008-07-08 14:32:38 0 d-------- F:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 14:32:33 0 d--h----- F:\Documents and Settings\Mason\Application Data\IFLTemp
2008-07-08 14:32:21 0 d-------- F:\Program Files\IncrediFlash Intro and Banner Studio 1.2
2008-07-08 13:05:23 131584 --a------ F:\WINDOWS\system32\SpoonUninstall.exe
2008-07-08 09:16:40 0 d-------- F:\Program Files\SourceTec
2008-07-08 09:15:51 177 --a------ F:\DelUS.bat
2008-07-08 08:30:56 0 d-------- F:\Program Files\Common Files\Macromedia Shared
2008-07-08 08:29:30 0 d-------- F:\Documents and Settings\All Users\Application Data\Macromedia
2008-07-08 08:28:15 0 d-------- F:\Program Files\Macromedia
2008-07-07 18:39:12 23 --a------ F:\Documents and Settings\Mason\jagex_runescape_preferences.dat <JAGEX_~1.DAT>
2008-07-07 18:38:52 0 d-------- F:\WINDOWS\Sun
2008-07-07 18:38:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Sun
2008-07-07 18:37:50 0 d-------- F:\Program Files\Java
2008-07-07 18:37:00 0 d-------- F:\Program Files\Common Files\Java
2008-07-07 12:44:01 0 d-------- F:\Program Files\Common Files\Blizzard Entertainment
2008-07-07 10:00:52 0 d-------- F:\Program Files\Windows Media Connect 2
2008-07-07 09:57:07 0 d-------- F:\WINDOWS\system32\LogFiles
2008-07-07 09:57:07 0 d-------- F:\WINDOWS\system32\drivers\UMDF


-- Find3M Report ---------------------------------------------------------------

2008-08-06 10:36:21 0 d-------- F:\Documents and Settings\Mason\Application Data\uTorrent
2008-08-04 13:40:12 0 d-------- F:\Program Files\McAfee
2008-08-03 10:18:08 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-08-03 10:12:51 2528 --a------ F:\Documents and Settings\Mason\Application Data\$_hpcst$.hpc
2008-08-03 09:22:49 0 d-------- F:\Documents and Settings\Mason\Application Data\Apple Computer
2008-07-25 19:14:46 664 --a------ F:\WINDOWS\system32\d3d9caps.dat
2008-07-13 23:57:39 0 d-------- F:\Program Files\Common Files
2008-07-13 17:01:20 0 d-------- F:\Documents and Settings\Mason\Application Data\Adobe
2008-07-13 13:30:34 0 d-------- F:\Program Files\Apple Software Update
2008-07-13 13:27:24 34 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.log
2008-07-13 13:27:11 1144 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.inf
2008-07-13 13:27:11 7887 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.cat
2008-07-08 08:31:52 0 d-------- F:\Documents and Settings\Mason\Application Data\Macromedia
2008-07-06 22:14:41 0 d-------- F:\Program Files\Bonjour
2008-07-06 22:14:29 0 d-------- F:\Program Files\QuickTime
2008-07-06 22:12:48 0 d-------- F:\Program Files\Common Files\Apple
2008-07-06 22:03:44 0 d-------- F:\Program Files\Common Files\PCCamera
2008-07-06 22:03:43 0 d-------- F:\Program Files\PC VGA Camera
2008-07-06 21:57:25 0 d-------- F:\Program Files\Microsoft IntelliPoint
2008-07-06 21:56:30 0 d-------- F:\Program Files\Microsoft IntelliType Pro
2008-07-06 21:36:54 0 d-------- F:\Program Files\MSXML 4.0
2008-07-06 20:53:56 0 d-------- F:\Documents and Settings\Mason\Application Data\McAfee
2008-07-06 19:48:39 0 d-------- F:\Program Files\Windows Live
2008-07-06 19:46:52 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 17:14:16 0 d-------- F:\Program Files\SiteAdvisor
2008-07-06 17:13:49 0 d-------- F:\Program Files\Common Files\McAfee
2008-07-06 17:13:26 0 d-------- F:\Documents and Settings\Mason\Application Data\SiteAdvisor
2008-07-03 17:52:10 0 d-------- F:\Program Files\McAfee.com
2008-07-03 11:18:15 0 d-------- F:\Program Files\uTorrent
2008-06-26 15:07:12 0 d-------- F:\Documents and Settings\Mason\Application Data\Ahead
2008-06-26 14:08:08 0 d-------- F:\Program Files\NeroInstall.bak
2008-06-26 14:06:14 0 d-------- F:\Documents and Settings\Mason\Application Data\Nero
2008-06-26 14:04:41 0 d-------- F:\Program Files\Common Files\Nero
2008-06-25 20:48:10 0 d-------- F:\Documents and Settings\Mason\Application Data\Identities
2008-06-25 20:25:49 0 d-------- F:\Program Files\Wal-Mart Music Downloads Store
2008-06-25 20:25:41 0 d-------- F:\Program Files\Common Files\InstallShield
2008-06-25 19:35:31 0 d-------- F:\Program Files\VIA
2008-06-25 19:34:23 0 d-------- F:\Program Files\Realtek Sound Manager
2008-06-25 19:34:23 0 d-------- F:\Program Files\AvRack
2008-06-25 19:33:22 0 d-------- F:\Program Files\AMD
2008-06-25 19:11:35 0 d-------- F:\Program Files\TechTracker
2008-06-25 18:33:57 0 d-------- F:\Program Files\Realtek
2008-06-25 18:33:50 315392 --a------ F:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-25 18:28:14 0 d-------- F:\Program Files\SystemRequirementsLab
2008-06-25 17:52:57 0 d-------- F:\Program Files\Messenger
2008-06-25 17:17:44 0 d-------- F:\Program Files\Microsoft Windows Small Business Server
2008-06-25 16:32:34 0 d-------- F:\Program Files\microsoft frontpage
2008-06-25 16:29:54 0 d--h----- F:\Program Files\WindowsUpdate
2008-06-25 16:29:48 0 d-------- F:\Program Files\Online Services
2008-06-25 16:28:57 0 d-------- F:\Program Files\Common Files\MSSoap
2008-06-25 16:28:48 0 d-------- F:\Program Files\Movie Maker
2008-06-25 16:27:49 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat
2008-06-25 16:26:56 0 d-------- F:\Program Files\MSN Gaming Zone
2008-06-25 16:26:47 0 d-------- F:\Program Files\Windows NT
2008-06-25 10:14:41 0 d-------- F:\Program Files\Common Files\ODBC
2008-06-25 10:14:38 0 d-------- F:\Program Files\Common Files\SpeechEngines
2008-06-25 10:14:09 62 --ahs---- F:\Documents and Settings\Mason\Application Data\desktop.ini
2008-05-16 14:01:00 1630208 --a------ F:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ F:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ F:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ F:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ F:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ F:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ F:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ F:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ f:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM F:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray. dll" [05/16/2008 02:01 PM]
"SoundMan"="SOUNDMAN.EXE" [11/15/2004 04:20 AM F:\WINDOWS\SOUNDMAN.EXE]
"ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"NeroFilterCheck"="F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"SiteAdvisor"="F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 05:12 PM]
"McENUI"="F:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"mcagent_exe"="F:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"McAfee Backup"="F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="F:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"itype"="F:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 07:08 PM]
"IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 05:52 PM]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"AppleSyncNotifier"="F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"AllToTray"="F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE " []
"Mini-XP"="F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe" []
"Vidalia"="F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" []
"H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"WinMinimizer"="E:\WMinimizer\WindowMinimizer. exe" []

F:\Documents and Settings\Mason\Start Menu\Programs\Startup\
Shortcut to BNUBot.lnk - F:\Documents and Settings\Mason\My Documents\Bot\BNUBot.exe [7/10/2008 12:18:21 AM]
Shortcut to l2uthless Ops.lnk - F:\Documents and Settings\Mason\My Documents\l2uthless_Ops\l2uthless Ops.exe [3/16/2008 9:55:32 PM]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to pg2.lnk - C:\Program Files\PeerGuardian2\pg2.exe [1/12/2007 8:23:44 PM]
VIA RAID TOOL.lnk - F:\Program Files\VIA\RAID\raid_tool.exe [6/25/2008 7:35:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

*Newly Created Service* - PGFILTER



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-07 10:12:17 ------------
Reply With Quote
  #5  
Old August 7th, 2008, 06:57 PM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) Processor 2600+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 511.49 MiB / 157.5 MiB
Pagefile Memory (total/avail): 1246.61 MiB / 657.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.35 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 151.86 GiB total, 47.13 GiB free.
D: is Fixed (FAT32) - 4.01 GiB total, 0.53 GiB free.
F: is Fixed (NTFS) - 38.06 GiB total, 8.71 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L200P0 - 189.92 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 151.86 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.06 GiB - F:

\\.\PHYSICALDRIVE1 - ST34310A - 4.01 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 4.01 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Games\\Call of Duty 2\\CoD2MP_s.exe"="F:\\Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WIN DOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup"
"F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:Orb"
"F:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="F:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb Application"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Mason\Application Data
BLASTER=A220 I5 D1 P330
CLASSPATH=.;F:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=LANDRY2
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Mason
LOGONSERVER=\\LANDRYSERVER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\Sys tem32\Wbem;F:\Program Files\QuickTime\QTSystem\;;C:\UPS\Common\SuppAsst\ lib;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1c00
ProgramFiles=F:\Program Files
PROMPT=$P$G
QTJAVA=F:\Program Files\QuickTime\QTSystem\QTJava.zip
SBSSERVER=LANDRYSERVER
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Mason\LOCALS~1\Temp
TMP=F:\DOCUME~1\Mason\LOCALS~1\Temp
USERDNSDOMAIN=LANDRYNETWORK.LOCAL
USERDOMAIN=LANDRYNETWORK
USERNAME=mason
USERPROFILE=F:\Documents and Settings\Mason
VS90COMNTOOLS=C:\Program Files\Visual C++ 2008 Express Edition\Common7\Tools\
windir=F:\WINDOWS
XNAGSShared=F:\Program Files\Common Files\Microsoft Shared\XNA\
XNAGSv2=F:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\


-- User Profiles ---------------------------------------------------------------

Mason.LANDRY2 (new local, admin)
__sbs_netsetup__ (new local, admin)
Administrator (admin)
Mason (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero 8\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> F:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> F:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> F:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> F:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> F:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
µTorrent --> "F:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com --> F:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR --> F:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> F:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Athlon 64 Processor Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AutoTunnel GG --> "F:\Program Files\AutoTunnel GG\uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BT PhoneManager LiveUpdate --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D0E00354-A8C2-40D6-8ED8-26B3A4B1AF85}\setup.exe" -l0x9
Chat4Support Operator 2.1.2 Build 0710 --> "F:\Program Files\Chat4Support Operator\unins000.exe"
DVD Shrink 3.2 --> "F:\Program Files\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.5 --> "F:\Program Files\DVDFab 5\unins000.exe"
FileZilla Client 3.0.11.1 --> F:\Program Files\FileZilla FTP Client\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\s puninst.exe"
HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "F:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Korean Fonts Support For Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-900000000003}
LG USB Modem driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Macromedia Contribute 3.11 --> MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
McAfee SecurityCenter --> F:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Office Outlook 2003 --> MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Visual C# 2005 Express Edition - ENU --> C:\Program Files\Visual C# 2005 Express Edition\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe
Microsoft Visual C# 2005 Express Edition - ENU --> MsiExec.exe /X{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749) --> F:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {B6B0F76A-873E-438E-BC25-6704193DD344} /package {7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C++ 2008 Express Edition - ENU --> C:\Program Files\Visual C++ 2008 Express Edition\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition - ENU --> MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft XNA Framework Redistributable 2.0 --> MsiExec.exe /I{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}
Microsoft XNA Game Studio 2.0 --> F:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Setup\Bootstrapper.exe
Microsoft XNA Game Studio 2.0 --> MsiExec.exe /I{C357E2C9-091F-4B12-BB1C-2E7B19112BC4}
Microsoft XNA Game Studio 2.0 (ARP entry) --> MsiExec.exe /I{070B87FB-CD1A-45AA-9E5E-484E5964C6ED}
Microsoft XNA Game Studio 2.0 (Redists) --> MsiExec.exe /I{31EA6FCB-6C53-4BA7-BE88-9BA788899C2C}
Microsoft XNA Game Studio 2.0 (shared components) --> MsiExec.exe /I{C18DA187-6C0D-4B8E-99AE-74D5C588AFB6}
Microsoft XNA Game Studio 2.0 (spacewar) --> MsiExec.exe /I{3432C2AA-BB3E-44B3-B5ED-EF36E0241100}
Microsoft XNA Game Studio 2.0 (xnaliveproxy) --> MsiExec.exe /I{9B96628C-8898-4FED-9612-25631C27AB13}
Microsoft XNA Game Studio 2.0 Documentation --> MsiExec.exe /I{3B5A6E00-2B27-4E1A-8A33-E3A40DEFD4DC}
Mozilla ActiveX Control v1.7.12 --> F:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla FireFox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> F:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.4 --> MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PC VGA Camera --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{F6C4EE06-DA6D-45DC-A129-04166F5FF238} /l1033
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek AC'97 Audio --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shadow Copy Client --> MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
System Requirements Lab --> F:\Program Files\SystemRequirementsLab\Uninstall.exe
Thrillville(TM): '07 --> F:\Program Files\InstallShield Installation Information\{3BC8D2F1-8CA2-4AF9-99C7-8598AFFDEF8F}\setup.exe -runfromtemp -l0x0409
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VolusionLiveChat --> MsiExec.exe /I{BAFDD9A5-0E66-41B9-B163-1F217CFA7919}
Wal-Mart Music Downloads Store --> MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
Warcraft III --> F:\Program Files\Common Files\Blizzard Entertainment\Warcraft III (3)\Uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "


See Next Post
Reply With Quote
  #6  
Old August 7th, 2008, 06:58 PM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Contined from last post:

Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2206 / Error
Event Submitted/Written: 08/07/2008 08:57:58 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type2205 / Error
Event Submitted/Written: 08/07/2008 00:57:58 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type2200 / Success
Event Submitted/Written: 08/06/2008 05:00:53 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2197 / Error
Event Submitted/Written: 08/06/2008 04:57:04 PM
Event ID/Source: 1030 / Userenv
Event Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Event Record #/Type2196 / Error
Event Submitted/Written: 08/06/2008 04:56:58 PM
Event ID/Source: 1030 / Userenv
Event Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3486 / Warning
Event Submitted/Written: 08/07/2008 07:49:58 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3485 / Error
Event Submitted/Written: 08/07/2008 06:44:12 AM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain LANDRYNETWORK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Event Record #/Type3481 / Error
Event Submitted/Written: 08/06/2008 10:42:46 PM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain LANDRYNETWORK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Event Record #/Type3477 / Warning
Event Submitted/Written: 08/06/2008 06:10:49 PM
Event ID/Source: 11191 / DnsApi
Event Description:
The system failed to update and remove pointer (PTR) resource records (RRs)
for network adapter
with settings:


Adapter Name : {175D649A-F8CB-4995-A0BF-B1062C91EBA6}

Host Name : landry2

Adapter-specific Domain Suffix : landrynetwork.local

DNS server list :

192.168.1.104

Sent update to server : <?>

IP Address : 192.1.1.1


The system could not remove these PTR RRs because because of a system
problem. For specific error code, see the record data displayed below.

Event Record #/Type3476 / Warning
Event Submitted/Written: 08/06/2008 06:10:49 PM
Event ID/Source: 11197 / DnsApi
Event Description:
The system failed to update and remove host (A) resource records (RRs)
for network adapter
with settings:


Adapter Name : {175D649A-F8CB-4995-A0BF-B1062C91EBA6}

Host Name : landry2

Primary Domain Suffix : landrynetwork.local

DNS server list :

192.168.1.104

Sent update to server : 192.1.1.1

IP Address(es) :

192.168.1.105


The reason the update request failed was because of a system problem.
For specific error code, see the record data displayed below.



-- End of Deckard's System Scanner: finished at 2008-08-07 10:12:17 ------------
Reply With Quote
  #7  
Old August 8th, 2008, 04:10 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,255
Gaming, hacks, bots, risk taking and serious infection. Not a new scenario here. Let's start some repairs.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Open Notepad (Start - Run, type notepad and press Enter).
Code:
@ECHO OFF
cd %windir%
sc config AFinding start= disabled
sc config NOBICYT start= disabled
sc config perfmons start= disabled
sc config Routing start= disabled
sc config WServing start= disabled
sc config msmsnkd start= disabled
exit
Copy/paste the above text into the open text box, then save this to your desktop as "servstop.bat"

Be sure to include the "" quotes in the name. Then click on servstop.bat. A window will open briefly but nothing more to complete the changes.

--------------------------------

Then you will want to print or have other access to a copy of the next steps, as some will be done without net access or in Safe Mode.


Download SDFix.exe and save it to your desktop.

Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now.

================================================== =


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.

=============================

After the reboot reconnect to net access and Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

============================

Then still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes except this one:

Security Center

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Post that along with the Malwarebytes log and the SDFix report.txt log please.
Reply With Quote
  #8  
Old August 8th, 2008, 05:21 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
main.txt:

Deckard's System Scanner v20071014.68
Run by Mason on 2008-08-07 21:16:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).


-- HijackThis (run as Mason.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:23 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\McAfee\MBK\MBackMonitor.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\IoctlSvc.exe
F:\Program Files\SiteAdvisor\6261\SAService.exe
F:\WINDOWS\System32\PAStiSvc.exe
F:\WINDOWS\system32\svchost.exe
f:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\SiteAdvisor\6261\SiteAdv.exe
F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla FireFox\firefox.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\Mason\desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Mason.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mason
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - f:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] F:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] F:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AllToTray] F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE
O4 - HKCU\..\Run: [Mini-XP] F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe
O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe
O4 - Startup: Shortcut to BNUBot.lnk = Bot\BNUBot.exe
O4 - Startup: Shortcut to l2uthless Ops.lnk = l2uthless_Ops\l2uthless Ops.exe
O4 - Global Startup: Shortcut to pg2.lnk = C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://landryserver/connectcomputer/nshelp.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local
O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - F:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - F:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - F:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 10450 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 catchme - f:\docume~1\mason\locals~1\temp\catchme.sys (file missing)
R3 pcouffin (VSO Software pcouffin) - f:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 NetHook_ControlCenter (ArtOfPing ControlCenter) - f:\program files\pingfu iris\controlcenter.sys (file missing)
S3 NetHook_Interceptor (ArtOfPing TDI Interceptor) - f:\program files\pingfu iris\interceptor.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "f:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero 8\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - f:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S? AFinding -
S? perfmons -
S? Routing -
S? WServing -
S4 msmsnkd (Microsoft Network Message Service) - f:\windows\system32\msmsn.exe (file missing)
S4 NOBICYT (NOBICYT Service) - f:\windows\system32\nobicyt.exe
Reply With Quote
  #9  
Old August 8th, 2008, 05:22 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
contined from last post:

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98
Service: RTL8023xp


-- Scheduled Tasks -------------------------------------------------------------

2008-08-04 11:18:04 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-01 01:00:00 352 --a------ F:\WINDOWS\Tasks\McQcTask.job
2008-07-15 01:00:00 350 --a------ F:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 21:01:50 0 d-------- F:\Documents and Settings\Mason\Application Data\Malwarebytes
2008-08-07 21:01:34 0 d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 21:01:33 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 20:38:02 0 d-------- F:\WINDOWS\ERUNT
2008-08-06 13:54:20 0 d-------- F:\Program Files\Trend Micro
2008-08-06 10:45:01 0 d-------- F:\Documents and Settings\Mason\.housecall6.6
2008-08-05 10:42:41 0 d-------- F:\Program Files\U5Me Operator
2008-08-05 08:50:17 0 d-------- F:\WINDOWS\pss
2008-08-03 09:11:46 0 d-------- F:\Program Files\LG Electronics
2008-08-01 16:38:05 61440 --a------ F:\WINDOWS\system32\msudf.exe
2008-08-01 13:43:53 0 d-------- F:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-01 13:43:52 0 d-------- F:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-01 12:16:49 0 d-------- F:\Program Files\TallStick
2008-07-31 16:36:23 0 d-------- F:\Documents and Settings\All Users\Application Data\InstalledPackages
2008-07-31 16:36:16 0 d-------- F:\Documents and Settings\All Users\Application Data\SyncClient
2008-07-31 16:35:53 0 d-------- F:\Program Files\Wireless Sync
2008-07-27 15:47:44 0 d-------- F:\Documents and Settings\Mason\Application Data\ArtOfPing
2008-07-26 01:26:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Mozilla
2008-07-26 01:20:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\ArtOfPing
2008-07-26 01:19:28 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Macromedia
2008-07-26 01:19:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Adobe
2008-07-26 01:04:20 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\McAfee
2008-07-26 01:03:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Nero
2008-07-26 01:03:54 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\SiteAdvisor
2008-07-26 01:03:19 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Identities
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Templates
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Start Menu
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\SendTo
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Recent
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\PrintHood
2008-07-26 01:03:02 2359296 --ah----- F:\Documents and Settings\Mason.LANDRY2\ntuser.dat
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\NetHood
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\My Documents
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Local Settings
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Favorites
2008-07-26 01:03:02 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Desktop
2008-07-26 01:03:02 0 d--hs---- F:\Documents and Settings\Mason.LANDRY2\Cookies
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Application Data
2008-07-26 01:03:02 0 d---s---- F:\Documents and Settings\Mason.LANDRY2\Application Data\Microsoft
2008-07-25 13:00:33 0 d-------- F:\Documents and Settings\Mason\Application Data\Winamp
2008-07-23 09:54:06 0 d--hs---- F:\WINDOWS\ftpcache
2008-07-14 23:56:49 0 d-------- F:\Program Files\Microsoft ActiveSync
2008-07-14 22:37:03 0 d-------- F:\Program Files\Microsoft Silverlight
2008-07-14 14:07:17 0 d-------- F:\Program Files\Mozilla ActiveX Control v1.7.12
2008-07-14 11:53:08 0 d-------- F:\WINDOWS\system32\xlive
2008-07-14 11:48:02 0 d-------- F:\Program Files\Microsoft XNA
2008-07-14 11:36:03 0 d-------- F:\Program Files\iPod
2008-07-14 11:14:58 0 d-------- F:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-14 11:00:17 0 d-------- F:\WINDOWS\system32\FxsTmp
2008-07-14 10:53:42 2560 --a------ F:\WINDOWS\_MSRSTRT.EXE
2008-07-14 09:49:34 0 d-------- F:\Program Files\ElcomSoft
2008-07-13 23:26:50 0 d-------- F:\Documents and Settings\Mason\Application Data\WinRAR
2008-07-13 23:05:11 0 d-------- F:\Documents and Settings\LocalService\Application Data\McAfee
2008-07-13 23:04:27 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Application Data\Identities
2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Templates
2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Start Menu
2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\SendTo
2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Recent
2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\PrintHood
2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\NetHood
2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\My Documents
2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Local Settings
2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Favorites
2008-07-13 23:03:13 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Desktop
2008-07-13 23:03:13 0 d--hs---- F:\Documents and Settings\__sbs_netsetup__\Cookies
2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Application Data
2008-07-13 23:03:13 0 d---s---- F:\Documents and Settings\__sbs_netsetup__\Application Data\Microsoft
2008-07-13 23:03:12 2097152 --ah----- F:\Documents and Settings\__sbs_netsetup__\ntuser.dat
2008-07-13 22:32:58 0 d-------- F:\WINDOWS\SchCache
2008-07-13 20:59:28 0 d-------- F:\Program Files\Microsoft.NET
2008-07-13 20:58:51 0 d-------- F:\Program Files\Common Files\Merge Modules
2008-07-13 20:58:50 0 d-------- F:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-13 20:57:14 0 d-------- F:\Program Files\Microsoft SDKs
2008-07-13 20:22:48 0 d-------- F:\Program Files\MSBuild
2008-07-13 20:22:39 0 d-------- F:\WINDOWS\system32\XPSViewer
2008-07-13 20:22:31 0 d-------- F:\Program Files\Reference Assemblies
2008-07-13 20:16:11 0 d-------- F:\Program Files\MSXML 6.0
2008-07-13 18:11:16 0 d-------- F:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-13 13:37:51 0 d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-13 13:28:04 0 d-------- F:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-13 13:28:02 0 d-------- F:\Program Files\DVD Shrink
2008-07-13 13:27:11 47360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-13 13:27:11 0 d-------- F:\Documents and Settings\Mason\Application Data\Vso
2008-07-13 13:27:11 47360 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-13 13:26:59 0 d-------- F:\Program Files\DVDFab 5
2008-07-13 11:49:05 0 d-------- F:\Documents and Settings\Mason\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1
2008-07-13 00:25:13 0 --a------ F:\WINDOWS\nsreg.dat
2008-07-13 00:25:03 0 d-------- F:\Documents and Settings\Mason\Application Data\Mozilla
2008-07-12 19:03:11 0 d-------- F:\Program Files\OpenOffice.org 2.4
2008-07-12 18:16:44 0 d-------- F:\Documents and Settings\Mason\Application Data\OpenOffice.org2
2008-07-12 13:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-12 10:26:34 0 d-------- F:\Program Files\Common Files\Adobe AIR
2008-07-12 10:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2008-07-12 10:24:59 0 d-------- F:\Program Files\Common Files\Adobe
2008-07-12 10:22:13 0 d-------- F:\Documents and Settings\All Users\Application Data\NOS
2008-07-12 10:22:11 0 d-------- F:\Program Files\NOS
2008-07-11 22:21:07 768 --a------ F:\WINDOWS\system32\d3d8caps.dat
2008-07-11 16:26:17 0 d-------- F:\Program Files\Chat4Support Operator
2008-07-10 19:05:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Actual Tools
2008-07-10 17:55:44 0 d-------- F:\Program Files\AllToTray
2008-07-09 23:03:13 0 d-------- F:\Program Files\Boldcenter
2008-07-09 14:09:00 0 d-------- F:\Program Files\StealthBot
2008-07-08 14:54:38 0 d-------- F:\Documents and Settings\Mason\Application Data\FileZilla
2008-07-08 14:53:55 0 d-------- F:\Program Files\FileZilla FTP Client
2008-07-08 14:32:38 0 d-------- F:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 14:32:33 0 d--h----- F:\Documents and Settings\Mason\Application Data\IFLTemp
2008-07-08 14:32:21 0 d-------- F:\Program Files\IncrediFlash Intro and Banner Studio 1.2
2008-07-08 13:05:23 131584 --a------ F:\WINDOWS\system32\SpoonUninstall.exe
2008-07-08 09:16:40 0 d-------- F:\Program Files\SourceTec
2008-07-08 09:15:51 177 --a------ F:\DelUS.bat
2008-07-08 08:30:56 0 d-------- F:\Program Files\Common Files\Macromedia Shared
2008-07-08 08:29:30 0 d-------- F:\Documents and Settings\All Users\Application Data\Macromedia
2008-07-08 08:28:15 0 d-------- F:\Program Files\Macromedia
2008-07-07 18:39:12 23 --a------ F:\Documents and Settings\Mason\jagex_runescape_preferences.dat
2008-07-07 18:38:52 0 d-------- F:\WINDOWS\Sun
2008-07-07 18:38:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Sun
2008-07-07 18:37:50 0 d-------- F:\Program Files\Java
2008-07-07 18:37:00 0 d-------- F:\Program Files\Common Files\Java
2008-07-07 12:44:01 0 d-------- F:\Program Files\Common Files\Blizzard Entertainment
2008-07-07 10:00:52 0 d-------- F:\Program Files\Windows Media Connect 2
2008-07-07 09:57:07 0 d-------- F:\WINDOWS\system32\LogFiles
2008-07-07 09:57:07 0 d-------- F:\WINDOWS\system32\drivers\UMDF


-- Find3M Report ---------------------------------------------------------------

2008-08-07 13:17:23 0 d-------- F:\Documents and Settings\Mason\Application Data\uTorrent
2008-08-04 13:40:12 0 d-------- F:\Program Files\McAfee
2008-08-03 10:18:08 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-08-03 10:12:51 2528 --a------ F:\Documents and Settings\Mason\Application Data\$_hpcst$.hpc
2008-08-03 09:22:49 0 d-------- F:\Documents and Settings\Mason\Application Data\Apple Computer
2008-07-25 19:14:46 664 --a------ F:\WINDOWS\system32\d3d9caps.dat
2008-07-13 23:57:39 0 d-------- F:\Program Files\Common Files
2008-07-13 17:01:20 0 d-------- F:\Documents and Settings\Mason\Application Data\Adobe
2008-07-13 13:30:34 0 d-------- F:\Program Files\Apple Software Update
2008-07-13 13:27:24 34 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.log
2008-07-13 13:27:11 1144 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.inf
2008-07-13 13:27:11 7887 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.cat
2008-07-08 08:31:52 0 d-------- F:\Documents and Settings\Mason\Application Data\Macromedia
2008-07-06 22:14:41 0 d-------- F:\Program Files\Bonjour
2008-07-06 22:14:29 0 d-------- F:\Program Files\QuickTime
2008-07-06 22:12:48 0 d-------- F:\Program Files\Common Files\Apple
2008-07-06 22:03:44 0 d-------- F:\Program Files\Common Files\PCCamera
2008-07-06 22:03:43 0 d-------- F:\Program Files\PC VGA Camera
2008-07-06 21:57:25 0 d-------- F:\Program Files\Microsoft IntelliPoint
2008-07-06 21:56:30 0 d-------- F:\Program Files\Microsoft IntelliType Pro
2008-07-06 21:36:54 0 d-------- F:\Program Files\MSXML 4.0
2008-07-06 20:53:56 0 d-------- F:\Documents and Settings\Mason\Application Data\McAfee
2008-07-06 19:48:39 0 d-------- F:\Program Files\Windows Live
2008-07-06 19:46:52 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 17:14:16 0 d-------- F:\Program Files\SiteAdvisor
2008-07-06 17:13:49 0 d-------- F:\Program Files\Common Files\McAfee
2008-07-06 17:13:26 0 d-------- F:\Documents and Settings\Mason\Application Data\SiteAdvisor
2008-07-03 17:52:10 0 d-------- F:\Program Files\McAfee.com
2008-07-03 11:18:15 0 d-------- F:\Program Files\uTorrent
2008-06-26 15:07:12 0 d-------- F:\Documents and Settings\Mason\Application Data\Ahead
2008-06-26 14:08:08 0 d-------- F:\Program Files\NeroInstall.bak
2008-06-26 14:06:14 0 d-------- F:\Documents and Settings\Mason\Application Data\Nero
2008-06-26 14:04:41 0 d-------- F:\Program Files\Common Files\Nero
2008-06-25 20:48:10 0 d-------- F:\Documents and Settings\Mason\Application Data\Identities
2008-06-25 20:25:49 0 d-------- F:\Program Files\Wal-Mart Music Downloads Store
2008-06-25 20:25:41 0 d-------- F:\Program Files\Common Files\InstallShield
2008-06-25 19:35:31 0 d-------- F:\Program Files\VIA
2008-06-25 19:34:23 0 d-------- F:\Program Files\Realtek Sound Manager
2008-06-25 19:34:23 0 d-------- F:\Program Files\AvRack
2008-06-25 19:33:22 0 d-------- F:\Program Files\AMD
2008-06-25 19:11:35 0 d-------- F:\Program Files\TechTracker
2008-06-25 18:33:57 0 d-------- F:\Program Files\Realtek
2008-06-25 18:33:50 315392 --a------ F:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-25 18:28:14 0 d-------- F:\Program Files\SystemRequirementsLab
2008-06-25 17:52:57 0 d-------- F:\Program Files\Messenger
2008-06-25 17:17:44 0 d-------- F:\Program Files\Microsoft Windows Small Business Server
2008-06-25 16:32:34 0 d-------- F:\Program Files\microsoft frontpage
2008-06-25 16:29:54 0 d--h----- F:\Program Files\WindowsUpdate
2008-06-25 16:29:48 0 d-------- F:\Program Files\Online Services
2008-06-25 16:28:57 0 d-------- F:\Program Files\Common Files\MSSoap
2008-06-25 16:28:48 0 d-------- F:\Program Files\Movie Maker
2008-06-25 16:27:49 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat
2008-06-25 16:26:56 0 d-------- F:\Program Files\MSN Gaming Zone
2008-06-25 16:26:47 0 d-------- F:\Program Files\Windows NT
2008-06-25 10:14:41 0 d-------- F:\Program Files\Common Files\ODBC
2008-06-25 10:14:38 0 d-------- F:\Program Files\Common Files\SpeechEngines
2008-06-25 10:14:09 62 --ahs---- F:\Documents and Settings\Mason\Application Data\desktop.ini
2008-05-16 14:01:00 1630208 --a------ F:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ F:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ F:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ F:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ F:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ F:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ F:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ F:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ f:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM F:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray. dll" [05/16/2008 02:01 PM]
"SoundMan"="SOUNDMAN.EXE" [11/15/2004 04:20 AM F:\WINDOWS\SOUNDMAN.EXE]
"ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"NeroFilterCheck"="F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
Reply With Quote
  #10  
Old August 8th, 2008, 05:23 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Continued from last post:

"NBKeyScan"="C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"SiteAdvisor"="F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 05:12 PM]
"McENUI"="F:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"mcagent_exe"="F:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"McAfee Backup"="F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="F:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"itype"="F:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 07:08 PM]
"IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 05:52 PM]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"AppleSyncNotifier"="F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"AllToTray"="F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE " []
"Mini-XP"="F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe" []
"Vidalia"="F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" []
"H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"WinMinimizer"="E:\WMinimizer\WindowMinimizer. exe" []

F:\Documents and Settings\Mason\Start Menu\Programs\Startup\
Shortcut to BNUBot.lnk - F:\Documents and Settings\Mason\My Documents\Bot\BNUBot.exe [7/10/2008 12:18:21 AM]
Shortcut to l2uthless Ops.lnk - F:\Documents and Settings\Mason\My Documents\l2uthless_Ops\l2uthless Ops.exe [3/16/2008 9:55:32 PM]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to pg2.lnk - C:\Program Files\PeerGuardian2\pg2.exe [1/12/2007 8:23:44 PM]
VIA RAID TOOL.lnk - F:\Program Files\VIA\RAID\raid_tool.exe [6/25/2008 7:35:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

*Newly Created Service* - PGFILTER



-- End of Deckard's System Scanner: finished at 2008-08-07 21:17:32 ------------
Reply With Quote
  #11  
Old August 8th, 2008, 05:23 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Games\\Call of Duty 2\\CoD2MP_s.exe"="F:\\Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WIN DOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup"
"F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:Orb"
"F:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="F:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb Application"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


-- End of Deckard's System Scanner: finished at 2008-08-07 21:17:32 ------------
Reply With Quote
  #12  
Old August 8th, 2008, 05:24 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Report.txt from SDFix:


SDFix: Version 1.214
Run by Mason on Thu 08/07/2008 at 08:40 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: F:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

F:\WINDOWS\system32\comsa32.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 20:52:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WIN DOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup"
"F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:Orb"
"F:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="F:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb Application"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Games\\Call of Duty 2\\CoD2MP_s.exe"="F:\\Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

Remaining Files :


File Backups: - F:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 21 Jul 2008 20,487 A.SHR --- "F:\Program Files\McAfee\MQC\MRU.bak"
Mon 21 Jul 2008 265 A.SHR --- "F:\Program Files\McAfee\MQC\qcconf.bak"
Mon 7 Jul 2008 0 A.SH. --- "F:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 16 Jul 2008 0 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\0d3b5d19 cc06db007bbe6584808bfa9e\BIT4.tmp"
Wed 25 Jun 2008 0 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\f7db876e 78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Mon 13 Dec 2004 295,812 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\080070f6 461c8001578e5e4cd4bb024b\download\BITA4.tmp"
Fri 22 Sep 2006 279,513 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\f040a43a 7788e207ef67f26bf9f0471f\download\BIT8F.tmp"

Finished!
Reply With Quote
  #13  
Old August 8th, 2008, 05:25 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Malwarebytes' log:

Malwarebytes' Anti-Malware 1.24
Database version: 1032
Windows 5.1.2600 Service Pack 2

9:13:56 PM 8/7/2008
mbam-log-8-7-2008 (21-13-56).txt

Scan type: Quick Scan
Objects scanned: 51185
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AFinding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WServing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\a finding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\a finding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w serving (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\w serving (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r outing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\r outing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Reply With Quote
  #14  
Old August 8th, 2008, 05:26 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
It did not remove tcexfst.sys (this one plays random sounds), and it did not remove atsxyzd.sys and msudf.exe and nobicyt.exe and sytsyctd.sys . Please tell me if any of these arent viruses.

Thanks In Advance!!

Last edited by skiniemini; August 8th, 2008 at 05:33 AM.
Reply With Quote
  #15  
Old August 9th, 2008, 01:43 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,255
Yes, a few holdouts we still need to address. Unfortunately particular scans only show particular views, so we'll need to add some others here for the files you just mentioned. Since they do not all show in the logs so far, post back the exact locations of those files (such as xxxx.sys is C:\Windows\System32\Drivers\xxxx.sys).


Download gmer.zip from here. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder.

When you have done this, doubleclick on Gmer.exe to run it.

Under the Rootkit/Malware tab look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

----------------------------

Also Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:22 PM.