|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
February 13th, 2008, 11:27 PM
|
|||
|
|||
rond.starsdoor.com help me remove (moved from XP Forum)
I lately my internet connection has slowed down and a pop up with header "rond.starsdoor.com" has been popping up every now and then every time I use IE. Any suggestions in how to remove it?
|
|
#2
February 14th, 2008, 02:13 AM
|
|||
|
|||
|
Hello ZeoMax and welcome to CTH. My name is Wes and I will be assisting you here at CTH. I need to see what all is running on your computer so please do the following:
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. 1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, it will create two text files - main.txt <- this one will be maximized and extra.txt<-this one will be minimized on your Taskbar. 4. Copy/paste both logs back here please (they will also be located at C:\Deckard\System Scanner). Make sure you notice the extra.txt second log that will show as minimized on your Task Bar, "Maximize" that and be sure to paste those contents here as well.
|
|
#3
February 14th, 2008, 03:27 AM
|
|||
|
|||
|
This is the 1st log but is divided in two parts because is longer than 20k characters
Deckard's System Scanner v20071014.68
Run by Enrique on 2008-02-13 21:16:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 83: 2008-02-14 02:16:46 UTC - RP245 - Deckard's System Scanner Restore Point 82: 2008-02-13 01:23:44 UTC - RP244 - System Checkpoint 81: 2008-02-11 19:02:04 UTC - RP243 - Installed Ad-Aware 2007 80: 2008-02-11 16:33:00 UTC - RP242 - Spyware Doctor: Cleaning Threats 79: 2008-02-11 16:21:29 UTC - RP241 - Spyware Doctor: Cleaning Threats -- First Restore Point -- 1: 2007-11-16 03:54:17 UTC - RP163 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-13 21:18:58 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Drmupgds\Drmupgds.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Enrique\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTSVolFE] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe O4 - HKCU\..\Run: [SpywareSweeperProMFC] C:\Program Files\Spyware Sweeper Pro\Spyware Sweeper Pro.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - Startup: ShutDown After.lnk = C:\Program Files\ShutDown After\SA.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm088YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9408 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 AVFilter - c:\windows\system32\drivers\avfilter.sys <Not Verified; PC Tools Research Pty Ltd; AVFilter Device Driver> R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver> R2 WIBUKEY (WIBU-KEY Kernel Driver) - c:\windows\system32\drivers\wibukey.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System> R3 AVHook - c:\windows\system32\drivers\avhook.sys <Not Verified; PC Tools Research Pty Ltd.; PC Tools AntiVirus> R3 AVRec - c:\windows\system32\drivers\avrec.sys <Not Verified; PC Tools Research Pty Ltd; PC Tools AntiVirus> R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver> S3 DCamUSBMR (CMOS 100K-R Rev. 1.90) - c:\windows\system32\drivers\mr97110.sys <Not Verified; Mars Technology Inc.; Mars PAS106+PAP003 USB Driver> S3 dump_wmimmc - c:\nexon\maplestory\gameguard\dump_wmimmc.sys (file missing) S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT> S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device> S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe S3 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found.
|
|
#4
February 14th, 2008, 03:28 AM
|
|||
|
|||
|
2nd part of the first log
-- Scheduled Tasks -------------------------------------------------------------
2008-02-13 19:58:02 346 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job 2007-12-18 08:13:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-01-13 and 2008-02-13 ----------------------------- 2008-02-13 17:19:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-02-13 16:59:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-02-13 16:56:09 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-02-13 16:56:09 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-02-13 16:56:09 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-02-13 16:56:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-02-13 16:56:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-02-13 16:56:08 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-02-13 16:56:08 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-02-13 16:56:08 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-02-13 16:56:07 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-02-13 16:55:46 0 d-------- C:\WINDOWS\CSC 2008-02-12 23:36:41 0 d-------- C:\EA GAMES 2008-02-11 14:02:09 0 d-------- C:\Program Files\Lavasoft 2008-02-11 14:02:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-10 14:53:53 0 d-------- C:\Program Files\Spyware Doctor 2008-02-10 14:49:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-10 14:18:11 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-10 14:11:14 0 d-------- C:\WINDOWS\Spyware Sweeper Pro 2008-02-09 17:22:46 0 d-------- C:\Program Files\Common Files\INCA Shared 2008-02-06 16:13:36 0 d-------- C:\Program1 2008-02-04 14:36:44 0 d-------- C:\Program Files\Drmupgds 2008-02-04 11:13:36 54272 --a------ C:\WINDOWS\b122.exe 2008-02-03 18:23:11 0 d-------- C:\Documents and Settings\Enrique\Application Data\Move Networks 2008-01-28 13:11:09 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2008-01-28 13:08:20 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2008-01-28 13:08:20 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS> -- Find3M Report --------------------------------------------------------------- 2008-02-13 21:13:50 0 d-------- C:\Documents and Settings\Enrique\Application Data\BitTorrent DNA 2008-02-13 17:43:30 0 d-------- C:\Program Files\Steam 2008-02-13 17:43:28 0 d-------- C:\Program Files\PC Tools AntiVirus 2008-02-12 20:01:31 0 d-------- C:\Program Files\Common Files\Adobe 2008-02-11 14:00:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-10 14:53:53 0 d-------- C:\Documents and Settings\Enrique\Application Data\PC Tools 2008-02-10 14:49:20 0 d-------- C:\Program Files\Google 2008-02-09 22:04:30 0 d-------- C:\Documents and Settings\Enrique\Application Data\BitTorrent 2008-02-09 19:48:14 0 d-------- C:\Program Files\MP3 Player Utilities 3.68 2008-02-09 17:22:46 0 d-------- C:\Program Files\Common Files 2008-02-08 19:03:37 0 d-------- C:\Documents and Settings\Enrique\Application Data\LimeWire 2008-01-28 13:12:44 0 d-------- C:\Program Files\Ahead 2008-01-28 13:08:25 0 d-------- C:\Program Files\Common Files\Ahead 2008-01-20 11:16:11 2684 --a------ C:\WINDOWS\mozver.dat 2008-01-15 15:41:05 0 d-------- C:\Documents and Settings\Enrique\Application Data\U3 2008-01-12 19:50:20 0 d-------- C:\Program Files\3ivx 2008-01-02 16:09:08 0 d-------- C:\Program Files\VirtualDJ 2007-12-27 14:17:08 0 d-------- C:\Program Files\Western Digital Technologies 2007-12-26 15:24:29 0 d-------- C:\Documents and Settings\Enrique\Application Data\Nero 2007-12-26 15:22:52 0 d-------- C:\Program Files\Common Files\Nero 2007-12-26 15:19:58 0 d-------- C:\Program Files\Nero 2007-12-22 13:32:57 0 d-------- C:\Program Files\MSECache 2007-12-16 23:15:43 0 d-------- C:\Program Files\ShutDown After -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [03/23/2006 07:17 PM] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [03/23/2006 07:13 PM] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [03/23/2006 07:17 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [06/22/2004 07:05 AM] "HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [07/07/2005 11:55 PM] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/05/2003 02:41 PM] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [07/07/2005 11:55 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [05/17/2007 10:41 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 03:55 PM] "CTSVolFE"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [02/23/2005 02:57 PM] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 07:05 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [07/09/2001 11:50 AM] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [05/17/2007 10:41 AM] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [09/21/2007 12:56 PM] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM] "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [02/04/2008 02:36 PM] "SpywareSweeperProMFC"="C:\Program Files\Spyware Sweeper Pro\Spyware Sweeper Pro.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [02/10/2008 02:49 PM] "Steam"="C:\Program Files\Steam\Steam.exe" [02/11/2008 04:16 PM] C:\Documents and Settings\Enrique\Start Menu\Programs\Startup\ ShutDown After.lnk - C:\Program Files\ShutDown After\SA.exe [12/16/2007 11:15:42 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/7/2007 3:56:56 PM] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/10/2008 2:49:21 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\M] AutoRun\command- M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{71928b32-4f8b-11dc-8475-001676652a20}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAAV/CAInstallationMenu.html [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da2819fa-9a48-11dc-859e-001676652a20}] AutoRun\command- K:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2008-02-13 21:19:29 ------------
|
|
#5
February 14th, 2008, 03:29 AM
|
|||
|
|||
|
This is the extra.txt log
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz Percentage of Memory in Use: 48% Physical Memory (total/avail): 1014.07 MiB / 518.93 MiB Pagefile Memory (total/avail): 2441.24 MiB / 2066.46 MiB Virtual Memory (total/avail): 2047.88 MiB / 1933.36 MiB C: is Fixed (NTFS) - 93.15 GiB total, 47.87 GiB free. D: is Removable (No Media) E: is Removable (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is CDROM (CDFS) I: is CDROM (No Media) J: is Fixed (FAT32) - 232.83 GiB total, 116.25 GiB free. L: is Removable (No Media) \\.\PHYSICALDRIVE0 - Maxtor 6L100M0 - 93.16 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 93.15 GiB - C: \\.\PHYSICALDRIVE6 - HP photosmart 7600 USB Device \\.\PHYSICALDRIVE2 - TEAC USB HS-CF Card USB Device \\.\PHYSICALDRIVE4 - TEAC USB HS-MS Card USB Device \\.\PHYSICALDRIVE5 - TEAC USB HS-SD Card USB Device \\.\PHYSICALDRIVE3 - TEAC USB HS-xD/SM USB Device \\.\PHYSICALDRIVE1 - WD 2500JB External USB Device - 232.88 GiB - 1 partition \PARTITION0 - Unknown - 232.88 GiB - J: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AntivirusOverride is set. AV: PC Tools AntiVirus 3.1.2.0 v3.1.2.0 (PC Tools Research Pty Ltd) Disabled [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlaye r Component" "C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe:*:Enabled:Need For Speed III for Win32" "C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon \\MapleStory\\MapleStory.exe:*:Enabled:MapleStory" "H:\\NFS3.EXE"="H:\\NFS3.EXE:*:Enabled:Need For Speed III for Win32" "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Progra m Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:Qu ickTime Player" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Nexon\\MapleStory\\Patcher.exe"="C:\\Nexon\\M apleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????" "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorren t DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent" "C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\Program Files\\Steam\\steamapps\\usalfredo\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\usalfredo\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager" "C:\\Nexon\\KartRider\\NMService.exe"="C:\\Nexon\\ KartRider\\NMService.exe:*:Enabled:Nexon Messenger Core" "C:\\Program Files\\Steam\\steamapps\\usalfredo\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\usalfredo\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Enrique\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=ENRIQUE-E9XU6O7 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Enrique LOGONSERVER=\\ENRIQUE-E9XU6O7 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0409 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Enrique\LOCALS~1\Temp TMP=C:\DOCUME~1\Enrique\LOCALS~1\Temp USERDOMAIN=ENRIQUE-E9XU6O7 USERNAME=Enrique USERPROFILE=C:\Documents and Settings\Enrique windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Enrique (admin) Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56EC9D19-61CD-4982-8634-F5CBF3ED5550}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3ivx MPEG-4 5.0.2 (remove only) --> "C:\Program Files\3ivx\3ivx MPEG-4 5.0.2\uninstaller.exe" Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Advanced WindowsCare 2.55 Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe" Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly BannedStory 2.1 --> C:\Program Files\BannedStory\uninst.exe BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL BitTorrent DNA --> "C:\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL Camera Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91B2337D-79D4-11D5-8C4A-0050BA22F23A}\Setup.exe" CamMaestro 4.00 DU PC Camera --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{36BBD279-1D96-4C1C-9561-CE224B5776C0} /l1033 Command & Conquer --> C:\EA GAMES\Uninstal.exe Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SU BSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647} Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10 Drmupgds --> "C:\Program Files\Drmupgds\Drmupgds.exe" -uninstall DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuni nst.exe Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe" HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat HP PSC 1100/1200/1300 series Cartridge Compatibility Utility --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\CartridgeCompatibilityUtility\Uninst.isu" HP Software Update --> MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12} Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2I D PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 Intel(R) PRO Network Connections Drivers --> Prounstl.exe iTunes --> MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KartRider --> "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33562881 -locale:US LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe" MapleStory --> MsiExec.exe /I{4D854B04-562A-4F18-A61B-1397DC01D915} MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612} Microsoft Combat Flight Simulator 3.0 --> "C:\Program Files\Microsoft Games\Combat Flight Simulator 3\UNINSTAL.EXE" /runtemp /addremove Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spunins t.exe" Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe" Mixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove Motorola Driver Installation --> MsiExec.exe /I{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4} Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly Motorola PST --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}\Setup.exe" -l0x9 anything Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP3 Player Utilities 3.68 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22} Need For Speed III --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll" Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033} Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OffTimer --> MsiExec.exe /I{90B3456C-7EDA-49D0-9678-FF92F620472E} overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} PC Tools AntiVirus 3.1 --> "C:\Program Files\PC Tools AntiVirus\unins000.exe" Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Replay Converter 2.8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini" ShutDown After 2.2 --> "C:\Program Files\ShutDown After\unins000.exe" SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Sound Blaster Audigy ADVANCED MB Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56EC9D19-61CD-4982-8634-F5CBF3ED5550}\setup.exe" -l0x9 /remove Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Team Fortress Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/20 TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6} TVUPlayer 2.3.3.2 --> C:\Program Files\TVUPlayer\uninst.exe Uplink --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Uplink\Uninst.isu" VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG Voice and Speech Recognition Software --> MsiExec.exe /I{CE2E3388-7FF1-481A-80AA-52573E63E3EE} WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} WIBU-KEY Setup (WIBU-KEY Remove) --> C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161} Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type2004 / Success Event Submitted/Written: 02/12/2008 05:24:21 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1992 / Success Event Submitted/Written: 02/12/2008 03:32:33 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1963 / Warning Event Submitted/Written: 02/11/2008 08:23:20 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type1958 / Success Event Submitted/Written: 02/11/2008 05:57:44 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1956 / Warning Event Submitted/Written: 02/11/2008 04:16:06 PM Event ID/Source: 1001 / MsiInstaller Event Description: Detection of product '{048298C9-A4D3-490B-9FF9-AB023A9238F3}', feature 'Steam_Base' failed during request for component '{A8CEB5C7-7070-4FFB-BFA4-86C6996C9900}' -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type25374 / Warning Event Submitted/Written: 02/13/2008 09:19:28 PM Event ID/Source: 257 / PlugPlayManager Event Description: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow" Event Record #/Type25373 / Warning Event Submitted/Written: 02/13/2008 09:19:28 PM Event ID/Source: 257 / PlugPlayManager Event Description: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow" Event Record #/Type25372 / Warning Event Submitted/Written: 02/13/2008 09:19:28 PM Event ID/Source: 257 / PlugPlayManager Event Description: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow" Event Record #/Type25371 / Warning Event Submitted/Written: 02/13/2008 09:19:28 PM Event ID/Source: 257 / PlugPlayManager Event Description: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow" Event Record #/Type25370 / Warning Event Submitted/Written: 02/13/2008 09:19:28 PM Event ID/Source: 257 / PlugPlayManager Event Description: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow" -- End of Deckard's System Scanner: finished at 2008-02-13 21:19:29 ------------
|
|
#6
February 14th, 2008, 04:27 AM
|
|||
|
|||
|
I do see some infection showing in your logs so lets get started with the repairs.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Also Ad-Aware 2007 sets itself to autoscan each startup, so please disable this while we do these repairs. To disable this, click the Settings button, Auto Scans tab, and under "Scan on Ad-Aware startup", be sure both selections for "No automated scan" are checked (green). Then click Save and close Ad-Aware. Please do the following: STEP 1 Click on "Start" > "Control Panel" > "Add/Remove Programs" and remove the following program: Drmupgds STEP 2 Download ComboFix.exe from here and save it to your C: folder (C:\Combofix.exe) and doubleclick on the downloaded file to run the repair. When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay. When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver. STEP 3 Go here and download the free version of SUPERAntiSpyware and install it. After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings. Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is). Start-up Options: *Start SUPERAntiSpyware when Windows starts Automatic Updates: *Check for program updates when the application starts. Start-up Scanning: *Check for updates before scanning on startup. Then select Close. Don't scan just yet though. ====================================== Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). Open SUPERAntiSpyware and click the Scan your Computer button. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan. SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon). Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here. STEP 4 (Post the following logs) Combofix log SuperAntiSpyware log NEW HijackThis
|
|
#7
February 14th, 2008, 07:27 PM
|
|||
|
|||
|
Followed al the steps but the anitpyware didnt give me a log
Here is the combo fix log:
ComboFix 08-02-14.2 - Enrique 2008-02-14 10:31:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.595 [GMT -5:00] Running from: C:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FunWebProducts C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\WINDOWS\b122.exe J:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))) . 2008-02-14 10:29 . 2008-02-14 10:29 1,597,302 --a------ C:\ComboFix.exe 2008-02-13 21:16 . 2008-02-13 21:16 <DIR> d-------- C:\Deckard 2008-02-12 23:36 . 2008-02-12 23:40 <DIR> d-------- C:\EA GAMES 2008-02-11 14:02 . 2008-02-11 14:02 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-11 14:02 . 2008-02-14 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-10 14:54 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-10 14:54 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-10 14:54 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-10 14:54 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-10 14:53 . 2008-02-11 09:04 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-10 14:49 . 2008-02-13 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-10 14:18 . 2008-02-13 21:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-10 14:11 . 2008-02-10 14:11 <DIR> d-------- C:\WINDOWS\Spyware Sweeper Pro 2008-02-09 17:22 . 2008-02-09 17:22 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-02-06 16:13 . 2008-02-06 16:13 <DIR> d-------- C:\Program1 2008-02-04 14:36 . 2008-02-04 14:36 <DIR> d-------- C:\Program Files\Drmupgds 2008-02-03 18:23 . 2008-02-03 18:23 <DIR> d-------- C:\Documents and Settings\Enrique\Application Data\Move Networks 2008-01-28 13:13 . 2004-09-13 07:17 2,146,304 --------- C:\WINDOWS\UNNMP.exe 2008-01-28 13:13 . 2004-09-22 11:13 52,502 --------- C:\WINDOWS\UNNMP.cfg 2008-01-28 13:11 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-01-28 13:08 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-01-28 13:08 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-14 15:33 --------- d-----w C:\Documents and Settings\Enrique\Application Data\BitTorrent DNA 2008-02-14 15:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-14 15:23 --------- d-----w C:\Program Files\Steam 2008-02-14 15:23 --------- d-----w C:\Program Files\PC Tools AntiVirus 2008-02-13 01:01 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-10 19:53 --------- d-----w C:\Documents and Settings\Enrique\Application Data\PC Tools 2008-02-10 19:49 --------- d-----w C:\Program Files\Google 2008-02-10 03:04 --------- d-----w C:\Documents and Settings\Enrique\Application Data\BitTorrent 2008-02-10 00:48 --------- d-----w C:\Program Files\MP3 Player Utilities 3.68 2008-02-09 00:03 --------- d-----w C:\Documents and Settings\Enrique\Application Data\LimeWire 2008-01-28 18:12 --------- d-----w C:\Program Files\Ahead 2008-01-28 18:08 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-15 20:41 --------- d-----w C:\Documents and Settings\Enrique\Application Data\U3 2008-01-13 00:50 --------- d-----w C:\Program Files\3ivx 2008-01-02 21:09 --------- d-----w C:\Program Files\VirtualDJ 2007-12-27 19:17 --------- d-----w C:\Program Files\Western Digital Technologies 2007-12-26 20:24 --------- d-----w C:\Documents and Settings\Enrique\Application Data\Nero 2007-12-26 20:22 --------- d-----w C:\Program Files\Common Files\Nero 2007-12-26 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2007-12-26 20:19 --------- d-----w C:\Program Files\Nero 2007-12-22 18:32 --------- d-----w C:\Program Files\MSECache 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-17 04:15 --------- d-----w C:\Program Files\ShutDown After 2007-12-14 00:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 14:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-12-03 23:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-07-20 01:49 92,064 ----a-w C:\Documents and Settings\Enrique\mqdmmdm.sys 2007-07-20 01:49 9,232 ----a-w C:\Documents and Settings\Enrique\mqdmmdfl.sys 2007-07-20 01:49 79,328 ----a-w C:\Documents and Settings\Enrique\mqdmserd.sys 2007-07-20 01:49 66,656 ----a-w C:\Documents and Settings\Enrique\mqdmbus.sys 2007-07-20 01:49 6,208 ----a-w C:\Documents and Settings\Enrique\mqdmcmnt.sys 2007-07-20 01:49 5,936 ----a-w C:\Documents and Settings\Enrique\mqdmwhnt.sys 2007-07-20 01:49 4,048 ----a-w C:\Documents and Settings\Enrique\mqdmcr.sys 2007-07-20 01:49 25,600 ----a-w C:\Documents and Settings\Enrique\usbsermptxp.sys 2007-07-20 01:49 22,768 ----a-w C:\Documents and Settings\Enrique\usbsermpt.sys 2007-07-03 00:15 25,990,432 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 10:41 1074736] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-21 12:56 286016] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] "SpywareSweeperProMFC"="C:\Program Files\Spyware Sweeper Pro\Spyware Sweeper Pro.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-02-10 14:49 68856] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-11 16:16 1266936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2006-03-23 19:17 94208] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2006-03-23 19:13 77824] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2006-03-23 19:17 118784] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [2004-06-22 07:05 172032] "HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 14:41 49152] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55 491520] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 10:41 1074736] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064] "CTSVolFE"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 14:57 57344] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 19:05 200704] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\Enrique\Start Menu\Programs\Startup\ ShutDown After.lnk - C:\Program Files\ShutDown After\SA.exe [2007-12-16 23:15:42 77824] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-07 15:56:56 113664] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-10 14:49:21 125624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) "NoResolveSearch"= 1 (0x1) S3 DCamUSBMR;CMOS 100K-R Rev. 1.90;C:\WINDOWS\system32\DRIVERS\MR97110.sys [2001-08-21 14:47] S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGu ard\dump_wmimmc.sys [] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 14:19] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRI VERS\motccgpfl.sys [2007-01-23 19:03] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 14:11] S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\M] \Shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{71928b32-4f8b-11dc-8475-001676652a20}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAAV/CAInstallationMenu.html [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da2819fa-9a48-11dc-859e-001676652a20}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-12-18 13:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-14 00:58:02 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 10:34:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-02-14 10:34:34 ComboFix-quarantined-files.txt 2008-02-14 15:34:32 . 2008-02-14 14:41:14 --- E O F ---
|
|
#8
February 14th, 2008, 07:28 PM
|
|||
|
|||
|
Here is the Hijackthis log
Deckard's System Scanner v20071014.68
Run by Enrique on 2008-02-14 13:24:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-14 13:25:12 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Enrique\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTSVolFE] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [SpywareSweeperProMFC] C:\Program Files\Spyware Sweeper Pro\Spyware Sweeper Pro.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - Startup: ShutDown After.lnk = C:\Program Files\ShutDown After\SA.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm088YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9108 bytes -- Files created between 2008-01-14 and 2008-02-14 ----------------------------- 2008-02-14 10:48:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-02-14 10:42:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-14 10:42:19 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-02-14 10:42:19 0 d-------- C:\Documents and Settings\Enrique\Application Data\SUPERAntiSpyware.com 2008-02-14 10:30:31 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-14 10:30:31 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-14 10:30:31 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-14 10:30:31 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-02-14 10:29:25 1597302 --a------ C:\ComboFix.exe 2008-02-13 17:19:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-02-13 16:59:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-02-13 16:56:09 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-02-13 16:56:09 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-02-13 16:56:09 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-02-13 16:56:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-02-13 16:56:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-02-13 16:56:08 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-02-13 16:56:08 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-02-13 16:56:08 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-02-13 16:56:08 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-02-13 16:56:07 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-02-13 16:55:46 0 d-------- C:\WINDOWS\CSC 2008-02-12 23:36:41 0 d-------- C:\EA GAMES 2008-02-11 14:02:09 0 d-------- C:\Program Files\Lavasoft 2008-02-11 14:02:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-10 14:53:53 0 d-------- C:\Program Files\Spyware Doctor 2008-02-10 14:49:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-10 14:18:11 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-10 14:11:14 0 d-------- C:\WINDOWS\Spyware Sweeper Pro 2008-02-09 17:22:46 0 d-------- C:\Program Files\Common Files\INCA Shared 2008-02-06 16:13:36 0 d-------- C:\Program1 2008-02-04 14:36:44 0 d-------- C:\Program Files\Drmupgds 2008-02-03 18:23:11 0 d-------- C:\Documents and Settings\Enrique\Application Data\Move Networks 2008-01-28 13:11:09 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2008-01-28 13:08:20 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2008-01-28 13:08:20 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS> -- Find3M Report --------------------------------------------------------------- 2008-02-14 13:19:46 0 d-------- C:\Program Files\Steam 2008-02-14 13:19:44 0 d-------- C:\Program Files\PC Tools AntiVirus 2008-02-14 10:45:38 0 d-------- C:\Documents and Settings\Enrique\Application Data\BitTorrent DNA 2008-02-14 10:42:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-12 20:01:31 0 d-------- C:\Program Files\Common Files\Adobe 2008-02-10 14:53:53 0 d-------- C:\Documents and Settings\Enrique\Application Data\PC Tools 2008-02-10 14:49:20 0 d-------- C:\Program Files\Google 2008-02-09 22:04:30 0 d-------- C:\Documents and Settings\Enrique\Application Data\BitTorrent 2008-02-09 19:48:14 0 d-------- C:\Program Files\MP3 Player Utilities 3.68 2008-02-09 17:22:46 0 d-------- C:\Program Files\Common Files 2008-02-08 19:03:37 0 d-------- C:\Documents and Settings\Enrique\Application Data\LimeWire 2008-01-28 13:12:44 0 d-------- C:\Program Files\Ahead 2008-01-28 13:08:25 0 d-------- C:\Program Files\Common Files\Ahead 2008-01-20 11:16:11 2684 --a------ C:\WINDOWS\mozver.dat 2008-01-15 15:41:05 0 d-------- C:\Documents and Settings\Enrique\Application Data\U3 2008-01-12 19:50:20 0 d-------- C:\Program Files\3ivx 2008-01-02 16:09:08 0 d-------- C:\Program Files\VirtualDJ 2007-12-27 14:17:08 0 d-------- C:\Program Files\Western Digital Technologies 2007-12-26 15:24:29 0 d-------- C:\Documents and Settings\Enrique\Application Data\Nero 2007-12-26 15:22:52 0 d-------- C:\Program Files\Common Files\Nero 2007-12-26 15:19:58 0 d-------- C:\Program Files\Nero 2007-12-22 13:32:57 0 d-------- C:\Program Files\MSECache 2007-12-16 23:15:43 0 d-------- C:\Program Files\ShutDown After -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [03/23/2006 07:17 PM] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [03/23/2006 07:13 PM] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [03/23/2006 07:17 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [06/22/2004 07:05 AM] "HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [07/07/2005 11:55 PM] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/05/2003 02:41 PM] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [07/07/2005 11:55 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [05/17/2007 10:41 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 03:55 PM] "CTSVolFE"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [02/23/2005 02:57 PM] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 07:05 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [07/09/2001 11:50 AM] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [05/17/2007 10:41 AM] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [09/21/2007 12:56 PM] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM] "SpywareSweeperProMFC"="C:\Program Files\Spyware Sweeper Pro\Spyware Sweeper Pro.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [02/10/2008 02:49 PM] "Steam"="C:\Program Files\Steam\Steam.exe" [02/11/2008 04:16 PM] C:\Documents and Settings\Enrique\Start Menu\Programs\Startup\ ShutDown After.lnk - C:\Program Files\ShutDown After\SA.exe [12/16/2007 11:15:42 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/7/2007 3:56:56 PM] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/10/2008 2:49:21 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\M] AutoRun\command- M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{71928b32-4f8b-11dc-8475-001676652a20}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAAV/CAInstallationMenu.html [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da2819fa-9a48-11dc-859e-001676652a20}] AutoRun\command- K:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2008-02-14 13:25:33 ------------ Thanks for everything
|
|
#9
February 14th, 2008, 09:25 PM
|
|||
|
|||
|
Zeomax,
You did not post the SuperAntiSpyware log that I requested. It does appear that you installed but just didn't post the log you can locate the log from below: Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here. Last edited by Cibertec; February 14th, 2008 at 09:41 PM.
|
|
#10
February 15th, 2008, 03:40 PM
|
|||
|
|||
|
No log
Hi, the first time I did step #3, the superantispyware showed me that removed various cookie trackers and ad ware. However, when I checked It showed no log at all, I did it one more time, this time it showed no infections but with no log too. I don't know if it helps but the Ronds.starsdoor.com pop up doesn't show up anymore.
|
|
#11
February 15th, 2008, 07:27 PM
|
|||
|
|||
|
ZeoMax,
Glad to hear the popups are gone but that doesn't always mean that your systems is clean. I will need to look at some more logs. Please do the following: STEP 1 Please disable your AntiVirus software! Open notepad and copy/paste the text in the quotebox below into it: Code:
Folder:: C:\Program Files\Drmupgds DIRLOOK: C:\Program1 Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown:  ComboFix will run as it did earlier. Remember to leave the mouse and keyboard undisturbed while ComboFix is running. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply. Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system. STEP 2 Post the Combofix log
|
|
#12
February 15th, 2008, 08:04 PM
|
|||
|
|||
|
Here is the new Combofix log (1st part of 3)
ComboFix 08-02-14.2 - Enrique 2008-02-15 13:56:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.545 [GMT -5:00] Running from: C:\ComboFix.exe Command switches used :: C:\Documents and Settings\Enrique\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Drmupgds C:\Program Files\Drmupgds\Drmupgds.exe C:\Program1 C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\00000000.016 C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\00000000.256 C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\AudioEnglishZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\AudioZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\BINKW32.DLL C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\sccattack.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCAttack_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCAttMov.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCAttMov_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCCashHack.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCEnter.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCEnter_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCExit.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCFriendly.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCFriendly_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCGuard.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCHeal.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCHostile.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCHostile_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCHostile2.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCHostile3.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCKnifeAttack.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\sccmove.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCMove_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCNoAction.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCNoAction_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCNoBomb.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCNoEntry.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCNoEntry_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCNoKnife.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCOutrange.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCPlace.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCPlaceBeacon.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\sccpointer.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCRallyPnt.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCRallyPnt_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCRemoteChg.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCRepair.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCResumeC.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\sccscroll0.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\sccscroll1.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\sccscroll2.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\sccscroll3.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCScroll4.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCScroll5.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCScroll6.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCScroll7.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCSDIUplink.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCSelect.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCSell.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCSniper.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCSpyDrone.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCStop.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCTimedChg.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCTNTAttack.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCWaypoint.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Cursors\SCCWaypoint_S.ani C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_AirGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_AirGen_inv_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_BossGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_BossGen_inv_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_DemolGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_DemolGen_inv_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_InfantryGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_InfantryGen_inv_000. bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_LaserGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_LaserGen_inv_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_NukeGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_NukeGen_inv_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_StealthGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_StealthGen_inv_000.b ik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_SuperGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_SuperGen_inv_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_TankGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_TankGen_inv_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_ThraxGen_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\Comp_ThraxGen_inv_000.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\EA_LOGO.BIK C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\EA_LOGO640.BIK C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_China01_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_China02_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_China03_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_China04_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_China05_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_GLA01_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_GLA02_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_GLA03_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_GLA04_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_GLA05_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_USA01_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_USA02_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_USA03_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_USA04_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\MD_USA05_0.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\sizzle_review.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\English\Movies\sizzle_review640.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Movies\GC_Background.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Movies\VS_small.bik C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Scripts\MultiplayerScripts.scb C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Scripts\Scripts.ini C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\Scripts\SkirmishScripts.scb C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust00.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust01.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust02.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust03.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust04.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust05.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust06.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust07.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust08.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust09.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust10.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust11.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust12.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust13.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust14.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust15.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust16.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust17.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust18.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust19.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust20.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust21.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust22.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust23.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust24.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust25.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust26.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust27.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust28.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust29.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust30.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Data\WaterPlane\caust31.tga C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\dbghelp.dll C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\DrvMgt.dll C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\EnglishZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\game original 1.2.dat C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\generals original.exe C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Generals.dat C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\generals.exe C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Generals.ico C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\generals.lcf C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Generals2.dat C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\generals2.exe C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\generals2.lcf C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\GeneralsZH.ico C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\GensecZH.big
|
|
#13
February 15th, 2008, 08:05 PM
|
|||
|
|||
|
2nd part of 3
C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Genväg till generals.lnk
C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\INIZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Install_Final.bmp C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\langdata.dat C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\launcher.bmp C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\launcher.txt C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MapsZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\mssa3d.m3d C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\mssds3d.m3d C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\mssdsp.flt C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\mssdx7.m3d C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\msseax.m3d C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\mssmp3.asi C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\mssrsx.m3d C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\msssoft.m3d C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MSS\mssvoice.asi C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\mss32.dll C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\Music.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\MusicZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\P2XDLL.DLL C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\patch.doc C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\patchget.dat C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\patchw32.dll C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\PatchZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\readme.doc C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\SECDRV.SYS C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\ShadersZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\SpeechEnglishZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\SpeechZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\support\Command and Conquer Generals Zero Hour_eReg.exe C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\support\Command and Conquer Generals Zero Hour_EZ.exe C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\support\Command and Conquer Generals Zero Hour_uninst.exe C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\support\en-uk_eahelp.hlp C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\support\en-us_eahelp.hlp C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\support\go_ez.exe C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\support\Readme.doc C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\support\readme.txt C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\TerrainZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\TexturesZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\W3DEnglishZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\W3DZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\WindowZH.big C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\WorldBuilder.exe C:\Program1\EA GAMES\Command and Conquer Generals\00000000.016 C:\Program1\EA GAMES\Command and Conquer Generals\00000000.256 C:\Program1\EA GAMES\Command and Conquer Generals\1Alternativ nycklar.reg C:\Program1\EA GAMES\Command and Conquer Generals\2 Alternativ nycklar.reg C:\Program1\EA GAMES\Command and Conquer Generals\3 Alternativ nycklar.reg C:\Program1\EA GAMES\Command and Conquer Generals\4 Alternativ nycklar.reg C:\Program1\EA GAMES\Command and Conquer Generals\5 Alternativ nycklar.reg C:\Program1\EA GAMES\Command and Conquer Generals\6 Alternativ nycklar.reg C:\Program1\EA GAMES\Command and Conquer Generals\Audio.big C:\Program1\EA GAMES\Command and Conquer Generals\AudioEnglish.big C:\Program1\EA GAMES\Command and Conquer Generals\BINKW32.DLL C:\Program1\EA GAMES\Command and Conquer Generals\BrowserEngine.dll C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\sccattack.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCAttack_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCAttMov.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCAttMov_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCCashHack.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCEnter.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCEnter_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCExit.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCFriendly.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCFriendly_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCGuard.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCHeal.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCHostile.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCHostile_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCHostile2.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCHostile3.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCKnifeAttack.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\sccmove.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCMove_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCNoAction.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCNoAction_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCNoBomb.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCNoEntry.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCNoEntry_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCNoKnife.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCOutrange.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCPlace.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCPlaceBeacon.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\sccpointer.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCRallyPnt.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCRallyPnt_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCRemoteChg.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCRepair.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCResumeC.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\sccscroll0.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\sccscroll1.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\sccscroll2.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\sccscroll3.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCScroll4.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCScroll5.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCScroll6.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCScroll7.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCSDIUplink.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCSelect.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCSell.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCSniper.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCSpyDrone.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCStop.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCTimedChg.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCTNTAttack.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCWaypoint.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\Cursors\SCCWaypoint_S.ani C:\Program1\EA GAMES\Command and Conquer Generals\Data\english\Movies\EA_LOGO.BIK C:\Program1\EA GAMES\Command and Conquer Generals\Data\english\Movies\EA_LOGO640.BIK C:\Program1\EA GAMES\Command and Conquer Generals\Data\english\Movies\sizzle_review.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\english\Movies\sizzle_review640.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\CHINA_end.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\CHINA_end640.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\China01_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\China02_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\China03_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\China04_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\China05_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\China06_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\China07_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA_end.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA_end640.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA01_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA02_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA03_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA04_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA05_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA06_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA07_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\GLA08_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\Training_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA_end.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA_end640.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA01_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA02_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA03_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA04_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA06_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA07_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Movies\USA08_Final_00s.bik C:\Program1\EA GAMES\Command and Conquer Generals\Data\Scripts\MultiplayerScripts.scb C:\Program1\EA GAMES\Command and Conquer Generals\Data\Scripts\SkirmishScripts.scb C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust00.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust01.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust02.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust03.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust04.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust05.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust06.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust07.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust08.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust09.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust10.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust11.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust12.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust13.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust14.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust15.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust16.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust17.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust18.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust19.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust20.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust21.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust22.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust23.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust24.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust25.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust26.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust27.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust28.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust29.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust30.tga C:\Program1\EA GAMES\Command and Conquer Generals\Data\WaterPlane\caust31.tga C:\Program1\EA GAMES\Command and Conquer Generals\dbghelp.dll C:\Program1\EA GAMES\Command and Conquer Generals\DrvMgt.dll C:\Program1\EA GAMES\Command and Conquer Generals\English.big C:\Program1\EA GAMES\Command and Conquer Generals\game Original 1.7.dat C:\Program1\EA GAMES\Command and Conquer Generals\game.dat C:\Program1\EA GAMES\Command and Conquer Generals\generals original.exe C:\Program1\EA GAMES\Command and Conquer Generals\Generals.dat C:\Program1\EA GAMES\Command and Conquer Generals\Generals.exe C:\Program1\EA GAMES\Command and Conquer Generals\Generals.ico C:\Program1\EA GAMES\Command and Conquer Generals\generals.lcf C:\Program1\EA GAMES\Command and Conquer Generals\gensec.big C:\Program1\EA GAMES\Command and Conquer Generals\INI.big C:\Program1\EA GAMES\Command and Conquer Generals\Install_Final.bmp C:\Program1\EA GAMES\Command and Conquer Generals\langdata.dat C:\Program1\EA GAMES\Command and Conquer Generals\launcher.bmp C:\Program1\EA GAMES\Command and Conquer Generals\Launcher.txt C:\Program1\EA GAMES\Command and Conquer Generals\Maps.big C:\Program1\EA GAMES\Command and Conquer Generals\MSS\mssa3d.m3d C:\Program1\EA GAMES\Command and Conquer Generals\MSS\mssds3d.m3d C:\Program1\EA GAMES\Command and Conquer Generals\MSS\mssdsp.flt C:\Program1\EA GAMES\Command and Conquer Generals\MSS\mssdx7.m3d C:\Program1\EA GAMES\Command and Conquer Generals\MSS\msseax.m3d C:\Program1\EA GAMES\Command and Conquer Generals\MSS\mssmp3.asi C:\Program1\EA GAMES\Command and Conquer Generals\MSS\mssrsx.m3d C:\Program1\EA GAMES\Command and Conquer Generals\MSS\msssoft.m3d C:\Program1\EA GAMES\Command and Conquer Generals\MSS\mssvoice.asi C:\Program1\EA GAMES\Command and Conquer Generals\mss32.dll C:\Program1\EA GAMES\Command and Conquer Generals\Music.big C:\Program1\EA GAMES\Command and Conquer Generals\P2XDLL.DLL C:\Program1\EA GAMES\Command and Conquer Generals\Patch.big C:\Program1\EA GAMES\Command and Conquer Generals\Patch.doc C:\Program1\EA GAMES\Command and Conquer Generals\patchget.dat C:\Program1\EA GAMES\Command and Conquer Generals\patchw32.dll C:\Program1\EA GAMES\Command and Conquer Generals\readme.doc C:\Program1\EA GAMES\Command and Conquer Generals\Register nycklar.reg C:\Program1\EA GAMES\Command and Conquer Generals\SECDRV.SYS C:\Program1\EA GAMES\Command and Conquer Generals\shaders.big C:\Program1\EA GAMES\Command and Conquer Generals\Speech.big C:\Program1\EA GAMES\Command and Conquer Generals\SpeechEnglish.big C:\Program1\EA GAMES\Command and Conquer Generals\support\Command and Conquer Generals_EZ.exe C:\Program1\EA GAMES\Command and Conquer Generals\support\en-uk_eahelp.hlp C:\Program1\EA GAMES\Command and Conquer Generals\support\en-us_eahelp.hlp C:\Program1\EA GAMES\Command and Conquer Generals\support\Generals_eReg.exe C:\Program1\EA GAMES\Command and Conquer Generals\support\Generals_uninst.exe C:\Program1\EA GAMES\Command and Conquer Generals\support\go_ez.exe C:\Program1\EA GAMES\Command and Conquer Generals\support\Readme.doc C:\Program1\EA GAMES\Command and Conquer Generals\support\readme.txt C:\Program1\EA GAMES\Command and Conquer Generals\Terrain.big C:\Program1\EA GAMES\Command and Conquer Generals\Textures.big C:\Program1\EA GAMES\Command and Conquer Generals\W3D.big
|
|
#14
February 15th, 2008, 08:05 PM
|
|||
|
|||
|
3rd of 3
C:\Program1\EA GAMES\Command and Conquer Generals\Window.big
C:\Program1\EA GAMES\Command and Conquer Generals\WorldBuilder.exe C:\Program1\EA GAMES\Install.iip C:\Program1\EA GAMES\Uninstal.exe . ((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))) . 2008-02-14 10:48 . 2008-02-14 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-02-14 10:42 . 2008-02-14 20:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-14 10:42 . 2008-02-14 10:42 <DIR> d-------- C:\Documents and Settings\Enrique\Application Data\SUPERAntiSpyware.com 2008-02-14 10:42 . 2008-02-14 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-14 10:29 . 2008-02-14 10:29 1,597,302 --a------ C:\ComboFix.exe 2008-02-13 21:16 . 2008-02-13 21:16 <DIR> d-------- C:\Deckard 2008-02-12 23:36 . 2008-02-12 23:40 <DIR> d-------- C:\EA GAMES 2008-02-11 14:02 . 2008-02-11 14:02 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-11 14:02 . 2008-02-14 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-10 14:54 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-10 14:54 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-10 14:54 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-10 14:54 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-10 14:53 . 2008-02-11 09:04 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-10 14:49 . 2008-02-14 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-10 14:18 . 2008-02-13 21:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-10 14:11 . 2008-02-10 14:11 <DIR> d-------- C:\WINDOWS\Spyware Sweeper Pro 2008-02-09 17:22 . 2008-02-09 17:22 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-02-03 18:23 . 2008-02-03 18:23 <DIR> d-------- C:\Documents and Settings\Enrique\Application Data\Move Networks 2008-01-28 13:13 . 2004-09-13 07:17 2,146,304 --------- C:\WINDOWS\UNNMP.exe 2008-01-28 13:13 . 2004-09-22 11:13 52,502 --------- C:\WINDOWS\UNNMP.cfg 2008-01-28 13:11 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-01-28 13:08 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-01-28 13:08 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-15 18:49 --------- d-----w C:\Documents and Settings\Enrique\Application Data\BitTorrent DNA 2008-02-15 18:09 --------- d-----w C:\Program Files\Steam 2008-02-15 18:09 --------- d-----w C:\Program Files\PC Tools AntiVirus 2008-02-14 15:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-13 01:01 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-10 19:53 --------- d-----w C:\Documents and Settings\Enrique\Application Data\PC Tools 2008-02-10 19:49 --------- d-----w C:\Program Files\Google 2008-02-10 03:04 --------- d-----w C:\Documents and Settings\Enrique\Application Data\BitTorrent 2008-02-10 00:48 --------- d-----w C:\Program Files\MP3 Player Utilities 3.68 2008-02-09 00:03 --------- d-----w C:\Documents and Settings\Enrique\Application Data\LimeWire 2008-01-28 18:12 --------- d-----w C:\Program Files\Ahead 2008-01-28 18:08 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-15 20:41 --------- d-----w C:\Documents and Settings\Enrique\Application Data\U3 2008-01-13 00:50 --------- d-----w C:\Program Files\3ivx 2008-01-02 21:09 --------- d-----w C:\Program Files\VirtualDJ 2007-12-27 19:17 --------- d-----w C:\Program Files\Western Digital Technologies 2007-12-26 20:24 --------- d-----w C:\Documents and Settings\Enrique\Application Data\Nero 2007-12-26 20:22 --------- d-----w C:\Program Files\Common Files\Nero 2007-12-26 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2007-12-26 20:19 --------- d-----w C:\Program Files\Nero 2007-12-22 18:32 --------- d-----w C:\Program Files\MSECache 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-17 04:15 --------- d-----w C:\Program Files\ShutDown After 2007-12-14 00:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 14:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-12-03 23:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-07-20 01:49 92,064 ----a-w C:\Documents and Settings\Enrique\mqdmmdm.sys 2007-07-20 01:49 9,232 ----a-w C:\Documents and Settings\Enrique\mqdmmdfl.sys 2007-07-20 01:49 79,328 ----a-w C:\Documents and Settings\Enrique\mqdmserd.sys 2007-07-20 01:49 66,656 ----a-w C:\Documents and Settings\Enrique\mqdmbus.sys 2007-07-20 01:49 6,208 ----a-w C:\Documents and Settings\Enrique\mqdmcmnt.sys 2007-07-20 01:49 5,936 ----a-w C:\Documents and Settings\Enrique\mqdmwhnt.sys 2007-07-20 01:49 4,048 ----a-w C:\Documents and Settings\Enrique\mqdmcr.sys 2007-07-20 01:49 25,600 ----a-w C:\Documents and Settings\Enrique\usbsermptxp.sys 2007-07-20 01:49 22,768 ----a-w C:\Documents and Settings\Enrique\usbsermpt.sys 2007-07-03 00:15 25,990,432 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 10:41 1074736] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-21 12:56 286016] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] "SpywareSweeperProMFC"="C:\Program Files\Spyware Sweeper Pro\Spyware Sweeper Pro.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-02-10 14:49 68856] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-11 16:16 1266936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2006-03-23 19:17 94208] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2006-03-23 19:13 77824] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2006-03-23 19:17 118784] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [2004-06-22 07:05 172032] "HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 14:41 49152] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55 491520] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 10:41 1074736] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064] "CTSVolFE"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 14:57 57344] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 19:05 200704] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\Enrique\Start Menu\Programs\Startup\ ShutDown After.lnk - C:\Program Files\ShutDown After\SA.exe [2007-12-16 23:15:42 77824] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-07 15:56:56 113664] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-10 14:49:21 125624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll S3 DCamUSBMR;CMOS 100K-R Rev. 1.90;C:\WINDOWS\system32\DRIVERS\MR97110.sys [2001-08-21 14:47] S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGu ard\dump_wmimmc.sys [] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 14:19] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRI VERS\motccgpfl.sys [2007-01-23 19:03] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 14:11] S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\M] \Shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{71928b32-4f8b-11dc-8475-001676652a20}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAAV/CAInstallationMenu.html [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da2819fa-9a48-11dc-859e-001676652a20}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-12-18 13:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-15 00:58:01 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-15 13:58:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-02-15 13:59:15 ComboFix-quarantined-files.txt 2008-02-15 18:59:13 ComboFix2.txt 2008-02-14 15:34:35 . 2008-02-14 14:41:14 --- E O F ---
|
|
#15
February 16th, 2008, 10:08 PM
|
|||
|
|||
|
ZeoMax,
Looking at your Combofix log, I seemed to find a bug in the program. Combofix deleted a folder that it shouldn't have so now we need to replace that folder back to its original location. We have already talked to the programmer of the utility and he has fixed the bug so this won't happen again. Lets get that folder replaced. Please do the following: STEP 1 Download the following file here to your desktop named Ren.bat STEP 2 Lets take a look and make sure all the files got changed. Go to Start > Run and type: cmd.exe and ok. Copy and paste the below string after the prompt > and hit Enter. dir /s /a "C:\Qoobox\Quarantine\C\Program1" > c:\find.txt & start notepad c:\find.txt Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread. Last edited by Cibertec; February 16th, 2008 at 10:22 PM.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| rond.starsdoor.com pop ups!Moved from WinNT by Murray | crzeguy | Malware Removal | 9 | January 11th, 2008 04:44 AM |
| "rond.starsdoor.com" Popup problem: Moved from I/B by Murray | crabtrap | Malware Removal | 11 | January 6th, 2008 08:14 AM |
| need help with rond.starsdoor pop ups | natasa | Malware Removal | 1 | December 9th, 2007 11:06 PM |
| rond.starsdoor.com HELP!!!! | kendace11 | Malware Removal | 8 | September 28th, 2007 10:25 PM |
| Please Help Me With rond.starsdoor | jdahlen4 | Malware Removal | 11 | July 12th, 2007 03:17 PM |
All times are GMT +1. The time now is 02:15 PM.