Jump to content


Photo

Vx2 Malware


  • Please log in to reply
25 replies to this topic

#1 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 07 July 2007 - 03:55 AM

Every now and then I keep getting a VX2 Malware and a Wurlview Data Miner warning when I run AdAware 2007 from Windows Safe Mode...

I tell the program to delete these threats... however they seem to keep coming back (even though the program says everything is clear.... after doing a Full Scan.

Any suggestions on how to get rid of this malware for good?

#2 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 07 July 2007 - 06:04 PM

Hello DarkFury,

Could you please post your Ad-Aware scan log so that we can see exactly what items are being detected and where?

As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#3 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 07 July 2007 - 06:45 PM

Ok... I have a question before I do this.

I see 5 files in my C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs directory.

Ad-Aware update.log
AdAware event.log
update.log
Ad-Aware 20070705 18-42-40.log.xml
aaw2007log.xsl

Which files do you want me to post? Also, that 4th file looks suspicious with a .log.xml extension (don't wanna accidentally trigger a trojan if that is the case...)

I ran the last scan from Safe Mode, so that there aren't any files in the [Username] Lavasoft directory (although I have run the program from Windows before.) I wonder if something cleaned those logs out of the system.

#4 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 07 July 2007 - 06:57 PM

It is this one:
Ad-Aware 20070705 18-42-40.log.xml

No, that isn't a virus it's the scan log. :D

Open it and then copy and paste in the results here. I don't think you can attach an xml file as an attachment
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#5 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 07 July 2007 - 09:15 PM

Thank you... here is the log:

Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2007-07-0518:42:40
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:KAPPA1
Name of user performing scan:SYSTEM
Name of user ordering scan:Jaryl
Scan completed successfully

System Information
File Verion Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:2
Processor type:Intel® Pentium® 4 CPU 3.40GHz
Memory Available:78%
Total Physical Memory:2146152448 Bytes
Available Physical Memory:1663991808 Bytes
Total Page File Size:3599659008 Bytes
Available On Page File:3322769408 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1997590528 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7, 0, 1, 4
aawservice.exe 7, 0, 1, 4
Ad-Aware2007.exe 7.0.1.4
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Update Definitions on startup
Delete Restored Items
Permanent Archive Caching
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
Consider definitions File Outdated after x days
Proxy URL
Proxy Port
[to top]
Database Info
Version number:7
Build Number:0
Build Date and Time:2007/07/0501:55:33
[to top]
Scan Statistics
Method:Full

Items Scanned:242238
Infections Detected:5
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 2 2
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 1 1
File Hash Scan 0 0
[to top]
Infections Found
Family Id Name Category TAI
776 VX2 Malware 10
[300016485] Root: HKU Path: S-1-5-19_Classes\\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

1106 WurldMedia DataMiner 9
[300025356] Root: HKU Path: S-1-5-19_Classes\\interface\{67972704-3546-4e3d-ab46-e39dbae06123}

725 Tracking Cookie DataMiner 3
[600000416] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat www.mediarevenue.net MAXID /

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Jaryl\Recent Count: 12
[3] MRU Registry Key: S-1-5-21-484763869-1935655697-839522115-1002\Software\Microsoft\Internet Explorer\TypedURLs Count: 4


Quarantined Objects
Family Id Name Category TAI

Removed Objects
Family Id Name Category TAI
725 Tracking Cookie DataMiner 3
[600000416] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat www.mediarevenue.net MAXID /

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Jaryl\Recent Count: 12
[3] MRU Registry Key: S-1-5-21-484763869-1935655697-839522115-1002\Software\Microsoft\Internet Explorer\TypedURLs Count: 4

[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\xpsp2res.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\atl.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\raschap.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\winspool.drv
c:\windows\system32\browser.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\browseui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msutb.dll
c:\windows\system32\msctf.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\mlang.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\samlib.dll
c:\windows\system32\davclnt.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware 2007\ceapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\program files\lavasoft\ad-aware 2007\update.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
c:\windows\system32\wbem\wmiprvse.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\licwmi.dll
c:\windows\system32\wbem\framedyn.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\licdll.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\cimwin32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wmi.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\secur32.dll

#6 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 08 July 2007 - 04:08 AM

Thanks!

These are not active infections, but rather some trace items in the registry. Odd that nothing else was found with it - let me research what this find is.

The MRU's you can ignore - in fact they are not threats but can be useful so I would suggest you tweak the scanning and choose to leave the MRU's (most recently used lists) off.

These are what I want to look at a little closer:

Family Id Name Category TAI
776 VX2 Malware 10
[300016485] Root: HKU Path: S-1-5-19_Classes\\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

1106 WurldMedia DataMiner 9
[300025356] Root: HKU Path: S-1-5-19_Classes\\interface\{67972704-3546-4e3d-ab46-e39dbae06123}

725 Tracking Cookie DataMiner 3
[600000416] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat www.mediarevenue.net MAXID /

Those last two are coming from a cookie and finding the reference in the cookies index.dat - not a threat either really but let me investigate some more on this.

You do not have an active infection going there so you can rest easy on that.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#7 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 08 July 2007 - 09:46 AM

You do not have an active infection going there so you can rest easy on that.

Thank you so much.... that is sure a relief!!!!

Seeing that VX2 alert pop up twice (I attempted to remove it previously about 2 weeks ago...) just made me nervous.... and reading out on the web, folks have been talking about it's ability to mask itself and re-write it's code to a different name in order to avoid detection and cleaning.

This is what got me so spooked about this malware....

#8 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 08 July 2007 - 02:50 PM

Thank you so much.... that is sure a relief!!!!

Seeing that VX2 alert pop up twice (I attempted to remove it previously about 2 weeks ago...) just made me nervous.... and reading out on the web, folks have been talking about it's ability to mask itself and re-write it's code to a different name in order to avoid detection and cleaning.

This is what got me so spooked about this malware....

Yes, I can see why you would be worried. That is also the reason I wanted to assure you that those few keys alone do not signify either an active infection nor, with no other signs of that particular malware present, that this machine had a prior infection either.

I found another thread in here reporting the exact same
http://www.lavasofts...showtopic=10191
and this makes me wonder if there is a legit software out there that is using the same CSLID identifier. That is a VERY rare occurrence but can happen.

See this example
http://www.lavasofts...?showtopic=5288

I've been doing malware removal since 1999 and am quite familiar with Vx2 and related infections. You do not have any other signs of it (and those would show in different areas) other than these couple of keys so I'm suspecting something else causing the alert. There are NO associated files present either - files are the root of any infection (not registry keys) - so those keys alone cannot infect your machine.

My suggestion is to put those on "ignore" for now while we investigate.

In trying to pin down exactly what is using those keys - could you please run these two free diagnostic tools to generate a log I can review? This will give a little more info about what is running on your system.

1. Download ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
.........................
2. Deckard’s System Scanner
http://www.techsuppo...Deckard/dss.exe
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.


1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized[/size]
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post in your reply
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#9 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 09 July 2007 - 07:03 AM

ComboFix Log:

"Jaryl" - 2007-07-09 2:00:58 - ComboFix 07-07-09.3 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\#SharedObjects\BBMR5YNH\www.broadcaster.com
C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\#SharedObjects\BBMR5YNH\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\#SharedObjects\BBMR5YNH\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-09 01:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 09:08 <DIR> d-------- C:\Program Files\Prime95
2007-06-26 22:53 <DIR> d-------- C:\Program Files\Lavalys
2007-06-26 17:03 <DIR> d-------- C:\DOCUME~1\Jaryl\APPLIC~1\U3
2007-06-24 22:08 1,018,772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-20 19:26 <DIR> d-------- C:\DOCUME~1\Jaryl\APPLIC~1\DivX
2007-06-20 19:25 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-20 19:25 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-20 19:25 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-20 19:25 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-20 19:25 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-06-20 19:25 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-06-20 19:25 <DIR> d-------- C:\Program Files\DivX
2007-06-18 00:54 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-06-18 00:53 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-06-17 22:35 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-06-17 22:35 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-06-17 22:35 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-06-17 22:35 <DIR> d-------- C:\Program Files\Futuremark
2007-06-17 00:49 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-06-17 00:49 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-06-17 00:49 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-06-17 00:49 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-06-17 00:49 <DIR> d-------- C:\DOCUME~1\Jaryl\APPLIC~1\Logitech
2007-06-17 00:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
2007-06-17 00:48 <DIR> d-------- C:\Program Files\Logitech
2007-06-17 00:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-06-16 22:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-16 22:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-16 22:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-13 00:26 <DIR> d-------- C:\WINDOWS\pss


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 03:17:07 -------- d-----w C:\Program Files\City of Heroes
2007-07-07 20:13:47 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000C-00001102-00000004-20021102}.dat
2007-07-07 20:13:47 384 ----a-w C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000C-00001102-00000004-20021102}.dat
2007-07-05 02:16:41 -------- d-----w C:\Program Files\EPSON Print CD
2007-07-04 05:10:29 -------- d-----w C:\Program Files\Norton SystemWorks
2007-06-30 00:28:34 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 03:17:36 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-06-25 03:17:36 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-06-18 04:54:07 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-06-18 04:52:45 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 04:49:10 -------- d-----w C:\Program Files\Common Files\Logitech
2007-06-11 01:27:49 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\EPSON
2007-06-08 06:33:38 -------- d-----w C:\Program Files\Lavasoft
2007-06-08 06:33:08 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-08 06:32:28 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Lavasoft
2007-06-05 03:54:37 -------- d-----w C:\Program Files\PerformanceTest
2007-06-05 03:48:43 -------- d-----w C:\Program Files\CheckIt
2007-06-05 03:44:45 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Symantec
2007-06-05 03:38:15 -------- d-----w C:\Program Files\Symantec
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-30 06:48:40 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-24 06:12:22 -------- d-----w C:\Program Files\CohTest
2007-05-24 00:33:23 -------- d-----w C:\Program Files\CoH Hero Builder
2007-05-23 03:09:10 -------- d-----w C:\Program Files\ColorCop
2007-05-23 02:38:34 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\OfficeUpdate12
2007-05-23 02:38:14 -------- d-----w C:\Program Files\Microsoft Works
2007-05-23 02:28:52 -------- d-----w C:\Program Files\Common Files\L&H
2007-05-23 02:28:14 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-22 03:55:00 -------- d-----w C:\Program Files\WS_FTP
2007-05-21 03:00:22 -------- d-----w C:\Program Files\NEC DISPLAY SOLUTIONS
2007-05-20 00:01:25 -------- d-----w C:\Program Files\HeroStats
2007-05-20 00:00:48 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\InstallShield
2007-05-18 23:16:03 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\InterTrust
2007-05-17 05:05:10 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:32:29 -------- d-----w C:\Program Files\Executive Software
2007-05-16 11:13:32 -------- d-----w C:\Program Files\NoteTab Pro
2007-05-16 04:28:00 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Ventrilo
2007-05-16 04:25:38 -------- d-----w C:\Program Files\Ventrilo
2007-05-16 03:45:21 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Ideazon
2007-05-16 03:44:39 -------- d-----w C:\Program Files\Ideazon
2007-05-16 03:23:30 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-16 02:51:56 10,344 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-05-16 01:18:01 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Creative
2007-05-16 01:16:29 -------- d-----w C:\Program Files\Creative
2007-05-16 01:12:19 184 ----a-w C:\WINDOWS\system32\e000001.dat
2007-05-16 00:48:22 -------- d-----w C:\Program Files\Saitek
2007-05-16 00:41:28 -------- d-----w C:\Program Files\EPSON
2007-05-16 00:38:12 -------- d-----w C:\Program Files\NewSoft
2007-05-16 00:37:28 -------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-05-16 00:36:27 -------- d-----w C:\Program Files\ArcSoft
2007-05-16 00:33:54 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-11 19:33:20 1,419,024 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-04-11 19:32:22 56,080 ----a-w C:\WINDOWS\KHALMNPR.Exe
2007-04-11 16:04:16 524,288 ----a-w C:\WINDOWS\opuc.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-23 00:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
2007-04-02 20:19 140912 --a------ C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2003-10-06 02:57 C:\WINDOWS\system32\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"HPWNTOOLBOX"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 18:47]
"Agent"="C:\Program Files\CyberLink\PowerVCRII\Agent.exe" [2002-10-01 16:57]
"Remote_Agent"="C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe" [2002-10-07 11:35]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2004-10-20 13:47]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2004-10-20 13:48]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2004-10-20 13:06]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00]
"CTHelper"="CTHELPER.EXE" [2003-10-06 02:57 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 03:27]
"Norton Ghost 10.0"="C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 13:01]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-04-03 20:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 17:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
AutoRun\command- P:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-05-26 05:01:00 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Jaryl.job
2007-06-25 16:00:02 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
2007-07-09 04:00:00 C:\WINDOWS\tasks\Symantec Drmc.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 02:03:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-09 2:03:51
C:\ComboFix-quarantined-files.txt ... 2007-07-09 02:03

--- E O F ---



====================================================================================

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:06:38 AM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
E:\Downloads\hijack this\Version 2\HiJackThis_v2.exe
C:\WINDOWS\system32\cmd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121326235311
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1179877208967
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10106 bytes

#10 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 09 July 2007 - 07:09 AM

Deckard Scanner logs:

Main:

Deckard's System Scanner v20070708.52
Run by Jaryl on 2007-07-09 at 02:11:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
43: 2007-07-09 06:11:17 UTC - RP142 - Deckard's System Scanner Restore Point
42: 2007-07-08 03:59:22 UTC - RP141 - System Checkpoint
41: 2007-07-07 02:10:37 UTC - RP140 - System Checkpoint
40: 2007-07-06 00:27:25 UTC - RP139 - System Checkpoint
39: 2007-07-04 07:23:19 UTC - RP138 - System Checkpoint


-- First Restore Point --
1: 2007-05-19 23:52:16 UTC - RP100 - Removed VidiotMaps Map Overlay


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-09 02:12:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE
C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Program Files\CyberLink\PowerVCRII\agent.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jaryl\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.micr.../OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121326235311
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1179877208967
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.micros...ntent/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - "C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R2 ALIEHCD (ALi PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\aliehci.sys <Not Verified; ALi Corporation; ALi Ehci Host Controller Driver>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 aliroothub (USB 2.0 Root Hub) - c:\windows\system32\drivers\alirthub.sys <Not Verified; ALi Corporation; ALi Roothub Driver for USB2.0>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 EverestDriver (Lavalys EVEREST Kernel Driver) - c:\program files\lavalys\everest home edition\kerneld.wnt
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Diskeeper - "c:\program files\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 Speed Disk service - c:\progra~1\norton~1\norton~3\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-09 00:00:00 308 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
2007-06-25 12:00:02 292 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2007-05-26 01:01:00 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jaryl.job


-- Files created between 2007-06-09 and 2007-07-09 -----------------------------

2007-07-04 09:08:29 0 d-------- C:\Program Files\Prime95
2007-06-26 22:53:46 0 d-------- C:\Program Files\Lavalys
2007-06-26 17:03:37 0 d-------- C:\Documents and Settings\Jaryl\Application Data\U3
2007-06-24 22:08:00 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-20 19:26:29 0 d-------- C:\Documents and Settings\Jaryl\Application Data\DivX
2007-06-20 19:25:17 0 d-------- C:\Program Files\DivX
2007-06-18 00:54:07 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-06-18 00:53:26 5632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys <Not Verified; EnTech Taiwan; EnTech.sys>
2007-06-17 22:35:21 0 d-------- C:\WINDOWS\system32\Futuremark
2007-06-17 22:35:21 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-06-17 22:35:21 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2007-06-17 22:35:02 0 d-------- C:\Program Files\Futuremark
2007-06-17 00:49:54 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-06-17 00:49:51 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Logitech
2007-06-17 00:49:12 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-06-17 00:49:12 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-06-17 00:49:12 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-06-17 00:49:12 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-06-17 00:48:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-06-17 00:48:51 0 d-------- C:\Program Files\Logitech
2007-06-16 22:28:23 0 d-------- C:\Program Files\Windows Media Connect 2
2007-06-16 22:26:13 0 d-------- C:\WINDOWS\system32\LogFiles
2007-06-16 22:26:13 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-13 00:26:44 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2007-07-08 23:17:07 0 d-------- C:\Program Files\City of Heroes
2007-07-07 22:57:34 32 --a------ C:\Documents and Settings\Jaryl\Application Data\cntp.ini
2007-07-07 16:13:47 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000C-00001102-00000004-20021102}.dat
2007-07-07 16:13:47 384 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000C-00001102-00000004-20021102}.dat
2007-07-04 22:16:41 0 d-------- C:\Program Files\EPSON Print CD
2007-07-04 01:10:29 0 d-------- C:\Program Files\Norton SystemWorks
2007-06-29 20:28:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-18 00:54:07 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2007-06-18 00:52:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-17 00:49:10 0 d-------- C:\Program Files\Common Files\Logitech
2007-06-10 21:27:49 0 d-------- C:\Documents and Settings\Jaryl\Application Data\EPSON
2007-06-08 02:33:38 0 d-------- C:\Program Files\Lavasoft
2007-06-08 02:33:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-08 02:32:28 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Lavasoft
2007-06-05 23:23:51 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-04 23:54:37 0 d-------- C:\Program Files\PerformanceTest
2007-06-04 23:48:43 0 d-------- C:\Program Files\CheckIt
2007-06-04 23:44:45 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Symantec
2007-06-04 23:38:15 0 d-------- C:\Program Files\Symantec
2007-05-31 02:44:55 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 02:44:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-31 02:44:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 02:44:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-30 02:48:40 0 d-------- C:\Program Files\SpywareBlaster
2007-05-24 02:12:22 0 d-------- C:\Program Files\CohTest
2007-05-23 20:33:23 0 d-------- C:\Program Files\CoH Hero Builder
2007-05-22 23:09:10 0 d-------- C:\Program Files\ColorCop
2007-05-22 22:38:34 0 d-------- C:\Documents and Settings\Jaryl\Application Data\OfficeUpdate12
2007-05-22 22:38:14 0 d-------- C:\Program Files\Microsoft Works
2007-05-22 22:28:52 0 d-------- C:\Program Files\Common Files\L&H
2007-05-22 22:28:14 0 d-------- C:\Program Files\Microsoft.NET
2007-05-21 23:55:00 0 d-------- C:\Program Files\WS_FTP
2007-05-20 23:00:22 0 d-------- C:\Program Files\NEC DISPLAY SOLUTIONS
2007-05-19 20:01:25 0 d-------- C:\Program Files\HeroStats
2007-05-19 20:00:48 0 d-------- C:\Documents and Settings\Jaryl\Application Data\InstallShield
2007-05-18 19:16:03 0 d-------- C:\Documents and Settings\Jaryl\Application Data\InterTrust
2007-05-18 07:45:03 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Adobe
2007-05-17 01:05:10 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-16 07:32:29 0 d-------- C:\Program Files\Executive Software
2007-05-16 07:13:32 0 d-------- C:\Program Files\NoteTab Pro
2007-05-16 00:28:00 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Ventrilo
2007-05-16 00:25:38 0 d-------- C:\Program Files\Ventrilo
2007-05-15 23:45:21 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Ideazon
2007-05-15 23:44:39 0 d-------- C:\Program Files\Ideazon
2007-05-15 23:23:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-15 21:18:01 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Creative
2007-05-15 21:16:29 0 d-------- C:\Program Files\Creative
2007-05-15 21:16:26 99 --a------ C:\WINDOWS\È
2007-05-15 21:12:19 184 --a------ C:\WINDOWS\system32\e000001.dat
2007-05-15 20:48:22 0 d-------- C:\Program Files\Saitek
2007-05-15 20:41:28 0 d-------- C:\Program Files\EPSON
2007-05-15 20:38:12 0 d-------- C:\Program Files\NewSoft
2007-05-15 20:37:28 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-05-15 20:36:27 0 d-------- C:\Program Files\ArcSoft
2007-05-15 20:33:54 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-22 20:15:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-04-22 20:02:34 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-04-22 20:02:34 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-04-22 20:01:47 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-13 16:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-04-11 12:04:16 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WINDVDPatch"="CTHELPER.EXE"
"nwiz"="nwiz.exe /install"
"HPWNTOOLBOX"="C:\\Program Files\\Hewlett-Packard\\hp business inkjet 1200 series\\Toolbox\\HPWNTBX.exe \"-i\""
"Agent"="C:\\Program Files\\CyberLink\\PowerVCRII\\Agent.exe"
"Remote_Agent"="C:\\Program Files\\CyberLink\\PowerVCRII\\RemoteAgent.exe"
"EEventManager"="C:\\Program Files\\EPSON\\Creativity Suite\\Event Manager\\EEventManager.exe"
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiSmart"="C:\\Program Files\\Saitek\\Software\\SaiSmart.exe"
"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zboard"="C:\\Program Files\\Ideazon\\ZEngine\\Zboard.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P]
Shell\AutoRun\command P:\LaunchU3.exe -a
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CATCHME


-- End of Deckard's System Scanner: finished at 2007-07-09 at 02:13:20 ---------



====================================================================================

Extra:

Deckard's System Scanner v20070708.52
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2046.73 MiB / 1437.53 MiB
Pagefile Memory (total/avail): 3432.91 MiB / 2902.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1977.02 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 69.24 GiB total, 46.86 GiB free.
D: is Fixed (NTFS) - 372.61 GiB total, 167.89 GiB free.
E: is Fixed (NTFS) - 157.01 GiB total, 121.26 GiB free.
F: is Fixed (NTFS) - 189.92 GiB total, 168.81 GiB free.
G: is Fixed (NTFS) - 152.66 GiB total, 48.67 GiB free.
H: is Fixed (NTFS) - 232.88 GiB total, 46.03 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
N: is Removable (No Media)
O: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Worm Protection v2006 (Symantec)
FW: ZoneAlarm Firewall v7.0.337.000 (Check Point, LTD.)
AV: Norton AntiVirus v2005 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jaryl\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KAPPA1
ComSpec=C:\WINDOWS\system32\cmd.exe
DiskeeperIcon=C:\Program Files\Executive Software\DiskeeperLite\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jaryl
LOGONSERVER=\\KAPPA1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\Executive Software\DiskeeperLite\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
sfxname=C:\Documents and Settings\Jaryl\Desktop\ComboFix.exe
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jaryl\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jaryl\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=KAPPA1
USERNAME=Jaryl
USERPROFILE=C:\Documents and Settings\Jaryl
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jaryl (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
ALi USB2.0 Driver --> C:\WINDOWS\system32\UnUSB20.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}\Setup.exe" -uninst
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\SETUP.EXE" -l0x9
ASUS TV880 Tuner Drivers --> C:\WINDOWS\atvunist.exe
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
City of Villains/City of Heroes (remove only) --> "C:\Program Files\City of Heroes\uninstall.exe"
Color Cop v5.1 --> "C:\Program Files\ColorCop\unins000.exe"
Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
Diskeeper Lite --> MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy Thumbnails (Remove only) --> "C:\Program Files\Easy Thumbnails\unins000.exe"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\setup.exe" -l0x9 -UnInstall
EPSON Event Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON SPR340 User's Guide --> C:\Program Files\epson\guide\spr340_e\uninstall.exe
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Hero Builder Setup --> MsiExec.exe /I{1CE181E0-DB37-43C8-97B1-AA50356E7ACE}
HijackThis 2.0.0 --> E:\Downloads\hijack this\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Business Inkjet 1200 --> C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Installer\setup.exe /x
HP Business Inkjet 1200 --> msiexec /x{D0FDE53C-30CE-4432-9809-756E1A6CEF44}
HP PrecisionScan LT Software --> C:\SCANJET\PrecisionScanLT\uninstal.exe C:\SCANJET\PrecisionScanLT\uninstal.cfg
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Publisher 2003 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
NEC DISPLAY SOLUTIONS: Monitor Installer --> C:\Program Files\NEC DISPLAY SOLUTIONS\Drivers\Uninstall.exe
NETGEAR Print Server Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NETGEAR Print Server\Uninst.isu"
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks 2006 Premier --> MsiExec.exe /I{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}
Norton SystemWorks 2006 Premier (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}.exe" /X
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NoteTab Pro (Remove only) --> "C:\Program Files\NoteTab Pro\unins000.exe"
NSW_DRM_COLLECTION --> MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PerformanceTest v6.0 --> "C:\Program Files\PerformanceTest\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninst
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\setup.exe"
PowerVCR II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0BA5720-E189-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! BizCard 4.1 Eng --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sound Blaster Audigy 2 ZS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9
Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SST Programming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem
SWiSH v2.0 --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH v2.0\uninstal.log
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VidiotMaps Map Overlay --> C:\Program Files\InstallShield Installation Information\{932CA775-636B-40D4-9FCF-5D9C12C4235B}\setup.exe -runfromtemp -l0x0009
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Z Engine --> MsiExec.exe /X{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2007-07-09 at 02:13:20 ---------

#11 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 12 July 2007 - 07:22 AM

So anything come up with this?

I posted the files you requested. :(

Thanks for all the help so far.

#12 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 14 July 2007 - 03:31 PM

The VX2 and WurldMeia virus notices came back again today...

http://i15.photobuck...ry/VX2virus.jpg


Unfortunately, the log file was lost as I accidentally hit the "run scan again" button.... AdAware 2007 says it cleaned the file, however I suspect that it is evading detection the second time around.

Any findings on your end?

Edited by DarkFury, 14 July 2007 - 03:32 PM.


#13 DarkFury

DarkFury

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 14 July 2007 - 08:13 PM

Ran another scan.. and the VX2 showed up again. This time, I captured the log file. So it does look like the VX2 is hiding when it says it has been cleaned.

Here is my latest log scan file.


====================================

Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2007-07-1415:08:06
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:KAPPA1
Name of user performing scan:SYSTEM
Name of user ordering scan:Jaryl
Scan completed successfully

System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:2
Processor type:Intel® Pentium® 4 CPU 3.40GHz
Memory Available:79%
Total Physical Memory:2146152448 Bytes
Available Physical Memory:1676763136 Bytes
Total Page File Size:3599659008 Bytes
Available On Page File:3329327104 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1999683584 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7, 0, 1, 5
aawservice.exe 7, 0, 1, 5
Ad-Aware2007.exe 7.0.1.5
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Update Definitions on startup
Delete Restored Items
Write Protect System Files
Play a sound if scan locates an infection
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
Notify when Definitions File is Outdated
Consider definitions File Outdated after x days
Proxy URL
Proxy Port
[to top]
Database Info
Version number:8
Build Number:0
Build Date and Time:2007/07/0903:54:24
[to top]
Scan Statistics
Method:Full

Items Scanned:249206
Infections Detected:7
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 2 2
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 5 5
File Hash Scan 0 0
[to top]
Infections Found
Family Id Name Category TAI
776 VX2 Malware 10
[300016485] Root: HKU Path: S-1-5-19_Classes\\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

1106 WurldMedia DataMiner 9
[300025356] Root: HKU Path: S-1-5-19_Classes\\interface\{67972704-3546-4e3d-ab46-e39dbae06123}

725 Tracking Cookie DataMiner 3
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat revsci.net NETID01 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat revsci.net NETSEGS_D05509 /
[600000437] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat bizrate.com sessionid /
[600000437] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat bizrate.com br /
[600000437] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat bizrate.com _data /


Quarantined Objects
Family Id Name Category TAI

Removed Objects
Family Id Name Category TAI
725 Tracking Cookie DataMiner 3
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat revsci.net NETID01 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat revsci.net NETSEGS_D05509 /

[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\xpsp2res.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\atl.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\raschap.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\dmserver.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\winspool.drv
c:\windows\system32\browser.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware 2007\ceapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\program files\lavasoft\ad-aware 2007\update.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\browseui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msutb.dll
c:\windows\system32\msctf.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\mlang.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\samlib.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\comdlg32.dll
c:\progra~1\micros~2\office11\mcps.dll
C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msutb.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\msctfime.ime
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mslbui.dll

#14 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 20 July 2007 - 06:26 PM

Hello DarkFury,

You do NOT have an active Vx2 infection.

These are two registry keys that are using the same CSLID known to be used by Vx2, but we have searched your system thoroughly and only find these two keys which come back after you remove them.

(If you had Vx2 it would show on some of the logs we have generated here).

Supposing the case that perhaps these were leftovers from an old infection - they cannot do anything at the moment to your computer. However, that does not explain why they keep coming back as if they were,indeed, leftover from a prior infection they would be easily removed and not come back.

Vx2 is a well known nasty and you would not only have other signs but this particular one hasn't been actively infected computers for all of 2007 - I know this infection very well and have removed it manually from many PCs before the antispyware products were able to remove it. You do not have it at the present time, but this is a mystery as to why only those two keys are showing up (and why now?)

In a prior post, I linked one other thread in this forum that had the same symptoms and I found one more since then. Same thing - that PC here is not infected either (I've seen his logs too):
http://www.tek-tips....d...7898&page=1

I'm going to move this to the subforum for False Positives just so that the Research Team can take a look and let's get their input.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#15 morog

morog

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 29 July 2007 - 12:57 PM

Hello DarkFury,

You do NOT have an active Vx2 infection.

These are two registry keys that are using the same CSLID known to be used by Vx2, but we have searched your system thoroughly and only find these two keys which come back after you remove them.

(If you had Vx2 it would show on some of the logs we have generated here).

Supposing the case that perhaps these were leftovers from an old infection - they cannot do anything at the moment to your computer. However, that does not explain why they keep coming back as if they were,indeed, leftover from a prior infection they would be easily removed and not come back.

Vx2 is a well known nasty and you would not only have other signs but this particular one hasn't been actively infected computers for all of 2007 - I know this infection very well and have removed it manually from many PCs before the antispyware products were able to remove it. You do not have it at the present time, but this is a mystery as to why only those two keys are showing up (and why now?)

In a prior post, I linked one other thread in this forum that had the same symptoms and I found one more since then. Same thing - that PC here is not infected either (I've seen his logs too):
http://www.tek-tips....d...7898&page=1

I'm going to move this to the subforum for False Positives just so that the Research Team can take a look and let's get their input.


Hello,
My case is almost identical as this one described above.
If remember well time ago my PC was infected wit VX2 , successfully cleaned by SpyBot 1.4
Strange thing is that only Ad-Aware 2007 is detecting those two malware and no one of known AV, AA – can detect them.
I’ve noticed after first scan and “Remove” there is no any kind of confirmation this malware are removed. On the next scan during same session, Ad-Aware is not detecting those malware, only after re-boot they appear again.
Please revert as soon as possible what we can do.
Thanks,

#16 LS Pekka

LS Pekka

    Advanced Member

  • Members
  • PipPipPip
  • 452 posts

Posted 29 July 2007 - 03:20 PM

Hi morog!


Could you please post the complete log file from the Ad-Aware scan so I can have a look at it. I Would appreciate if it would be possible for you to also run a scan with RootkitRevealer, available here (http://download.sysi...kitRevealer.zip), just to check that there are no hidden elements regenerating the detected items.

Regards,


Pekka


Lavasoft Research

#17 jacko9

jacko9

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 29 July 2007 - 06:42 PM

I too have the same indications of VX2 Malware and Wurld Media Data Mining. I have tried to quarantine the files and have tried to remove them. The VX2 keep regenerating every time i reboot my computer. The latest version of Doctor Spyware and Spybot Search and Destroy don't see these infections. Prior to seeing the VX2 i was seeing Malware TAI = 8 Local registry Adware.CDN with a registry entry Root:HKLM Path: software\microsoft\internet explorer\activexcompatibility\(9a578c98-3c2f-4630-890b-fc04196ef420)

#18 LS Pekka

LS Pekka

    Advanced Member

  • Members
  • PipPipPip
  • 452 posts

Posted 29 July 2007 - 08:40 PM

Hi jacko9!


Thanks for posting!


The registry key,

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9A578C98-3C2F-4630-890B-FC04196EF420}]
"Compatibility Flags"=dword:00000400

is an ActiveX kill bit.

Some other anti-spyware applications may in their "immunization" efforts add ActiveX kill bits to the registry to prevent malware from running, this is also done by "PC Tools Spyware Doctor". You may find more info about ActiveX kill bits here, (http://support.microsoft.com/kb/240797).

The Class identifier (CLSID), {9A578C98-3C2F-4630-890B-FC04196EF420}, is flagged as an Adware.CDN Object by Ad-Aware. This is also discussed here, (http://www.lavasofts...showtopic=11208). It's an issue that will be corrected as of the next definition file release. Until then, to avoid having Ad-Aware detecting it again, you could put it on ignore.

About the detection of the VX2 and Wurld media objects, please follow the same advice as in the previous post (post 16).


Regards,


Pekka


Lavasoft Research

#19 jacko9

jacko9

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 29 July 2007 - 09:53 PM

Hi jacko9!
Thanks for posting!
The registry key,

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9A578C98-3C2F-4630-890B-FC04196EF420}]
"Compatibility Flags"=dword:00000400

is an ActiveX kill bit.

Some other anti-spyware applications may in their "immunization" efforts add ActiveX kill bits to the registry to prevent malware from running, this is also done by "PC Tools Spyware Doctor". You may find more info about ActiveX kill bits here, (http://support.microsoft.com/kb/240797).

The Class identifier (CLSID), {9A578C98-3C2F-4630-890B-FC04196EF420}, is flagged as an Adware.CDN Object by Ad-Aware. This is also discussed here, (http://www.lavasofts...showtopic=11208). It's an issue that will be corrected as of the next definition file release. Until then, to avoid having Ad-Aware detecting it again, you could put it on ignore.

About the detection of the VX2 and Wurld media objects, please follow the same advice as in the previous post (post 16).
Regards,
Pekka
Lavasoft Research


Thank you Pekka,

I will add the latest log file with the VX2 reference. Forgive me if I hit the wrong buttons here I am a bit of a newbie.

Attached Files



#20 jacko9

jacko9

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 29 July 2007 - 10:14 PM

Thank you Pekka,

I will add the latest log file with the VX2 reference. Forgive me if I hit the wrong buttons here I am a bit of a newbie.


I have downloaded and run Rootkit revealer Attached File  RootkitReveal.txt   725bytes   299 downloads

Forgive me if I am adding more information or duplicating items but, I am not quite familiar with this forum format. I think I have added the log file from my Ad-aware run and the file from the rootkit scan. If not please imform me with a hint as to where i may be going wrong in this forum.

Sorry for the trouble.

Attached Files


Edited by jacko9, 29 July 2007 - 10:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users