Help with removing some bad trash is needed.

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Help with removing some bad trash is needed., Trojan.Vundo.H just happened to pop up :(

Options

undun40cal View Member Profile	Nov 3 2008, 09:07 PM Post #1
Member Posts: 80 From: Indiana OS: Windows XP Home SP3	Just being bored to death, staring at the screen, i decided to go ahead and do a "Quick Scan" with "Malwarebytes Anti-Malware". After scanning and seeing the results (posted below) i was shocked. I haven't downloaded anything or even visited any new websites. How could this happen (Rhetorical question) AGAIN in such a short time from the last cleaning? Anyways, i did not let the program remove of do anything to the files, not knowing if it would kill my only computer. So i'm here asking for some advice on what i should do. GTG has the best info and helpers on the web imho. Heres a fresh HJT log and the log from the Malwarebytes. Should i just let the prog do its thing or is there more? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:04:17 PM, on 11/3/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\SearchIndexer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Admin\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - https://bill.netgame.com/mglaunch_USAv1002.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14386 bytes Malwarebytes' Anti-Malware 1.29 Database version: 1306 Windows 5.1.2600 Service Pack 3 11/3/2008 9:50:43 PM mbam-log-2008-11-03 (21-50-36).txt Scan type: Quick Scan Objects scanned: 56376 Time elapsed: 7 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\tuvUMgeF.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\khfFVlJd.dll (Trojan.Vundo.H) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d55a81b7-c925-4d9f-a3f7-eca37efc53fa} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d55a81b7-c925-4d9f-a3f7-eca37efc53fa} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khffvljd (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvumgef -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvumgef -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\tuvUMgeF.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\FegMUvut.ini (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\FegMUvut.ini2 (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\khfFVlJd.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\khfFXrrP.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\nnnkJCRj.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\nnnnmKAT.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\yayaWqRi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\byXOiFYR.dll (Trojan.Vundo.H) -> No action taken. Not sure if this related, but i cannot turn on Automatic Updates for Win. This post has been edited by undun40cal*: Nov 3 2008, 09:08 PM

Replies (1 - 13)

Rorschach112 View Member Profile	Nov 4 2008, 08:38 AM Post #2
GeekU Teacher Posts: 35,171 From: Dublin OS: XP	Hello Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt)

undun40cal View Member Profile	Nov 4 2008, 03:54 PM Post #3
Member Posts: 80 From: Indiana OS: Windows XP Home SP3	Here's the log you requested. --------------------\\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron™ Processor 3400+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Admin ( Administrator ) BOOT : Normal boot Antivirus : McAfee VirusScan (Not Activated) Firewall : McAfee Personal Firewall (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:149 Go (Free:29 Go) D:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) J:\ (USB) K:\ (CD or DVD) "C:\Lop SD" ( MAJ : 01-11-2008\|16:30 ) Option : [1] ( Tue 11/04/2008\|16:46 ) --------------------\\ Listing folders in APPLIC~1 [06/18/2008\|10:08] C:\DOCUME~1\Admin\APPLIC~1\<DIR> acccore [06/18/2008\|11:03] C:\DOCUME~1\Admin\APPLIC~1\<DIR> AccurateRip [09/02/2008\|10:02] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Adobe [08/12/2008\|03:44] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Alien Skin [08/23/2008\|07:12] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Apple Computer [08/10/2008\|06:16] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Ashampoo [08/07/2008\|02:26] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Atari [07/15/2008\|09:43] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Bitsoft [06/04/2008\|03:34] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars [08/10/2008\|01:28] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Corel [06/17/2008\|08:04] C:\DOCUME~1\Admin\APPLIC~1\<DIR> dBpoweramp [07/04/2008\|10:24] C:\DOCUME~1\Admin\APPLIC~1\<DIR> DivX [11/03/2008\|09:32] C:\DOCUME~1\Admin\APPLIC~1\<DIR> DNA [05/29/2008\|12:42] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Google [06/11/2008\|04:57] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Help [05/28/2008\|11:05] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Identities [10/26/2008\|01:55] C:\DOCUME~1\Admin\APPLIC~1\<DIR> IGN_DLM [07/24/2008\|09:09] C:\DOCUME~1\Admin\APPLIC~1\<DIR> InstallShield [07/04/2008\|11:20] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Juce VST Host [06/02/2008\|04:00] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Leadertech [08/11/2008\|05:45] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Lionhead Studios [08/07/2008\|05:47] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Lost Marble [06/18/2008\|12:19] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Ludia [06/21/2008\|10:41] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Macromedia [10/22/2008\|09:51] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Malwarebytes [08/07/2008\|04:26] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Microsoft [08/19/2008\|07:35] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Microsoft Games [08/29/2008\|06:07] C:\DOCUME~1\Admin\APPLIC~1\<DIR> mIRC [08/07/2008\|04:16] C:\DOCUME~1\Admin\APPLIC~1\<DIR> MonkeyJam [07/24/2008\|11:21] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Move Networks [07/08/2008\|06:04] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Mozilla [07/02/2008\|07:50] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Nero [06/02/2008\|12:38] C:\DOCUME~1\Admin\APPLIC~1\<DIR> NetMedia Providers [09/18/2008\|06:10] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Nexon [06/02/2008\|12:38] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Publish Providers [09/06/2008\|02:34] C:\DOCUME~1\Admin\APPLIC~1\<DIR> River Past G5 [06/21/2008\|05:10] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Roxio [09/14/2008\|04:12] C:\DOCUME~1\Admin\APPLIC~1\<DIR> SiteAdvisor [05/29/2008\|08:34] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Skinux [08/07/2008\|04:06] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Sony [06/02/2008\|01:38] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Sony Setup [09/03/2008\|09:56] C:\DOCUME~1\Admin\APPLIC~1\<DIR> SPORE [07/23/2008\|03:24] C:\DOCUME~1\Admin\APPLIC~1\<DIR> SPORE Creature Creator [08/07/2008\|03:12] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Summitsoft [05/29/2008\|02:47] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Sun [08/27/2008\|08:00] C:\DOCUME~1\Admin\APPLIC~1\<DIR> SUPERAntiSpyware.com [10/22/2008\|01:29] C:\DOCUME~1\Admin\APPLIC~1\<DIR> SystemRequirementsLab [06/09/2008\|06:38] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Talkback [07/24/2008\|09:26] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Ulead Systems [07/08/2008\|06:15] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Uniblue [11/03/2008\|10:38] C:\DOCUME~1\Admin\APPLIC~1\<DIR> uTorrent [10/29/2008\|06:24] C:\DOCUME~1\Admin\APPLIC~1\<DIR> ValuSoft [08/02/2008\|07:46] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Viewpoint [11/01/2008\|07:13] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Vso [10/22/2008\|11:42] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Windows Desktop Search [10/28/2008\|05:46] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Windows Search [05/28/2008\|11:48] C:\DOCUME~1\Admin\APPLIC~1\<DIR> WinRAR [10/27/2008\|05:05] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Xfire [06/03/2008\|11:14] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Yahoo! [05/29/2008\|12:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe [05/29/2008\|12:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Google [05/28/2008\|11:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities [05/30/2008\|04:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> IGN_DLM [05/29/2008\|12:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia [05/30/2008\|03:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [07/09/2008\|07:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla [05/29/2008\|08:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Skinux [05/29/2008\|02:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun [05/29/2008\|02:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SystemRequirementsLab [05/30/2008\|06:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> uTorrent [05/28/2008\|11:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> WinRAR [05/29/2008\|12:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Yahoo! [07/08/2008\|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ~0 [10/22/2008\|06:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 2DBoy [06/18/2008\|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore [07/08/2008\|05:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [06/10/2008\|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 [06/18/2008\|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [06/18/2008\|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [08/07/2008\|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple [09/25/2008\|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [08/10/2008\|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ashampoo [07/02/2008\|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Autodesk [08/10/2008\|01:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel [08/09/2008\|03:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DigitalChocolate [08/07/2008\|03:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Final Draft [07/24/2008\|06:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet [05/29/2008\|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [11/03/2008\|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater [06/08/2008\|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HipSoft [06/02/2008\|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [07/09/2008\|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Karen's Power Tools [05/29/2008\|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak [08/11/2008\|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lionhead Studios [05/29/2008\|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logishrd [05/29/2008\|03:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech [06/18/2008\|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ludia [10/22/2008\|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [09/14/2008\|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee [10/22/2008\|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [10/25/2008\|02:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Corporation [08/19/2008\|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Games [10/17/2008\|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help [07/24/2008\|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks [07/02/2008\|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero [09/13/2008\|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NexonUS [05/28/2008\|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage [09/06/2008\|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G5 [06/30/2008\|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio [06/14/2008\|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SimCity Societies [09/14/2008\|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor [06/21/2008\|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic [08/07/2008\|03:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony [09/30/2008\|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Soulseek [07/08/2008\|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Stardock [07/08/2008\|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com [08/07/2008\|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TechSmith [09/27/2008\|05:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [07/24/2008\|03:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [09/23/2008\|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems [06/18/2008\|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [05/29/2008\|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [05/29/2008\|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! [05/29/2008\|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion [05/29/2008\|12:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe [05/29/2008\|12:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Google [05/28/2008\|11:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [05/30/2008\|04:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> IGN_DLM [05/29/2008\|12:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia [05/30/2008\|03:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [05/29/2008\|01:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Mozilla [05/29/2008\|08:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Skinux [05/29/2008\|02:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [05/29/2008\|02:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SystemRequirementsLab [05/30/2008\|06:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> uTorrent [05/28/2008\|11:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> WinRAR [05/29/2008\|12:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Yahoo! [05/30/2008\|11:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe [05/30/2008\|11:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google [10/22/2008\|11:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [06/21/2008\|03:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio [10/09/2008\|03:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore [10/01/2008\|07:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Xfire [05/30/2008\|11:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Yahoo! [07/08/2008\|06:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [10/01/2008\|07:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Xfire --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [10/30/2008 04:39 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [10/15/2008 05:24 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job [11/01/2008 12:22 AM][--a------] C:\WINDOWS\tasks\McQcTask.job [11/03/2008 11:45 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/12/2004 09:01 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [09/05/2008\|10:45] C:\Program Files\<DIR> 123 AVI to GIF Converter [09/23/2008\|10:56] C:\Program Files\<DIR> 2K Games [06/23/2008\|07:24] C:\Program Files\<DIR> abcAVI [08/23/2008\|07:03] C:\Program Files\<DIR> AC3Filter [08/25/2008\|08:27] C:\Program Files\<DIR> Adobe [07/29/2008\|05:12] C:\Program Files\<DIR> AGEIA Technologies [06/18/2008\|10:07] C:\Program Files\<DIR> AIM6 [08/12/2008\|04:01] C:\Program Files\<DIR> Albatross [08/12/2008\|04:04] C:\Program Files\<DIR> Alien Skin [08/19/2008\|07:44] C:\Program Files\<DIR> Amorous Professor Cherry [07/07/2008\|07:07] C:\Program Files\<DIR> AngelSmile [08/07/2008\|01:47] C:\Program Files\<DIR> Apple Software Update [07/23/2008\|02:32] C:\Program Files\<DIR> Ascaron Entertainment [08/10/2008\|06:14] C:\Program Files\<DIR> Ashampoo [06/06/2008\|07:34] C:\Program Files\<DIR> ASIO4ALL v2 [09/27/2008\|11:15] C:\Program Files\<DIR> Aspyr Media, Inc [08/14/2008\|05:58] C:\Program Files\<DIR> Atari [07/02/2008\|07:11] C:\Program Files\<DIR> Autodesk [06/23/2008\|07:53] C:\Program Files\<DIR> AviSynth 2.5 [05/29/2008\|03:07] C:\Program Files\<DIR> Belarc [05/31/2008\|01:00] C:\Program Files\<DIR> Bonjour [06/09/2008\|04:40] C:\Program Files\<DIR> Brad Smith [07/06/2008\|08:01] C:\Program Files\<DIR> Bullfrog [07/24/2008\|07:11] C:\Program Files\<DIR> CCleaner [07/02/2008\|07:26] C:\Program Files\<DIR> Chaos Group [10/16/2008\|02:42] C:\Program Files\<DIR> Cheat Engine [08/19/2008\|07:37] C:\Program Files\<DIR> City Interactive [08/05/2008\|05:23] C:\Program Files\<DIR> CoffeeCup Software [10/22/2008\|09:02] C:\Program Files\<DIR> Common Files [08/10/2008\|01:23] C:\Program Files\<DIR> Corel [11/03/2008\|09:21] C:\Program Files\<DIR> Crazy Machines II [05/30/2008\|05:15] C:\Program Files\<DIR> DAEMON Tools [06/01/2008\|10:16] C:\Program Files\<DIR> [bleep] NFO Viewer [07/02/2008\|07:21] C:\Program Files\<DIR> DarkSim [07/02/2008\|07:22] C:\Program Files\<DIR> DCPFLICS [07/23/2008\|01:51] C:\Program Files\<DIR> Defraggler [07/02/2008\|07:34] C:\Program Files\<DIR> Digimation [08/06/2008\|01:57] C:\Program Files\<DIR> directx [07/04/2008\|02:52] C:\Program Files\<DIR> DivX [10/26/2008\|01:56] C:\Program Files\<DIR> DNA [07/26/2008\|02:33] C:\Program Files\<DIR> DO [09/20/2008\|09:20] C:\Program Files\<DIR> Download Manager [08/30/2008\|04:30] C:\Program Files\<DIR> DreamCatcher [07/11/2008\|07:08] C:\Program Files\<DIR> DreamStripper Collection [09/17/2008\|09:32] C:\Program Files\<DIR> DrExplain [10/10/2008\|07:05] C:\Program Files\<DIR> Drug Wars [07/04/2008\|12:16] C:\Program Files\<DIR> DVD Decrypter [05/29/2008\|04:18] C:\Program Files\<DIR> DX [08/07/2008\|05:43] C:\Program Files\<DIR> e frontier [11/03/2008\|09:29] C:\Program Files\<DIR> EA GAMES [07/05/2008\|01:41] C:\Program Files\<DIR> Easy Video Downloader [06/30/2008\|06:38] C:\Program Files\<DIR> Eclypse [06/11/2008\|04:16] C:\Program Files\<DIR> Eidos Interactive [10/20/2008\|11:39] C:\Program Files\<DIR> Electronic Arts [05/29/2008\|03:14] C:\Program Files\<DIR> eMachines Bay Reader [09/08/2008\|08:35] C:\Program Files\<DIR> eMule [10/12/2008\|10:42] C:\Program Files\<DIR> Enlight [10/09/2008\|07:09] C:\Program Files\<DIR> EsetOnlineScanner [05/29/2008\|01:19] C:\Program Files\<DIR> ffdshow [11/03/2008\|09:24] C:\Program Files\<DIR> Final Draft 7 [07/25/2008\|04:46] C:\Program Files\<DIR> Firaxis Games [06/23/2008\|07:52] C:\Program Files\<DIR> Gabest [06/13/2008\|09:30] C:\Program Files\<DIR> Game Elements PC Recoil Pad [06/23/2008\|07:48] C:\Program Files\<DIR> GamesCampus [09/17/2008\|10:35] C:\Program Files\<DIR> GameSpy Arcade [07/28/2008\|02:05] C:\Program Files\<DIR> G-Collection [07/08/2008\|08:52] C:\Program Files\<DIR> G-Collections [05/29/2008\|12:41] C:\Program Files\<DIR> Google [06/23/2008\|07:53] C:\Program Files\<DIR> GordianKnot [06/30/2008\|06:33] C:\Program Files\<DIR> GStudio6 [06/16/2008\|01:50] C:\Program Files\<DIR> HTC [06/17/2008\|07:48] C:\Program Files\<DIR> Illustrate [06/06/2008\|07:34] C:\Program Files\<DIR> Image-Line [11/03/2008\|09:23] C:\Program Files\<DIR> InstallShield Installation Information [10/22/2008\|11:15] C:\Program Files\<DIR> Internet Explorer [08/10/2008\|01:23] C:\Program Files\<DIR> InterVideo [10/22/2008\|02:38] C:\Program Files\<DIR> Java [09/22/2008\|04:00] C:\Program Files\<DIR> JL2005B [09/22/2008\|04:00] C:\Program Files\<DIR> JL2005C [06/10/2008\|06:47] C:\Program Files\<DIR> Kalypso [07/09/2008\|05:25] C:\Program Files\<DIR> Karen's Power Tools [08/23/2008\|11:28] C:\Program Files\<DIR> KC Softwares [09/22/2008\|04:41] C:\Program Files\<DIR> Kids Cam Show and Share Creativity Center [05/29/2008\|08:33] C:\Program Files\<DIR> Kodak [07/15/2008\|08:30] C:\Program Files\<DIR> Lavalys [07/28/2008\|09:43] C:\Program Files\<DIR> Legacy Interactive [05/29/2008\|02:12] C:\Program Files\<DIR> Lexmark 3400 Series [05/29/2008\|02:12] C:\Program Files\<DIR> Lexmark Toolbar [08/11/2008\|05:20] C:\Program Files\<DIR> Lionhead Studios Ltd [05/30/2008\|04:17] C:\Program Files\<DIR> Logitech [09/08/2008\|08:06] C:\Program Files\<DIR> LoveChess Age Of Egypt [11/03/2008\|11:47] C:\Program Files\<DIR> lx_cats [06/02/2008\|03:08] C:\Program Files\<DIR> MagicISO [10/22/2008\|09:51] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [09/22/2008\|04:00] C:\Program Files\<DIR> Mars [06/14/2008\|01:01] C:\Program Files\<DIR> Maxis [10/30/2008\|10:21] C:\Program Files\<DIR> McAfee [05/30/2008\|10:57] C:\Program Files\<DIR> McAfee.com [08/11/2008\|05:54] C:\Program Files\<DIR> MDickie [08/13/2008\|02:13] C:\Program Files\<DIR> Messenger [08/07/2008\|04:56] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2 [05/28/2008\|11:00] C:\Program Files\<DIR> microsoft frontpage [08/19/2008\|07:42] C:\Program Files\<DIR> Microsoft Games [08/07/2008\|03:07] C:\Program Files\<DIR> Microsoft Office [10/22/2008\|08:50] C:\Program Files\<DIR> Microsoft Silverlight [06/02/2008\|12:14] C:\Program Files\<DIR> Microsoft SQL Server [08/07/2008\|03:07] C:\Program Files\<DIR> Microsoft Visual Studio [08/07/2008\|03:03] C:\Program Files\<DIR> Microsoft Visual Studio 8 [10/25/2008\|02:30] C:\Program Files\<DIR> Microsoft Windows Vista Upgrade Advisor [08/07/2008\|03:08] C:\Program Files\<DIR> Microsoft Works [08/07/2008\|03:05] C:\Program Files\<DIR> Microsoft.NET [08/29/2008\|05:57] C:\Program Files\<DIR> mIRC [07/31/2008\|04:27] C:\Program Files\<DIR> Moo0 [05/29/2008\|01:19] C:\Program Files\<DIR> Morgan [07/10/2008\|02:58] C:\Program Files\<DIR> Movie Maker [11/04/2008\|04:43] C:\Program Files\<DIR> Mozilla Firefox [08/07/2008\|03:08] C:\Program Files\<DIR> MSBuild [05/28/2008\|10:55] C:\Program Files\<DIR> MSN [05/28/2008\|10:55] C:\Program Files\<DIR> MSN Gaming Zone [06/24/2008\|09:58] C:\Program Files\<DIR> MSXML 4.0 [09/22/2008\|04:00] C:\Program Files\<DIR> MyDSC2 [06/01/2008\|10:20] C:\Program Files\<DIR> Native Instruments [07/02/2008\|09:11] C:\Program Files\<DIR> Nero [07/10/2008\|02:56] C:\Program Files\<DIR> NetMeeting [06/16/2008\|02:32] C:\Program Files\<DIR> NVIDIA Corporation [05/28/2008\|10:56] C:\Program Files\<DIR> Online Services [07/23/2008\|01:22] C:\Program Files\<DIR> OpenAL [07/10/2008\|02:56] C:\Program Files\<DIR> Outlook Express [06/06/2008\|07:32] C:\Program Files\<DIR> Outsim [07/25/2008\|03:38] C:\Program Files\<DIR> Oxin's Style! [10/09/2008\|07:11] C:\Program Files\<DIR> Panda Security [06/20/2008\|10:24] C:\Program Files\<DIR> Paradox Interactive [10/11/2008\|04:12] C:\Program Files\<DIR> Playlogic [05/31/2008\|11:47] C:\Program Files\<DIR> PowerISO [10/29/2008\|06:13] C:\Program Files\<DIR> Prison Tycoon 4 [09/25/2008\|05:12] C:\Program Files\<DIR> QuickTime [07/20/2008\|11:29] C:\Program Files\<DIR> RadarSync [05/30/2008\|07:34] C:\Program Files\<DIR> Real [05/29/2008\|01:10] C:\Program Files\<DIR> Realtek AC97 [06/02/2008\|01:44] C:\Program Files\<DIR> Reference Assemblies [09/12/2008\|04:38] C:\Program Files\<DIR> Restaurant Empire [09/06/2008\|02:30] C:\Program Files\<DIR> River Past [06/30/2008\|07:55] C:\Program Files\<DIR> Roxio [07/04/2008\|11:05] C:\Program Files\<DIR> Saga [06/15/2008\|08:00] C:\Program Files\<DIR> SEGA [11/04/2008\|04:40] C:\Program Files\<DIR> ShotOnline International [07/30/2008\|04:17] C:\Program Files\<DIR> Sierra On-Line [06/21/2008\|02:58] C:\Program Files\<DIR> SightSpeed [09/21/2008\|10:50] C:\Program Files\<DIR> SilentMusicBand [08/06/2008\|02:19] C:\Program Files\<DIR> Simon and Schuster [09/14/2008\|05:51] C:\Program Files\<DIR> SiteAdvisor [08/19/2008\|07:37] C:\Program Files\<DIR> Skispringen 2007 [07/01/2008\|07:37] C:\Program Files\<DIR> Solstar Games [08/07/2008\|03:56] C:\Program Files\<DIR> Sony [08/07/2008\|03:55] C:\Program Files\<DIR> Sony Setup [11/03/2008\|09:31] C:\Program Files\<DIR> Soulseek [07/06/2008\|02:45] C:\Program Files\<DIR> SoulseekNS [07/01/2008\|07:41] C:\Program Files\<DIR> Stardock Games [08/27/2008\|07:56] C:\Program Files\<DIR> SUPERAntiSpyware [05/28/2008\|11:09] C:\Program Files\<DIR> support.com [10/22/2008\|01:29] C:\Program Files\<DIR> SystemRequirementsLab [08/07/2008\|02:30] C:\Program Files\<DIR> TechSmith [10/12/2008\|09:52] C:\Program Files\<DIR> The Logo Creator v5 [07/08/2008\|05:37] C:\Program Files\<DIR> Tokimeki Check in! [08/09/2008\|03:52] C:\Program Files\<DIR> Tower Bloxx Deluxe [07/17/2008\|02:58] C:\Program Files\<DIR> Traction Software [06/16/2008\|09:53] C:\Program Files\<DIR> Trainer Maker Kit [07/08/2008\|11:30] C:\Program Files\<DIR> Trend Micro [09/06/2008\|06:12] C:\Program Files\<DIR> Tropico [09/06/2008\|09:03] C:\Program Files\<DIR> Tropico 2 Pirate Cove [08/03/2008\|04:03] C:\Program Files\<DIR> Ubisoft [09/23/2008\|08:40] C:\Program Files\<DIR> Ulead Systems [07/12/2008\|12:22] C:\Program Files\<DIR> Ultra Video Splitter [05/28/2008\|11:05] C:\Program Files\<DIR> Uninstall Information [05/28/2008\|11:40] C:\Program Files\<DIR> uTorrent [08/05/2008\|06:24] C:\Program Files\<DIR> ValuSoft [06/18/2008\|10:07] C:\Program Files\<DIR> Viewpoint [10/12/2008\|06:09] C:\Program Files\<DIR> Vision Video Games [06/02/2008\|02:50] C:\Program Files\<DIR> VSO [06/06/2008\|07:33] C:\Program Files\<DIR> Vstplugins [06/02/2008\|08:27] C:\Program Files\<DIR> VUGames [11/03/2008\|09:19] C:\Program Files\<DIR> WarRock [07/03/2008\|05:44] C:\Program Files\<DIR> Will [10/22/2008\|11:42] C:\Program Files\<DIR> Windows Desktop Search [07/24/2008\|08:58] C:\Program Files\<DIR> Windows Media Components [05/30/2008\|09:51] C:\Program Files\<DIR> Windows Media Connect 2 [07/26/2008\|02:35] C:\Program Files\<DIR> Windows Media Player [07/10/2008\|02:56] C:\Program Files\<DIR> Windows NT [05/28/2008\|10:58] C:\Program Files\<DIR> WindowsUpdate [07/07/2008\|05:23] C:\Program Files\<DIR> WinRAR [10/31/2008\|11:49] C:\Program Files\<DIR> WorldOfGoo [05/28/2008\|11:00] C:\Program Files\<DIR> xerox [10/29/2008\|10:56] C:\Program Files\<DIR> Xfire [08/23/2008\|06:37] C:\Program Files\<DIR> XviD [05/29/2008\|07:06] C:\Program Files\<DIR> Yahoo! [05/30/2008\|04:08] C:\Program Files\<DIR> Zero G Registry --------------------\\ Listing Folders in C:\Program Files\Common Files [08/25/2008\|08:24] C:\Program Files\Common Files\<DIR> Adobe [06/18/2008\|10:06] C:\Program Files\Common Files\<DIR> AOL [09/25/2008\|05:11] C:\Program Files\Common Files\<DIR> Apple [07/02/2008\|07:11] C:\Program Files\Common Files\<DIR> Autodesk Shared [07/02/2008\|07:27] C:\Program Files\Common Files\<DIR> ChaosGroup [08/07/2008\|03:07] C:\Program Files\Common Files\<DIR> DESIGNER [10/17/2008\|12:19] C:\Program Files\Common Files\<DIR> EasyInfo [09/18/2008\|06:08] C:\Program Files\Common Files\<DIR> INCA Shared [06/02/2008\|07:06] C:\Program Files\Common Files\<DIR> InstallShield [08/10/2008\|01:23] C:\Program Files\Common Files\<DIR> InterVideo [05/29/2008\|02:46] C:\Program Files\Common Files\<DIR> Java [05/29/2008\|08:31] C:\Program Files\Common Files\<DIR> Kodak [05/29/2008\|12:54] C:\Program Files\Common Files\<DIR> LogiShrd [05/30/2008\|04:15] C:\Program Files\Common Files\<DIR> Logitech [05/31/2008\|12:42] C:\Program Files\Common Files\<DIR> Macrovision Shared [05/30/2008\|10:57] C:\Program Files\Common Files\<DIR> McAfee [08/07/2008\|03:14] C:\Program Files\Common Files\<DIR> Microsoft Shared [05/28/2008\|10:57] C:\Program Files\Common Files\<DIR> MSSoap [07/02/2008\|09:15] C:\Program Files\Common Files\<DIR> Nero [05/28/2008\|06:48] C:\Program Files\Common Files\<DIR> ODBC [08/10/2008\|01:23] C:\Program Files\Common Files\<DIR> Protexis [05/30/2008\|04:16] C:\Program Files\Common Files\<DIR> Real [09/06/2008\|06:56] C:\Program Files\Common Files\<DIR> River Past [06/30/2008\|07:45] C:\Program Files\Common Files\<DIR> Roxio Shared [05/29/2008\|12:35] C:\Program Files\Common Files\<DIR> Scanner [05/28/2008\|10:57] C:\Program Files\Common Files\<DIR> Services [06/21/2008\|02:54] C:\Program Files\Common Files\<DIR> SightSpeed [06/30/2008\|07:46] C:\Program Files\Common Files\<DIR> Sonic Shared [05/28/2008\|06:48] C:\Program Files\Common Files\<DIR> SpeechEngines [05/28/2008\|11:09] C:\Program Files\Common Files\<DIR> SupportSoft [08/07/2008\|03:02] C:\Program Files\Common Files\<DIR> System [09/23/2008\|08:39] C:\Program Files\Common Files\<DIR> Ulead Systems [11/03/2008\|09:24] C:\Program Files\Common Files\<DIR> Wise Installation Wizard --------------------\\ Process ( 73 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 16:48:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections C:\WINDOWS\system32\FegMUvut.ini C:\WINDOWS\system32\FegMUvut.ini2 ==> VUNDO <== --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Admin\Application Data\Alien Skin\Xenofex 2\Cracks C:\DOCUME~1\Admin\Application Data\Alien Skin\Xenofex 2\Cracks\Last Used C:\DOCUME~1\Admin\Application Data\uTorrent\123.AVI.to.GIF.Converter.v3.0.Incl.Keygen-TSRh.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Adobe Photoshop CS3 v10.0 Extended Incl Keygen.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Aone.Ultra.Video.Splitter.v3.5.6.WinALL.Keygen.Only-BRD.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Autodesk 3DS Max v9.0 FULL + Plugins + Scripts + Keygen.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Crackheads.Gone.Wild.2006.DVDRip.XViD.REPACK-BELiEVERS.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Power ISO v3.8 + keygen [h33t] [Original].1.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Power ISO v3.8 + keygen [h33t] [Original].torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Sony.Soundforge.8.Inc.Keygen.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\The.Movies.Stunts.And.Effects.KEYGEN-RELOADED.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\The_Lord_of_the_Rings_The_Battle_for_Middle-earth_Keygen-VENGEANCE.rar.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\The_Sims_2_Bon_Voyage_Keygen-HATRED.1.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\VA-Big_Mike_Digital_Product_And_DJ_Diggz-How_To_Spit_Crack_Instrumentals_2-(Bootleg)-2008-CR.torrent C:\DOCUME~1\Admin\Desktop\Brushes\IceCrackFBrushSet1.abr C:\DOCUME~1\Admin\Desktop\Brushes\pretty_cuts_and_cracks.abr C:\DOCUME~1\Admin\Desktop\Gancked\Crack C:\DOCUME~1\Admin\Desktop\Gancked\Warhammer_40k_Dawn_of_War_KEYGEN.rar C:\DOCUME~1\Admin\Desktop\Gancked\Acid Content\Urban_Joints_Pro_Loops & CB Productions\Urban Joints Pro\Drums\Snares\CRACK__1.WAV C:\DOCUME~1\Admin\Desktop\Gancked\Acid Content\Urban_Joints_Pro_Loops & CB Productions\Urban Joints Pro\Drums\Snares\_CRACK SNARE.wav C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen.zip C:\DOCUME~1\Admin\Desktop\Gancked\Crack\install.txt C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen\max9keygen.exe C:\DOCUME~1\Admin\Desktop\Gancked\New Folder\The Notorious B.I.G. - Life After Death - CD 2 - 05 - Ten Crack Commandments.mp3 C:\DOCUME~1\Admin\Desktop\Gancked\Sim City 4\simcity keygen C:\DOCUME~1\Admin\Desktop\Gancked\Sim City 4\simcity keygen.rar C:\DOCUME~1\Admin\Desktop\Gancked\Sim City 4\simcity keygen\imsdox-sc4.nfo C:\DOCUME~1\Admin\Desktop\Gancked\Sim City 4\simcity keygen\iMSSC4KG.exe C:\DOCUME~1\Admin\My Documents\My Music\Sounds and stuff\Thunder_Large_Crack.mp3 C:\DOCUME~1\Admin\My Documents\My Pictures\DarkArt\Cracks.jpg [F:72][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\Temp [F:10][D:0]-> C:\DOCUME~1\Admin\Cookies [F:47][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Tue 11/04/2008\|16:49 - Option : [1] --------------------\\ Scan completed at 16:49:49

Rorschach112 View Member Profile	Nov 4 2008, 03:56 PM Post #4
GeekU Teacher Posts: 35,171 From: Dublin OS: XP	You got infected because you downloaded cracks Please download the OTMoveIt3 by OldTimer or from here. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes explorer.exe :Services :Reg :Files C:\WINDOWS\system32\FegMUvut.ini C:\WINDOWS\system32\FegMUvut.ini2 C:\DOCUME~1\Admin\Application Data\Alien Skin\Xenofex 2\Cracks C:\DOCUME~1\Admin\Application Data\Alien Skin\Xenofex 2\Cracks\Last Used C:\DOCUME~1\Admin\Application Data\uTorrent\123.AVI.to.GIF.Converter.v3.0.Incl.Keygen-TSRh.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Adobe Photoshop CS3 v10.0 Extended Incl Keygen.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Aone.Ultra.Video.Splitter.v3.5.6.WinALL.Keygen.Only-BRD.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Autodesk 3DS Max v9.0 FULL + Plugins + Scripts + Keygen.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Crackheads.Gone.Wild.2006.DVDRip.XViD.REPACK-BELiEVERS.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Power ISO v3.8 + keygen [h33t] [Original].1.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Power ISO v3.8 + keygen [h33t] [Original].torrent C:\DOCUME~1\Admin\Application Data\uTorrent\Sony.Soundforge.8.Inc.Keygen.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\The.Movies.Stunts.And.Effects.KEYGEN-RELOADED.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\The_Lord_of_the_Rings_The_Battle_for_Middle-earth_Keygen-VENGEANCE.rar.torrent C:\DOCUME~1\Admin\Application Data\uTorrent\The_Sims_2_Bon_Voyage_Keygen-HATRED.1.torrent C:\DOCUME~1\Admin\Desktop\Gancked\Crack C:\DOCUME~1\Admin\Desktop\Gancked\Warhammer_40k_Dawn_of_War_KEYGEN.rar C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen.zip C:\DOCUME~1\Admin\Desktop\Gancked\Crack\install.txt C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen\max9keygen.exe C:\DOCUME~1\Admin\Desktop\Gancked\Sim City 4\simcity keygen :Commands [purity] [emptytemp] [start explorer] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

undun40cal View Member Profile	Nov 4 2008, 04:19 PM Post #5
Member Posts: 80 From: Indiana OS: Windows XP Home SP3	Here's the log from OTMI3. ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\WINDOWS\system32\FegMUvut.ini moved successfully. C:\WINDOWS\system32\FegMUvut.ini2 moved successfully. C:\DOCUME~1\Admin\Application Data\Alien Skin\Xenofex 2\Cracks moved successfully. File/Folder C:\DOCUME~1\Admin\Application Data\Alien Skin\Xenofex 2\Cracks\Last Used not found. C:\DOCUME~1\Admin\Application Data\uTorrent\123.AVI.to.GIF.Converter.v3.0.Incl.Keygen-TSRh.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\Adobe Photoshop CS3 v10.0 Extended Incl Keygen.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\Aone.Ultra.Video.Splitter.v3.5.6.WinALL.Keygen.Only-BRD.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\Autodesk 3DS Max v9.0 FULL + Plugins + Scripts + Keygen.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\Crackheads.Gone.Wild.2006.DVDRip.XViD.REPACK-BELiEVERS.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\Power ISO v3.8 + keygen [h33t] [Original].1.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\Power ISO v3.8 + keygen [h33t] [Original].torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\Sony.Soundforge.8.Inc.Keygen.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\The.Movies.Stunts.And.Effects.KEYGEN-RELOADED.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\The_Lord_of_the_Rings_The_Battle_for_Middle-earth_Keygen-VENGEANCE.rar.torrent moved successfully. C:\DOCUME~1\Admin\Application Data\uTorrent\The_Sims_2_Bon_Voyage_Keygen-HATRED.1.torrent moved successfully. C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen moved successfully. C:\DOCUME~1\Admin\Desktop\Gancked\Crack moved successfully. C:\DOCUME~1\Admin\Desktop\Gancked\Warhammer_40k_Dawn_of_War_KEYGEN.rar moved successfully. File/Folder C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen not found. File/Folder C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen.zip not found. File/Folder C:\DOCUME~1\Admin\Desktop\Gancked\Crack\install.txt not found. File/Folder C:\DOCUME~1\Admin\Desktop\Gancked\Crack\3dsmax9-keygen\max9keygen.exe not found. C:\DOCUME~1\Admin\Desktop\Gancked\Sim City 4\simcity keygen moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Admin\LOCALS~1\Temp\etilqs_4zFhZAtUkjMXFS8wqthF scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Admin\LOCALS~1\Temp\Perflib_Perfdata_bd0.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\mcafee_Wcui3yd2AkbIuaA scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_2H51aQTDpFXVsd3 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_5Z2LaKrhIDbPeR5 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_axzErH9Xctkb48W scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_q4AB58brw1gr5qG scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4b4.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_5dzhsrPgtQd3Onq scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_FRhv7DWYddERV2I scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_g6eYiG7XYMnLkRw scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_gDvONog1oSh0t47 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_hgcUjOZmspm5AfW scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_j9OtcMQs8qeScDV scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_lfnU29xcWIuvPFL scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\WFV1F8.tmp scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11042008_171005 Files moved on Reboot... File C:\DOCUME~1\Admin\LOCALS~1\Temp\etilqs_4zFhZAtUkjMXFS8wqthF not found! File C:\DOCUME~1\Admin\LOCALS~1\Temp\Perflib_Perfdata_bd0.dat not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\WINDOWS\temp\mcafee_Wcui3yd2AkbIuaA moved successfully. C:\WINDOWS\temp\mcmsc_2H51aQTDpFXVsd3 moved successfully. C:\WINDOWS\temp\mcmsc_5Z2LaKrhIDbPeR5 moved successfully. C:\WINDOWS\temp\mcmsc_axzErH9Xctkb48W moved successfully. C:\WINDOWS\temp\mcmsc_q4AB58brw1gr5qG moved successfully. C:\WINDOWS\temp\Perflib_Perfdata_4b4.dat moved successfully. C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat moved successfully. C:\WINDOWS\temp\sqlite_5dzhsrPgtQd3Onq moved successfully. C:\WINDOWS\temp\sqlite_FRhv7DWYddERV2I moved successfully. C:\WINDOWS\temp\sqlite_g6eYiG7XYMnLkRw moved successfully. C:\WINDOWS\temp\sqlite_gDvONog1oSh0t47 moved successfully. C:\WINDOWS\temp\sqlite_hgcUjOZmspm5AfW moved successfully. C:\WINDOWS\temp\sqlite_j9OtcMQs8qeScDV moved successfully. C:\WINDOWS\temp\sqlite_lfnU29xcWIuvPFL moved successfully. File C:\WINDOWS\temp\WFV1F8.tmp not found! C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\XUL.mfl moved successfully.

Rorschach112 View Member Profile	Nov 4 2008, 04:20 PM Post #6
GeekU Teacher Posts: 35,171 From: Dublin OS: XP	Hello Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

undun40cal View Member Profile	Nov 4 2008, 04:24 PM Post #7
Member Posts: 80 From: Indiana OS: Windows XP Home SP3	Here it is. Logfile of random's system information tool 1.04 (written by random/random) Run by Admin at 2008-11-04 17:22:32 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 30 GB (20%) free of 153 GB Total RAM: 894 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:22:37 PM, on 11/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\SearchIndexer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\notepad.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Admin\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Admin\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - https://bill.netgame.com/mglaunch_USAv1002.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 15446 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15 66888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-03-10 879856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-22 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-29 2549368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-23 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-22 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-03-10 879856] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-29 2549368] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15 161096] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144] "nwiz"=nwiz.exe /install [] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "lxcymon.exe"=C:\Program Files\Lexmark 3400 Series\lxcymon.exe [2006-03-06 286720] "EzPrint"=C:\Program Files\Lexmark 3400 Series\ezprint.exe [2006-02-07 98304] "LXCYCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-22 136600] "SunKistEM"=C:\Program Files\eMachines Bay Reader\shwiconem.exe [2004-03-11 135168] "Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968] "Launch LGDCore"=C:\Program Files\Logitech\G-series Software\LGDCore.exe [2006-03-06 1122304] "Launch LCDMon"=C:\Program Files\Logitech\G-series Software\LCDMon.exe [2006-03-06 497152] "zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2003-12-01 892928] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208] "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-29 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-29 91440] "igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032] "NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-04-11 110592] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Program Files\DNA\btdna.exe [2008-10-26 289088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-05-10 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\tuvUMgeF [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:�Torrent" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe::Enabled:McAfee Data Backup" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe::Disabled:@xpsp2res.dll,-22019" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe::Enabled:AIM" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe::Enabled:mIRC" "C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe::Enabled:SoulSeek" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook" "C:\Documents and Settings\Owner\Desktop\Gancked\3D Live Pool v2.3\3D Live Pool\3D Live Pool\3D Live Pool.exe"="C:\Documents and Settings\Owner\Desktop\Gancked\3D Live Pool v2.3\3D Live Pool\3D Live Pool\3D Live Pool.exe::Enabled:3D Live Pool" "C:\Program Files\Corel\DVD9\WinDVD.exe"="C:\Program Files\Corel\DVD9\WinDVD.exe::Enabled:WinDVD" "C:\Program Files\River Past\Animated GIF Converter and Booster Pack\VideoCleaner.exe"="C:\Program Files\River Past\Animated GIF Converter and Booster Pack\VideoCleaner.exe::Enabled:River Past Animated GIF Converter" "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe::Enabled:Battlefield 2" "C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe::Enabled:BF1942" "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe::Enabled:Nexon Game Manager" "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:Enabled:CombatArms.exe" "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:Enabled:Engine.exe" "C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe::Enabled:Nexon Messenger Core" "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe::Enabled:McAfee Network Agent" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe::Enabled:Sid Meier's Civilization IV Colonization" "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe::Enabled:Xfire" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe::Enabled:EA Download Manager" "C:\Codemasters\MTV Music Generator\mtvmusic.exe"="C:\Codemasters\MTV Music Generator\mtvmusic.exe::Enabled:m2kpc" "C:\Codemasters\MTV Music Generator\client.exe"="C:\Codemasters\MTV Music Generator\client.exe::Enabled:m2kpc" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe::Enabled:DNA" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:Enabled:CombatArms.exe" "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:Enabled:Engine.exe" ======List of files/folders created in the last 1 months====== 2008-11-04 17:22:32 ----D---- C:\rsit 2008-11-04 17:10:05 ----D---- C:\_OTMoveIt 2008-11-04 16:46:35 ----A---- C:\lopR.txt 2008-11-04 16:46:11 ----D---- C:\Lop SD 2008-11-04 04:28:38 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2008-11-04 04:28:38 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2008-11-04 04:28:33 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2008-11-04 04:28:29 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2008-11-04 04:28:29 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2008-11-04 04:28:21 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2008-11-04 04:23:53 ----D---- C:\Program Files\ShotOnline International 2008-11-03 21:12:37 ----A---- C:\WINDOWS\system32\yayaWqRi.dll 2008-11-03 21:12:37 ----A---- C:\WINDOWS\system32\khfFXrrP.dll 2008-11-03 21:07:07 ----A---- C:\WINDOWS\system32\nnnnmKAT.dll 2008-11-03 21:07:06 ----A---- C:\WINDOWS\system32\nnnkJCRj.dll 2008-11-03 21:05:46 ----A---- C:\WINDOWS\system32\byXOiFYR.dll 2008-10-29 06:24:24 ----D---- C:\Documents and Settings\Admin\Application Data\ValuSoft 2008-10-29 06:13:36 ----D---- C:\Program Files\Prison Tycoon 4 2008-10-28 17:46:31 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Search 2008-10-26 14:17:17 ----D---- C:\AeriaGames 2008-10-26 13:56:07 ----D---- C:\Program Files\DNA 2008-10-26 13:56:07 ----D---- C:\Documents and Settings\Admin\Application Data\DNA 2008-10-25 21:35:12 ----D---- C:\Codemasters 2008-10-25 14:35:52 ----D---- C:\WINDOWS\Performance 2008-10-25 14:33:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation 2008-10-25 14:30:46 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-10-22 18:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy 2008-10-22 18:22:56 ----D---- C:\Program Files\WorldOfGoo 2008-10-22 14:38:53 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-10-22 14:38:52 ----A---- C:\WINDOWS\system32\javaws.exe 2008-10-22 14:38:52 ----A---- C:\WINDOWS\system32\javaw.exe 2008-10-22 14:38:52 ----A---- C:\WINDOWS\system32\java.exe 2008-10-22 13:06:18 ----D---- C:\WINDOWS\system32\NtmsData 2008-10-22 11:56:02 ----HD---- C:\WINDOWS\PIF 2008-10-22 11:50:23 ----SHD---- C:\RECYCLER 2008-10-22 11:42:56 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search 2008-10-22 11:42:20 ----D---- C:\WINDOWS\system32\GroupPolicy 2008-10-22 11:42:20 ----D---- C:\Program Files\Windows Desktop Search 2008-10-22 11:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$ 2008-10-22 09:51:49 ----D---- C:\Documents and Settings\Admin\Application Data\Malwarebytes 2008-10-22 09:51:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-22 09:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-16 00:18:40 ----RA---- C:\WINDOWS\system32\vp6vfw.dll 2008-10-12 18:09:26 ----D---- C:\Program Files\Vision Video Games 2008-10-12 10:42:57 ----D---- C:\Program Files\Enlight 2008-10-11 23:44:43 ----D---- C:\Program Files\WarRock 2008-10-11 04:12:30 ----D---- C:\Program Files\Playlogic 2008-10-10 06:46:37 ----D---- C:\Program Files\Drug Wars 2008-10-09 07:19:16 ----D---- C:\fsaua.data 2008-10-09 07:08:50 ----D---- C:\Program Files\EsetOnlineScanner 2008-10-08 19:47:12 ----A---- C:\WINDOWS\system32\xfcodec.dll ======List of files/folders modified in the last 1 months====== 2008-11-04 17:22:21 ----D---- C:\WINDOWS\Prefetch 2008-11-04 17:19:52 ----D---- C:\WINDOWS\Temp 2008-11-04 17:17:27 ----D---- C:\Program Files\Mozilla Firefox 2008-11-04 17:15:15 ----A---- C:\WINDOWS\iTouch.ini 2008-11-04 17:15:05 ----D---- C:\Program Files\lx_cats 2008-11-04 17:13:31 ----D---- C:\WINDOWS 2008-11-04 17:11:30 ----D---- C:\WINDOWS\system32 2008-11-04 17:10:07 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent 2008-11-04 04:47:07 ----D---- C:\WINDOWS\system32\drivers 2008-11-04 04:28:42 ----D---- C:\WINDOWS\system32\DirectX 2008-11-04 04:28:41 ----HD---- C:\WINDOWS\inf 2008-11-04 04:27:52 ----HD---- C:\WINDOWS\msdownld.tmp 2008-11-04 04:23:53 ----RD---- C:\Program Files 2008-11-03 23:52:11 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-03 23:45:33 ----D---- C:\WINDOWS\system32\LogFiles 2008-11-03 21:34:25 ----SHD---- C:\Config.Msi 2008-11-03 21:33:17 ----N---- C:\WINDOWS\SchedLgU.Txt 2008-11-03 21:31:42 ----D---- C:\Program Files\Soulseek 2008-11-03 21:29:02 ----D---- C:\Program Files\EA GAMES 2008-11-03 21:27:53 ----SHD---- C:\WINDOWS\Installer 2008-11-03 21:24:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-11-03 21:24:49 ----D---- C:\Program Files\Final Draft 7 2008-11-03 21:24:43 ----RSD---- C:\WINDOWS\Fonts 2008-11-03 21:23:48 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-03 21:23:48 ----AC---- C:\WINDOWS\SIERRA.INI 2008-11-03 21:21:29 ----D---- C:\Program Files\Crazy Machines II 2008-11-03 21:17:11 ----D---- C:\WINDOWS\pss 2008-11-03 21:11:39 ----AC---- C:\WINDOWS\system32\6705e871-.txt 2008-11-03 16:50:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-02 16:46:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-01 19:13:34 ----D---- C:\Documents and Settings\Admin\Application Data\Vso 2008-10-30 22:21:58 ----D---- C:\Program Files\McAfee 2008-10-29 22:56:45 ----D---- C:\Program Files\Xfire 2008-10-29 06:17:07 ----RSD---- C:\WINDOWS\assembly 2008-10-27 17:05:51 ----D---- C:\Documents and Settings\Admin\Application Data\Xfire 2008-10-26 13:55:43 ----D---- C:\Documents and Settings\Admin\Application Data\IGN_DLM 2008-10-24 12:29:21 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-24 12:29:05 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-23 15:28:14 ----D---- C:\WINDOWS\Minidump 2008-10-22 14:53:36 ----D---- C:\WINDOWS\Microsoft.NET 2008-10-22 14:38:15 ----D---- C:\Program Files\Java 2008-10-22 13:29:52 ----D---- C:\Program Files\SystemRequirementsLab 2008-10-22 13:29:52 ----D---- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab 2008-10-22 11:47:39 ----D---- C:\WINDOWS\Help 2008-10-22 11:47:36 ----D---- C:\WINDOWS\nview 2008-10-22 11:43:35 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-10-22 11:42:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-22 11:42:23 ----D---- C:\WINDOWS\system32\en-US 2008-10-22 11:42:20 ----D---- C:\WINDOWS\system32\wbem 2008-10-22 11:21:18 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-22 11:20:25 ----D---- C:\WINDOWS\system32\XPSViewer 2008-10-22 11:16:12 ----D---- C:\WINDOWS\WinSxS 2008-10-22 11:15:16 ----D---- C:\Program Files\Internet Explorer 2008-10-22 09:07:13 ----A---- C:\WINDOWS\system.ini 2008-10-22 09:02:36 ----D---- C:\Program Files\Common Files 2008-10-22 09:02:35 ----D---- C:\WINDOWS\AppPatch 2008-10-22 08:50:59 ----D---- C:\Program Files\Microsoft Silverlight 2008-10-21 20:21:32 ----D---- C:\WINDOWS\system32\config 2008-10-21 20:20:30 ----D---- C:\WINDOWS\erdnt 2008-10-20 11:39:39 ----D---- C:\Program Files\Electronic Arts 2008-10-17 16:03:38 ----D---- C:\WINDOWS\Debug 2008-10-17 00:19:09 ----D---- C:\Program Files\Common Files\EasyInfo 2008-10-17 00:06:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-16 02:42:08 ----D---- C:\Program Files\Cheat Engine 2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-12 21:52:38 ----D---- C:\Program Files\The Logo Creator v5 2008-10-12 20:52:21 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2008-10-11 05:12:21 ----A---- C:\WINDOWS\NeroDigital.ini 2008-10-09 07:28:11 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-09 07:11:18 ----D---- C:\Program Files\Panda Security 2008-10-07 17:10:28 ----D---- C:\WINDOWS\network diagnostic 2008-10-07 16:22:45 ----D---- C:\Nexon 2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792] R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052] R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-11 278984] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-11 25416] R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [] R2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys [] R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2003-11-08 12953] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368] R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576] R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys [] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-02 47360] R3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032] R3 RTL8023;Sitecom Gigabit Ethernet Adapter LN-027v2 NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-30 69504] R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [] R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 aitwkdse;aitwkdse; C:\WINDOWS\system32\drivers\aitwkdse.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-04-10 62794] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys [] S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys [] S3 XDva092;XDva092; \??\C:\WINDOWS\system32\XDva092.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-07-02 72704] R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-23 168432] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-22 152984] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704] R2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-07-09 25416] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864] R2 nTuneService;Performance Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-04-11 155648] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-18 66872] R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 UpdateCenterService;Update Center Service; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-05-23 114688] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704] S2 DCPFLICS;DCPFLICS; C:\Program Files\DCPFLICS\DCPFLICS.exe [2006-12-01 139268] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-31 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2008-07-10 66848] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- info.txt logfile of random's system information tool 1.04 2008-11-04 17:22:40 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->MsiExec /X{CD6E97C6-310B-487A-945E-18965FF0E20E} -->MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA} -->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 123 AVI to GIF Converter 3.0-->"C:\Program Files\123 AVI to GIF Converter\unins000.exe" 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->ms

Rorschach112 View Member Profile	Nov 4 2008, 04:33 PM Post #8
GeekU Teacher Posts: 35,171 From: Dublin OS: XP	Hello Please download the OTMoveIt3 by OldTimer or from here. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes explorer.exe :Services :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 :files C:\WINDOWS\system32\yayaWqRi.dll C:\WINDOWS\system32\khfFXrrP.dll C:\WINDOWS\system32\nnnnmKAT.dll C:\WINDOWS\system32\nnnkJCRj.dll C:\WINDOWS\system32\byXOiFYR.dll :Commands [purity] [emptytemp] [start explorer] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Also post a new Rsit log

undun40cal View Member Profile	Nov 4 2008, 04:45 PM Post #9
Member Posts: 80 From: Indiana OS: Windows XP Home SP3	========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"authentication packages"\|msv1_0 /E : value set successfully! ========== FILES ========== DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayaWqRi.dll C:\WINDOWS\system32\yayaWqRi.dll NOT unregistered. C:\WINDOWS\system32\yayaWqRi.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfFXrrP.dll C:\WINDOWS\system32\khfFXrrP.dll NOT unregistered. C:\WINDOWS\system32\khfFXrrP.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnnmKAT.dll C:\WINDOWS\system32\nnnnmKAT.dll NOT unregistered. C:\WINDOWS\system32\nnnnmKAT.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnkJCRj.dll C:\WINDOWS\system32\nnnkJCRj.dll NOT unregistered. C:\WINDOWS\system32\nnnkJCRj.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\byXOiFYR.dll C:\WINDOWS\system32\byXOiFYR.dll NOT unregistered. C:\WINDOWS\system32\byXOiFYR.dll moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Admin\LOCALS~1\Temp\etilqs_DTGHZnegi9Br3tKT3aTZ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Admin\LOCALS~1\Temp\Perflib_Perfdata_d28.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\mcafee_qiBh4vKX0aFEE6h scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_EpCL8ykNf8KKaws scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_SI83I88Hk5hERE6 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_47c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_78c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_dDdZKl69Tw9Afm3 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_F3IFvnx9iGacukz scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_g9Nke6MnWQTanuU scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_MBTfESwgORpngug scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_XCZRoDSLqrO8m4Y scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_xjw0hBvhTMbWbHS scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_ZOtzbBesyLrRceF scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\WFV6.tmp scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11042008_173737 Files moved on Reboot... File C:\DOCUME~1\Admin\LOCALS~1\Temp\etilqs_DTGHZnegi9Br3tKT3aTZ not found! File C:\DOCUME~1\Admin\LOCALS~1\Temp\Perflib_Perfdata_d28.dat not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\mcafee_qiBh4vKX0aFEE6h not found! File C:\WINDOWS\temp\mcmsc_EpCL8ykNf8KKaws not found! File C:\WINDOWS\temp\mcmsc_SI83I88Hk5hERE6 not found! File C:\WINDOWS\temp\Perflib_Perfdata_47c.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_78c.dat not found! C:\WINDOWS\temp\sqlite_dDdZKl69Tw9Afm3 moved successfully. C:\WINDOWS\temp\sqlite_F3IFvnx9iGacukz moved successfully. C:\WINDOWS\temp\sqlite_g9Nke6MnWQTanuU moved successfully. C:\WINDOWS\temp\sqlite_MBTfESwgORpngug moved successfully. C:\WINDOWS\temp\sqlite_XCZRoDSLqrO8m4Y moved successfully. C:\WINDOWS\temp\sqlite_xjw0hBvhTMbWbHS moved successfully. C:\WINDOWS\temp\sqlite_ZOtzbBesyLrRceF moved successfully. File move failed. C:\WINDOWS\temp\WFV6.tmp scheduled to be moved on reboot. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\XUL.mfl moved successfully. Logfile of random's system information tool 1.04 (written by random/random) Run by Admin at 2008-11-04 17:44:50 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 30 GB (20%) free of 153 GB Total RAM: 894 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:44:54 PM, on 11/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\SearchIndexer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Admin\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Admin\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - https://bill.netgame.com/mglaunch_USAv1002.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 15378 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15 66888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-03-10 879856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-22 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-29 2549368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-23 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-22 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-03-10 879856] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-29 2549368] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15 161096] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144] "nwiz"=nwiz.exe /install [] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "lxcymon.exe"=C:\Program Files\Lexmark 3400 Series\lxcymon.exe [2006-03-06 286720] "EzPrint"=C:\Program Files\Lexmark 3400 Series\ezprint.exe [2006-02-07 98304] "LXCYCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-22 136600] "SunKistEM"=C:\Program Files\eMachines Bay Reader\shwiconem.exe [2004-03-11 135168] "Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968] "Launch LGDCore"=C:\Program Files\Logitech\G-series Software\LGDCore.exe [2006-03-06 1122304] "Launch LCDMon"=C:\Program Files\Logitech\G-series Software\LCDMon.exe [2006-03-06 497152] "zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2003-12-01 892928] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208] "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-29 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-29 91440] "igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032] "NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-04-11 110592] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Program Files\DNA\btdna.exe [2008-10-26 289088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-05-10 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:�Torrent" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe::Enabled:McAfee Data Backup" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe::Disabled:@xpsp2res.dll,-22019" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe::Enabled:AIM" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe::Enabled:mIRC" "C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe::Enabled:SoulSeek" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook" "C:\Documents and Settings\Owner\Desktop\Gancked\3D Live Pool v2.3\3D Live Pool\3D Live Pool\3D Live Pool.exe"="C:\Documents and Settings\Owner\Desktop\Gancked\3D Live Pool v2.3\3D Live Pool\3D Live Pool\3D Live Pool.exe::Enabled:3D Live Pool" "C:\Program Files\Corel\DVD9\WinDVD.exe"="C:\Program Files\Corel\DVD9\WinDVD.exe::Enabled:WinDVD" "C:\Program Files\River Past\Animated GIF Converter and Booster Pack\VideoCleaner.exe"="C:\Program Files\River Past\Animated GIF Converter and Booster Pack\VideoCleaner.exe::Enabled:River Past Animated GIF Converter" "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe::Enabled:Battlefield 2" "C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe::Enabled:BF1942" "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe::Enabled:Nexon Game Manager" "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:Enabled:CombatArms.exe" "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:Enabled:Engine.exe" "C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe::Enabled:Nexon Messenger Core" "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe::Enabled:McAfee Network Agent" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe::Enabled:Sid Meier's Civilization IV Colonization" "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe::Enabled:Xfire" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe::Enabled:EA Download Manager" "C:\Codemasters\MTV Music Generator\mtvmusic.exe"="C:\Codemasters\MTV Music Generator\mtvmusic.exe::Enabled:m2kpc" "C:\Codemasters\MTV Music Generator\client.exe"="C:\Codemasters\MTV Music Generator\client.exe::Enabled:m2kpc" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe::Enabled:DNA" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:Enabled:CombatArms.exe" "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:Enabled:Engine.exe" ======List of files/folders created in the last 1 months====== 2008-11-04 17:22:32 ----D---- C:\rsit 2008-11-04 17:10:05 ----D---- C:\_OTMoveIt 2008-11-04 16:46:35 ----A---- C:\lopR.txt 2008-11-04 16:46:11 ----D---- C:\Lop SD 2008-11-04 04:28:38 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2008-11-04 04:28:38 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2008-11-04 04:28:33 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2008-11-04 04:28:29 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2008-11-04 04:28:29 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2008-11-04 04:28:21 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2008-11-04 04:23:53 ----D---- C:\Program Files\ShotOnline International 2008-10-29 06:24:24 ----D---- C:\Documents and Settings\Admin\Application Data\ValuSoft 2008-10-29 06:13:36 ----D---- C:\Program Files\Prison Tycoon 4 2008-10-28 17:46:31 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Search 2008-10-26 14:17:17 ----D---- C:\AeriaGames 2008-10-26 13:56:07 ----D---- C:\Program Files\DNA 2008-10-26 13:56:07 ----D---- C:\Documents and Settings\Admin\Application Data\DNA 2008-10-25 21:35:12 ----D---- C:\Codemasters 2008-10-25 14:35:52 ----D---- C:\WINDOWS\Performance 2008-10-25 14:33:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation 2008-10-25 14:30:46 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-10-22 18:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy 2008-10-22 18:22:56 ----D---- C:\Program Files\WorldOfGoo 2008-10-22 14:38:53 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-10-22 14:38:52 ----A---- C:\WINDOWS\system32\javaws.exe 2008-10-22 14:38:52 ----A---- C:\WINDOWS\system32\javaw.exe 2008-10-22 14:38:52 ----A---- C:\WINDOWS\system32\java.exe 2008-10-22 13:06:18 ----D---- C:\WINDOWS\system32\NtmsData 2008-10-22 11:56:02 ----HD---- C:\WINDOWS\PIF 2008-10-22 11:50:23 ----SHD---- C:\RECYCLER 2008-10-22 11:42:56 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search 2008-10-22 11:42:20 ----D---- C:\WINDOWS\system32\GroupPolicy 2008-10-22 11:42:20 ----D---- C:\Program Files\Windows Desktop Search 2008-10-22 11:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$ 2008-10-22 09:51:49 ----D---- C:\Documents and Settings\Admin\Application Data\Malwarebytes 2008-10-22 09:51:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-22 09:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-16 00:18:40 ----RA---- C:\WINDOWS\system32\vp6vfw.dll 2008-10-12 18:09:26 ----D---- C:\Program Files\Vision Video Games 2008-10-12 10:42:57 ----D---- C:\Program Files\Enlight 2008-10-11 23:44:43 ----D---- C:\Program Files\WarRock 2008-10-11 04:12:30 ----D---- C:\Program Files\Playlogic 2008-10-10 06:46:37 ----D---- C:\Program Files\Drug Wars 2008-10-09 07:19:16 ----D---- C:\fsaua.data 2008-10-09 07:08:50 ----D---- C:\Program Files\EsetOnlineScanner 2008-10-08 19:47:12 ----A---- C:\WINDOWS\system32\xfcodec.dll ======List of files/folders modified in the last 1 months====== 2008-11-04 17:43:16 ----D---- C:\WINDOWS\Temp 2008-11-04 17:43:04 ----D---- C:\Program Files\Mozilla Firefox 2008-11-04 17:41:48 ----D---- C:\WINDOWS\Prefetch 2008-11-04 17:41:42 ----A---- C:\WINDOWS\iTouch.ini 2008-11-04 17:41:37 ----D---- C:\Program Files\lx_cats 2008-11-04 17:37:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-04 17:37:37 ----D---- C:\WINDOWS\system32 2008-11-04 17:13:31 ----D---- C:\WINDOWS 2008-11-04 17:10:07 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent 2008-11-04 04:47:07 ----D---- C:\WINDOWS\system32\drivers 2008-11-04 04:28:42 ----D---- C:\WINDOWS\system32\DirectX 2008-11-04 04:28:41 ----HD---- C:\WINDOWS\inf 2008-11-04 04:28:06 ----HD---- C:\WINDOWS\msdownld.tmp 2008-11-04 04:23:53 ----RD---- C:\Program Files 2008-11-03 23:52:11 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-03 23:45:33 ----D---- C:\WINDOWS\system32\LogFiles 2008-11-03 21:34:25 ----SHD---- C:\Config.Msi 2008-11-03 21:31:42 ----D---- C:\Program Files\Soulseek 2008-11-03 21:29:02 ----D---- C:\Program Files\EA GAMES 2008-11-03 21:27:53 ----SHD---- C:\WINDOWS\Installer 2008-11-03 21:24:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-11-03 21:24:49 ----D---- C:\Program Files\Final Draft 7 2008-11-03 21:24:43 ----RSD---- C:\WINDOWS\Fonts 2008-11-03 21:23:48 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-03 21:23:48 ----AC---- C:\WINDOWS\SIERRA.INI 2008-11-03 21:21:29 ----D---- C:\Program Files\Crazy Machines II 2008-11-03 21:17:11 ----D---- C:\WINDOWS\pss 2008-11-03 21:11:39 ----AC---- C:\WINDOWS\system32\6705e871-.txt 2008-11-03 16:50:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-02 16:46:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-01 19:13:34 ----D---- C:\Documents and Settings\Admin\Application Data\Vso 2008-10-30 22:21:58 ----D---- C:\Program Files\McAfee 2008-10-29 22:56:45 ----D---- C:\Program Files\Xfire 2008-10-29 06:17:07 ----RSD---- C:\WINDOWS\assembly 2008-10-27 17:05:51 ----D---- C:\Documents and Settings\Admin\Application Data\Xfire 2008-10-26 13:55:43 ----D---- C:\Documents and Settings\Admin\Application Data\IGN_DLM 2008-10-24 12:29:21 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-24 12:29:05 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-23 15:28:14 ----D---- C:\WINDOWS\Minidump 2008-10-22 14:53:36 ----D---- C:\WINDOWS\Microsoft.NET 2008-10-22 14:38:15 ----D---- C:\Program Files\Java 2008-10-22 13:29:52 ----D---- C:\Program Files\SystemRequirementsLab 2008-10-22 13:29:52 ----D---- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab 2008-10-22 11:47:39 ----D---- C:\WINDOWS\Help 2008-10-22 11:47:36 ----D---- C:\WINDOWS\nview 2008-10-22 11:43:35 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-10-22 11:42:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-22 11:42:23 ----D---- C:\WINDOWS\system32\en-US 2008-10-22 11:42:20 ----D---- C:\WINDOWS\system32\wbem 2008-10-22 11:21:18 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-22 11:20:25 ----D---- C:\WINDOWS\system32\XPSViewer 2008-10-22 11:16:12 ----D---- C:\WINDOWS\WinSxS 2008-10-22 11:15:16 ----D---- C:\Program Files\Internet Explorer 2008-10-22 09:07:13 ----A---- C:\WINDOWS\system.ini 2008-10-22 09:02:36 ----D---- C:\Program Files\Common Files 2008-10-22 09:02:35 ----D---- C:\WINDOWS\AppPatch 2008-10-22 08:50:59 ----D---- C:\Program Files\Microsoft Silverlight 2008-10-21 20:21:32 ----D---- C:\WINDOWS\system32\config 2008-10-21 20:20:30 ----D---- C:\WINDOWS\erdnt 2008-10-20 11:39:39 ----D---- C:\Program Files\Electronic Arts 2008-10-17 16:03:38 ----D---- C:\WINDOWS\Debug 2008-10-17 00:19:09 ----D---- C:\Program Files\Common Files\EasyInfo 2008-10-17 00:06:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-16 02:42:08 ----D---- C:\Program Files\Cheat Engine 2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-12 21:52:38 ----D---- C:\Program Files\The Logo Creator v5 2008-10-12 20:52:21 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2008-10-11 05:12:21 ----A---- C:\WINDOWS\NeroDigital.ini 2008-10-09 07:28:11 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-09 07:11:18 ----D---- C:\Program Files\Panda Security 2008-10-07 17:10:28 ----D---- C:\WINDOWS\network diagnostic 2008-10-07 16:22:45 ----D---- C:\Nexon 2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792] R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052] R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-11 278984] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-11 25416] R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [] R2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys [] R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2003-11-08 12953] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368] R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576] R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys [] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-02 47360] R3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032] R3 RTL8023;Sitecom Gigabit Ethernet Adapter LN-027v2 NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-30 69504] R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [] R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 adq57eju;adq57eju; C:\WINDOWS\system32\drivers\adq57eju.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-04-10 62794] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys [] S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys [] S3 XDva092;XDva092; \??\C:\WINDOWS\system32\XDva092.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-07-02 72704] R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-23 168432] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-22 152984] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704] R2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-07-09 25416] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864] R2 nTuneService;Performance Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-04-11 155648] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920] R2 PnkBs

Rorschach112 View Member Profile	Nov 4 2008, 04:46 PM Post #10
GeekU Teacher Posts: 35,171 From: Dublin OS: XP	Hello Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

undun40cal View Member Profile	Nov 4 2008, 04:56 PM Post #11
Member Posts: 80 From: Indiana OS: Windows XP Home SP3	Here's the Malwarebytes log. I will post the Kaspersky log when it's finished. Again, thank you for your help. Malwarebytes' Anti-Malware 1.29 Database version: 1306 Windows 5.1.2600 Service Pack 3 11/4/2008 5:54:28 PM mbam-log-2008-11-04 (17-54-28).txt Scan type: Quick Scan Objects scanned: 56327 Time elapsed: 4 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This post has been edited by undun40cal: Nov 4 2008, 04:57 PM

Rorschach112 View Member Profile	Nov 5 2008, 10:35 AM Post #12
GeekU Teacher Posts: 35,171 From: Dublin OS: XP	ok post the Kaspersky log as well

undun40cal View Member Profile	Nov 5 2008, 10:56 AM Post #13
Member Posts: 80 From: Indiana OS: Windows XP Home SP3	-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, November 5, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, November 05, 2008 05:56:06 Records in database: 1369843 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan statistics: Files scanned: 232892 Threat name: 5 Infected objects: 11 Suspicious objects: 0 Duration of the scan: 05:23:14 File name / Threat name / Threats count C:\Documents and Settings\Default User\Desktop\Gancked\WINDOWS XP KEYGEN+VALIDATION PACK\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1 C:\Documents and Settings\Default User\Desktop\Gancked\WINDOWS XP KEYGEN+VALIDATION PACK\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1 C:\Documents and Settings\Owner\Desktop\Gancked\MIRC.v6.31-.Lz0\MIRC.v6.31-Lz0\crack\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\Documents and Settings\Owner\Desktop\Gancked\MIRC.v6.31-.Lz0\MIRC.v6.31-Lz0\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\Documents and Settings\Owner\Desktop\Gancked\MIRC.v6.31-.Lz0\MIRC.v6.31-Lz0.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.631 2 C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\WINDOWS\system32\config\systemprofile\Desktop\Gancked\WINDOWS XP KEYGEN+VALIDATION PACK\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1 C:\WINDOWS\system32\config\systemprofile\Desktop\Gancked\WINDOWS XP KEYGEN+VALIDATION PACK\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1 C:\_OTMoveIt\MovedFiles\11042008_171005\DOCUME~1\Admin\Desktop\Gancked\Warhammer_40k_Dawn_of_War_KEYGEN.rar Infected: Trojan-PSW.Win32.Staem.a 1 The selected area was scanned.

Rorschach112 View Member Profile	Nov 5 2008, 11:16 AM Post #14
GeekU Teacher Posts: 35,171 From: Dublin OS: XP	You are using a cracked version of Windows, we cannot help you here. It is against the rules I suggest you buy a legitimate version

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Help with removing "Your privacy is in danger" red screen vi	12 / 1,318	8th May 2008 - 04:15 AM Daner started - last by Tal
Virus, Spyware and Trojan Removal Help with removing Adzgalore and Yoog search	0 / 3,079	26th December 2008 - 11:23 PM dimkasmir started - last by dimkasmir
Virus, Spyware and Trojan Removal Help with removing Vundo [Closed]	6 / 298	12th January 2009 - 01:51 AM mkeenan started - last by fenzodahl512
Virus, Spyware and Trojan Removal Need help with removing malware [Solved]	12 / 423	24th February 2009 - 03:40 PM jmccombs4 started - last by JSntgRvr