Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Nod32 not enough I need help

Started by XJadynX , Oct 19 2007 03:41 PM

Please log in to reply

#1
XJadynX

Posted 19 October 2007 - 03:41 PM

New Member

Member
9 posts

No matter how many times I try.... My Nod 32 keeps comming up with the same thing... my computer has

application Win32/Adware.Virtumonde.FP found in operating memory. every time..... the file is C:\WINDOWS\system32\mljjg.dll and it just can't get rid of it... I've tried everthing I can... PLEASE help me... I've found dozens of thing like this on my computer... it SEEMS Nod got rid of all but this one.... for the sake of my sanity... plz help before I go all out and format my computer... BTW.. I tried Vondo and it didn't work either

Edited by XJadynX, 19 October 2007 - 03:41 PM.

#2
Rorschach112

Posted 19 October 2007 - 03:43 PM

Ralphie

Retired Staff
47,710 posts

Hello, my name is Rorschach and I'll be helping you with your problems.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

#3
XJadynX

Posted 19 October 2007 - 04:06 PM

New Member

Topic Starter
Member
9 posts

HERE IS THE ONE FROM COMBOFIX

ComboFix 07-10-20.2 - Justin 2007-10-19 11:52:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1404 [GMT -10:00]
Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\check_LSA7.txt
C:\Documents and Settings\Justin\Desktop\internet.lnk
C:\Program Files\Common Files\lavuf.dll
C:\Program Files\Common Files\profsys.html
C:\Program Files\MSN\hokelomut4444.dll
C:\Program Files\MSN\hokelomut83122.dll
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cpbkubwi.exe
C:\WINDOWS\system32\ctsqywla.exe
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mylbrsrm.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\z8
C:\WINDOWS\system32\z8\srwv12drll.exe
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-19 11:35 <DIR> d-------- C:\VundoFix Backups
2007-10-18 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-15 16:37 <DIR> d-------- C:\Temp
2007-10-08 22:00 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\PlayFirst
2007-10-08 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-08 21:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-04 19:46 <DIR> d-------- C:\Program Files\anywebcam
2007-10-02 21:13 <DIR> d-------- C:\Program Files\RedlightCenter
2007-10-02 21:13 <DIR> d-------- C:\Program Files\Common Files\PocketSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 21:58 --------- d-----w C:\Program Files\Steam2
2007-10-19 21:49 246 ----a-w C:\Program Files\Common Files\lavuf
2007-10-19 19:54 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-19 19:53 --------- d-----w C:\Program Files\Yahoo!
2007-10-19 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-19 06:42 --------- d-----w C:\Program Files\iWin.com Games
2007-10-19 06:40 --------- d-----w C:\Program Files\GameShadow
2007-10-09 09:35 --------- d-----w C:\Program Files\MSN Games
2007-10-07 04:26 --------- d-----w C:\Program Files\World of Warcraft
2007-10-03 07:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-17 21:13 --------- d-----w C:\Documents and Settings\Justin\Application Data\Sonic
2007-09-17 21:13 --------- d-----w C:\Documents and Settings\Justin\Application Data\Leadertech
2007-09-17 05:44 --------- d-----w C:\Program Files\Stardock
2007-09-17 05:44 --------- d-----w C:\Program Files\Common Files\Stardock
2007-09-11 07:09 --------- d-----w C:\Documents and Settings\Justin\Application Data\Uniblue
2007-09-10 23:50 --------- d-----w C:\Program Files\Ubisoft
2007-09-06 05:22 --------- d-----w C:\Program Files\Sierra
2007-09-05 00:44 --------- d-----w C:\Documents and Settings\Justin\Application Data\U3
2007-09-05 00:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\Corel
2007-09-02 10:00 --------- d-----w C:\Documents and Settings\Justin\Application Data\uTorrent
2007-08-29 06:13 --------- d-----w C:\Documents and Settings\Justin\Application Data\Bioshock
2007-08-26 07:09 --------- d-----w C:\Program Files\2K Games
2007-08-26 07:09 --------- d-----w C:\Documents and Settings\Justin\Application Data\InstallShield
2007-08-26 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-08-25 01:44 --------- d--h--r C:\Documents and Settings\Justin\Application Data\SecuROM
2006-11-19 08:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-07-30 02:24:26 472 --sha-r C:\WINDOWS\SnVzdGlu\mBpWx35R.vbs
2006-05-30 20:05:29 88 -csh--r C:\WINDOWS\system32\ABDA231EFC.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 09:01]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 02:56]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 05:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 05:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 00:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-11 14:14]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-05 19:27]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-02 06:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
"nwiz"="nwiz.exe" [2007-08-17 16:23 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-17 16:23]
"zzz_ImInstaller_"="C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\8P1BXA7G\incredimail_install[1].exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-31 14:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00]
"Fork Mail"="C:\DOCUME~1\Justin\APPLIC~1\BOREMA~1\messgram.exe" []
"Steam"="C:\Program Files\Steam2\Steam.exe" [2007-10-06 16:48]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonon]
urqonon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

R1 SSHDRV85;SSHDRV85;\??\C:\WINDOWS\system32\drivers\SSHDRV85.sys
S3 pohci13F;pohci13F;\??\C:\DOCUME~1\Justin\LOCALS~1\Temp\pohci13F.sys
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ef6c55-464f-11dc-85b4-0013721812a6}]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9089f04-5b46-11dc-85db-0013721812a6}]
AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 11:57:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-20 12:00:25 - machine was rebooted
.
--- E O F ---

#4
XJadynX

Posted 19 October 2007 - 04:07 PM

New Member

Topic Starter
Member
9 posts

HERE IS THE ONE FROM WINPFIND3U

WinPFind3 logfile created on: 10/20/2007 12:01:20 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Justin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.45% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 60.94 Gb Free Space | 42.23% Space Free
Drive D: | 298.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: IKAIKA2
Current User Name: Justin
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 12:20:00 AM | Attr = ]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 2:56:14 AM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 2:55:58 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 5:44:02 AM | Attr = ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 23 | Size = 552064 bytes | Modified Date = 4/2/2007 6:51:10 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6344 | Size = 155716 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/5/2006 7:27:26 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 6:20:44 PM | Attr = ]
wbload.exe -> %ProgramFiles%\Stardock\Object Desktop\ThemeManager\wbload.exe -> Stardock Systems, Inc [Ver = 4.51 | Size = 437760 bytes | Modified Date = 5/12/2005 11:02:24 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 | Attr = ]
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 2:55:58 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 6:26:40 AM | Attr = ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 23 | Size = 552064 bytes | Modified Date = 4/2/2007 6:51:10 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6344 | Size = 155716 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 12:20:00 AM | Attr = ]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 2:56:14 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 5:44:02 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 5:44:02 AM | Attr = ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 23 | Size = 949376 bytes | Modified Date = 4/2/2007 6:51:10 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6344 | Size = 8478720 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6344 | Size = 81920 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 5/11/2006 2:14:02 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 6:20:44 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/5/2006 7:27:26 PM | Attr = ]
zzz_ImInstaller_ -> %LocalSettings%\Temporary Internet Files\Content.IE5\8P1BXA7G\incredimail_install[1].exe -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Fork Mail -> %SystemDrive%\DOCUME~1\Justin\APPLIC~1\BOREMA~1\messgram.exe -> File not found
IncrediMail -> %ProgramFiles%\IncrediMail\bin\IncMail.exe -> IncrediMail, Ltd. [Ver = 5, 2, 5, 2598 | Size = 204843 bytes | Modified Date = 10/31/2006 2:06:24 PM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found
Steam -> %ProgramFiles%\Steam2\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 10/6/2007 4:48:30 PM | Attr = ]
Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe -> File not found
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 10:27:44 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
urqonon -> urqonon.dll -> File not found
WB -> %ProgramFiles%\Stardock\Object Desktop\ThemeManager\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 12/20/2001 11:34:52 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.yahoo.com/?.home=ytie ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://www.yahoo.com/?.home=ytie ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/?.home=ytie ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 12:20:00 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{10E6A399-1201-4080-A6AD-478A592C277C} -> (Intel® PRO/1000 PL Network Connection) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D44720-58E3-49E6-BDF6-D00330E511D3} -> StagingUI Object - CodeBase = http://zone.msn.com/...UI.cab55579.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> - CodeBase = http://www.fileplane...C_2.3.5.107.cab ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> MSN Games – Buddy Invite - CodeBase = http://zone.msn.com/...dy.cab55579.cab ->
{54B52E52-8000-4413-BD67-FC7FE24B59F2} -> EARTPatchX Class - CodeBase = http://simcity.ea.co...date/EARTPX.cab ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ZonePAChat Object - CodeBase = http://zone.msn.com/...at.cab55579.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.mi...b?1188106856882 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.mi...b?1188106846820 ->
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> MJLauncherCtrl Class - CodeBase = http://zone.msn.com/...mjolauncher.cab ->
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} -> UnoCtrl Class - CodeBase = http://zone.msn.com/...O1.cab60096.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} -> MSN Games – Texas Holdem Poker - CodeBase = http://zone.msn.com/...he.cab60231.cab ->
{A4110378-789B-455F-AE86-3A1BFC402853} -> ZPA_SHVL Object - CodeBase = http://zone.msn.com/...vl.cab55579.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> MSN Games - Installer - CodeBase = http://cdn2.zone.msn...ro.cab56649.cab ->
{C36661D7-3590-45B1-80B5-520839E94DAD} -> MaxisSimCity4PatcherX Control - CodeBase = http://simcity.ea.co...ty4PatcherX.cab ->
{CAC181B0-4D70-402D-B571-C596A47D0CE0} -> CBankshotZoneCtrl Class - CodeBase = http://zone.msn.com/...ol.cab56649.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ent/swflash.cab ->
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -> TikGames Online Control - CodeBase = http://zone.msn.com/.../default/ct.cab ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> MSN Games – Game Communicator - CodeBase = http://zone.msn.com/...xy.cab55579.cab ->
{DECEAAA2-370A-49BB-9362-68C3A58DDC62} -> SAIX - CodeBase = http://static.zangoc...5d3c47945c52d3d ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> PopCapLoader Object - CodeBase = http://zone.msn.com/...ploader_v10.cab ->
{E5D419D6-A846-4514-9FAD-97E826C84822} -> HeartbeatCtl Class - CodeBase = http://fdl.msn.com/z...s/heartbeat.cab ->

[Files/Folders - Created Within 30 days]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 10/19/2007 10:03:14 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 10/19/2007 10:03:14 AM | Attr = RHS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/19/2007 11:52:05 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 10/15/2007 4:37:44 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 10/19/2007 11:35:07 AM | Attr = ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 10/17/2007 6:38:03 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/17/2007 6:38:59 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 10/17/2007 6:38:53 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/17/2007 6:39:59 AM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 135168 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/20/2007 11:55:48 AM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
SnVzdGlu -> %SystemRoot%\SnVzdGlu -> [Folder | Created Date = 10/15/2007 4:37:57 PM | Attr = HS]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 10/20/2007 12:00:35 PM | Attr = ]
cos2 -> %System32%\cos2 -> [Folder | Created Date = 10/15/2007 4:37:49 PM | Attr = ]
oqvpdrbl.ini -> %System32%\oqvpdrbl.ini -> [Ver = | Size = 693652 bytes | Created Date = 10/17/2007 6:11:28 AM | Attr = HS]
pd2 -> %System32%\pd2 -> [Folder | Created Date = 10/15/2007 4:37:49 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
trvdekvk.ini -> %System32%\trvdekvk.ini -> [Ver = | Size = 693532 bytes | Created Date = 10/16/2007 4:53:52 AM | Attr = HS]
ue1 -> %System32%\ue1 -> [Folder | Created Date = 10/15/2007 4:37:49 PM | Attr = ]
utqrdhbn.ini -> %System32%\utqrdhbn.ini -> [Ver = | Size = 693970 bytes | Created Date = 10/19/2007 6:16:51 AM | Attr = HS]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
ytfjvsap.ini -> %System32%\ytfjvsap.ini -> [Ver = | Size = 693850 bytes | Created Date = 10/18/2007 6:15:57 AM | Attr = HS]
hosts.20071018-202906.backup -> %System32%\drivers\etc\hosts.20071018-202906.backup -> [Ver = | Size = 4102 bytes | Created Date = 10/18/2007 8:29:06 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 10/19/2007 10:03:16 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 10/19/2007 10:03:16 AM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/20/2007 11:55:26 AM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 10/20/2007 12:00:28 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 10/19/2007 11:51:56 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 10/20/2007 11:55:28 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 10/19/2007 11:35:08 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/20/2007 12:00:36 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/17/2007 6:39:00 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 10/17/2007 6:38:06 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/17/2007 6:39:02 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 10/17/2007 6:38:56 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/17/2007 6:40:02 AM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/20/2007 11:57:26 AM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 135168 bytes | Modified Date = 9/28/2007 9:06:10 AM | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 1847 bytes | Modified Date = 10/5/2007 5:58:50 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 10/20/2007 11:55:50 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 10/19/2007 10:02:48 AM | Attr = R S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/17/2007 6:39:16 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/17/2007 6:39:58 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/18/2007 8:33:12 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/20/2007 11:59:56 AM | Attr = HS]
msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 10/2/2007 9:15:06 PM | Attr = H ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 10/18/2007 8:48:36 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/19/2007 9:54:06 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/18/2007 9:01:22 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/20/2007 11:59:08 AM | Attr = ]
SnVzdGlu -> %SystemRoot%\SnVzdGlu -> [Folder | Modified Date = 10/17/2007 6:41:24 AM | Attr = HS]
system32 -> %System32% -> [Folder | Modified Date = 10/20/2007 11:55:42 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/20/2007 11:55:36 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 10/20/2007 12:00:36 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 217 bytes | Modified Date = 10/18/2007 8:50:12 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/20/2007 11:57:26 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/18/2007 8:33:08 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/20/2007 11:55:58 AM | Attr = ]
cos2 -> %System32%\cos2 -> [Folder | Modified Date = 10/17/2007 8:11:54 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 10/2/2007 9:15:10 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/17/2007 6:40:02 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/20/2007 11:57:48 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 114968 bytes | Modified Date = 10/19/2007 10:02:50 AM | Attr = ]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 535 bytes | Modified Date = 10/18/2007 8:47:16 PM | Attr = ]
oqvpdrbl.ini -> %System32%\oqvpdrbl.ini -> [Ver = | Size = 693652 bytes | Modified Date = 10/18/2007 6:11:50 AM | Attr = HS]
pd2 -> %System32%\pd2 -> [Folder | Modified Date = 10/15/2007 4:37:50 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 10/19/2007 11:51:56 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 10/5/2007 10:07:32 AM | Attr = ]
trvdekvk.ini -> %System32%\trvdekvk.ini -> [Ver = | Size = 693532 bytes | Modified Date = 10/17/2007 6:11:22 AM | Attr = HS]
ue1 -> %System32%\ue1 -> [Folder | Modified Date = 10/15/2007 4:37:50 PM | Attr = ]
utqrdhbn.ini -> %System32%\utqrdhbn.ini -> [Ver = | Size = 693970 bytes | Modified Date = 10/19/2007 10:03:30 AM | Attr = HS]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 10/20/2007 11:59:50 AM | Attr = ]
ytfjvsap.ini -> %System32%\ytfjvsap.ini -> [Ver = | Size = 693850 bytes | Modified Date = 10/18/2007 9:31:42 PM | Attr = HS]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/20/2007 11:57:46 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\ehthumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.6.1.1 | Size = 740442 bytes | Modified Date = 5/10/2007 6:37:16 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 10/5/2007 10:07:32 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 | Attr = ]

< End of report >

#5
Rorschach112

Posted 19 October 2007 - 04:20 PM

Ralphie

Retired Staff
47,710 posts

Hello

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> zzz_ImInstaller_ -> %LocalSettings%\Temporary Internet Files\Content.IE5\8P1BXA7G\incredimail_install[1].exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Fork Mail -> %SystemDrive%\DOCUME~1\Justin\APPLIC~1\BOREMA~1\messgram.exe
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> urqonon -> urqonon.dll
[Files/Folders - Created Within 30 days]
NY -> oqvpdrbl.ini -> %System32%\oqvpdrbl.ini
NY -> trvdekvk.ini -> %System32%\trvdekvk.ini
NY -> utqrdhbn.ini -> %System32%\utqrdhbn.ini
NY -> VFind.exe -> %System32%\VFind.exe
NY -> ytfjvsap.ini -> %System32%\ytfjvsap.ini
[Files/Folders - Modified Within 30 days]
NY -> oqvpdrbl.ini -> %System32%\oqvpdrbl.ini
NY -> trvdekvk.ini -> %System32%\trvdekvk.ini
NY -> utqrdhbn.ini -> %System32%\utqrdhbn.ini
NY -> ytfjvsap.ini -> %System32%\ytfjvsap.ini
[File String Scan - Non-Microsoft Only]
NY -> @Alternate Data Stream - 0 bytes -> %SystemDrive%\ehthumbs.db:encryptable
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Also let me know how your PC is running now.

#6
XJadynX

Posted 19 October 2007 - 04:41 PM

New Member

Topic Starter
Member
9 posts

Here is fix log

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zzz_ImInstaller_ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Fork Mail deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqonon deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\oqvpdrbl.ini moved successfully.
C:\WINDOWS\SYSTEM32\trvdekvk.ini moved successfully.
C:\WINDOWS\SYSTEM32\utqrdhbn.ini moved successfully.
C:\WINDOWS\SYSTEM32\VFind.exe moved successfully.
C:\WINDOWS\SYSTEM32\ytfjvsap.ini moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\SYSTEM32\oqvpdrbl.ini not found!
File C:\WINDOWS\SYSTEM32\trvdekvk.ini not found!
File C:\WINDOWS\SYSTEM32\utqrdhbn.ini not found!
File C:\WINDOWS\SYSTEM32\ytfjvsap.ini not found!
[File String Scan - Non-Microsoft Only]
ADS C:\ehthumbs.db:encryptable deleted successfully.
[Empty Temp Folders]
C:\DOCUME~1\Justin\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 10/20/2007 12:23:50

And here is the new Scan Log

WinPFind3 logfile created on: 10/20/2007 12:35:47 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Justin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

2.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 78.26% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 60.93 Gb Free Space | 42.22% Space Free
Drive D: | 298.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: IKAIKA2
Current User Name: Justin
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 12:20:00 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.8: 2007100816 | Size = 7648616 bytes | Modified Date = 10/20/2007 12:34:22 PM | Attr = ]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 2:56:14 AM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 2:55:58 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 5:44:02 AM | Attr = ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 23 | Size = 552064 bytes | Modified Date = 4/2/2007 6:51:10 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6344 | Size = 155716 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/5/2006 7:27:26 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 6:20:44 PM | Attr = ]
wbload.exe -> %ProgramFiles%\Stardock\Object Desktop\ThemeManager\wbload.exe -> Stardock Systems, Inc [Ver = 4.51 | Size = 437760 bytes | Modified Date = 5/12/2005 11:02:24 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 | Attr = ]
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 2:55:58 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 6:26:40 AM | Attr = ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 23 | Size = 552064 bytes | Modified Date = 4/2/2007 6:51:10 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6344 | Size = 155716 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 12:20:00 AM | Attr = ]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 2:56:14 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 5:44:02 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 5:44:02 AM | Attr = ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 23 | Size = 949376 bytes | Modified Date = 4/2/2007 6:51:10 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6344 | Size = 8478720 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6344 | Size = 81920 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 8/17/2007 4:23:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 5/11/2006 2:14:02 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 6:20:44 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/5/2006 7:27:26 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
IncrediMail -> %ProgramFiles%\IncrediMail\bin\IncMail.exe -> IncrediMail, Ltd. [Ver = 5, 2, 5, 2598 | Size = 204843 bytes | Modified Date = 10/31/2006 2:06:24 PM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found
Steam -> %ProgramFiles%\Steam2\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 10/6/2007 4:48:30 PM | Attr = ]
Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe -> File not found
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 10:27:44 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
WB -> %ProgramFiles%\Stardock\Object Desktop\ThemeManager\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 12/20/2001 11:34:52 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.yahoo.com/?.home=ytie ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://www.yahoo.com/?.home=ytie ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/?.home=ytie ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 12:20:00 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{10E6A399-1201-4080-A6AD-478A592C277C} -> (Intel® PRO/1000 PL Network Connection) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 23 | Size = 298104 bytes | Modified Date = 4/2/2007 6:51:12 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D44720-58E3-49E6-BDF6-D00330E511D3} -> StagingUI Object - CodeBase = http://zone.msn.com/...UI.cab55579.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> - CodeBase = http://www.fileplane...C_2.3.5.107.cab ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> MSN Games – Buddy Invite - CodeBase = http://zone.msn.com/...dy.cab55579.cab ->
{54B52E52-8000-4413-BD67-FC7FE24B59F2} -> EARTPatchX Class - CodeBase = http://simcity.ea.co...date/EARTPX.cab ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ZonePAChat Object - CodeBase = http://zone.msn.com/...at.cab55579.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.mi...b?1188106856882 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.mi...b?1188106846820 ->
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> MJLauncherCtrl Class - CodeBase = http://zone.msn.com/...mjolauncher.cab ->
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} -> UnoCtrl Class - CodeBase = http://zone.msn.com/...O1.cab60096.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} -> MSN Games – Texas Holdem Poker - CodeBase = http://zone.msn.com/...he.cab60231.cab ->
{A4110378-789B-455F-AE86-3A1BFC402853} -> ZPA_SHVL Object - CodeBase = http://zone.msn.com/...vl.cab55579.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> MSN Games - Installer - CodeBase = http://cdn2.zone.msn...ro.cab56649.cab ->
{C36661D7-3590-45B1-80B5-520839E94DAD} -> MaxisSimCity4PatcherX Control - CodeBase = http://simcity.ea.co...ty4PatcherX.cab ->
{CAC181B0-4D70-402D-B571-C596A47D0CE0} -> CBankshotZoneCtrl Class - CodeBase = http://zone.msn.com/...ol.cab56649.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ent/swflash.cab ->
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -> TikGames Online Control - CodeBase = http://zone.msn.com/.../default/ct.cab ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> MSN Games – Game Communicator - CodeBase = http://zone.msn.com/...xy.cab55579.cab ->
{DECEAAA2-370A-49BB-9362-68C3A58DDC62} -> SAIX - CodeBase = http://static.zangoc...5d3c47945c52d3d ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> PopCapLoader Object - CodeBase = http://zone.msn.com/...ploader_v10.cab ->
{E5D419D6-A846-4514-9FAD-97E826C84822} -> HeartbeatCtl Class - CodeBase = http://fdl.msn.com/z...s/heartbeat.cab ->

[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 10/20/2007 12:31:41 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 10/19/2007 10:03:14 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 10/19/2007 10:03:14 AM | Attr = RHS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/19/2007 11:52:05 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 10/15/2007 4:37:44 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 10/19/2007 11:35:07 AM | Attr = ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 10/17/2007 6:38:03 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/17/2007 6:38:59 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 10/17/2007 6:38:53 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/17/2007 6:39:59 AM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 135168 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/20/2007 11:55:48 AM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
SnVzdGlu -> %SystemRoot%\SnVzdGlu -> [Folder | Created Date = 10/15/2007 4:37:57 PM | Attr = HS]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 10/20/2007 12:00:35 PM | Attr = ]
cos2 -> %System32%\cos2 -> [Folder | Created Date = 10/15/2007 4:37:49 PM | Attr = ]
pd2 -> %System32%\pd2 -> [Folder | Created Date = 10/15/2007 4:37:49 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 10/19/2007 11:51:51 AM | Attr = ]
ue1 -> %System32%\ue1 -> [Folder | Created Date = 10/15/2007 4:37:49 PM | Attr = ]
hosts.20071018-202906.backup -> %System32%\drivers\etc\hosts.20071018-202906.backup -> [Ver = | Size = 4102 bytes | Created Date = 10/18/2007 8:29:06 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 10/20/2007 12:31:42 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 10/19/2007 10:03:16 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 10/19/2007 10:03:16 AM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/20/2007 12:33:10 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 10/20/2007 12:00:28 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 10/19/2007 11:51:56 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 10/20/2007 11:55:28 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 10/19/2007 11:35:08 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/20/2007 12:27:44 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/17/2007 6:39:00 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 10/17/2007 6:38:06 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/17/2007 6:39:02 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 10/17/2007 6:38:56 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/17/2007 6:40:02 AM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/20/2007 12:25:16 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 135168 bytes | Modified Date = 9/28/2007 9:06:10 AM | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 1847 bytes | Modified Date = 10/5/2007 5:58:50 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 10/20/2007 12:32:14 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 10/19/2007 10:02:48 AM | Attr = R S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/17/2007 6:39:16 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/17/2007 6:39:58 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/18/2007 8:33:12 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/20/2007 11:59:56 AM | Attr = HS]
msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 10/2/2007 9:15:06 PM | Attr = H ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 10/18/2007 8:48:36 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/19/2007 9:54:06 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/18/2007 9:01:22 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/20/2007 12:26:56 PM | Attr = ]
SnVzdGlu -> %SystemRoot%\SnVzdGlu -> [Folder | Modified Date = 10/17/2007 6:41:24 AM | Attr = HS]
system32 -> %System32% -> [Folder | Modified Date = 10/20/2007 12:23:52 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/20/2007 11:55:36 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 10/20/2007 12:34:58 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 217 bytes | Modified Date = 10/18/2007 8:50:12 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/20/2007 12:25:18 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/20/2007 12:32:44 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/20/2007 11:55:58 AM | Attr = ]
cos2 -> %System32%\cos2 -> [Folder | Modified Date = 10/17/2007 8:11:54 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 10/2/2007 9:15:10 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/17/2007 6:40:02 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/20/2007 11:57:48 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 114968 bytes | Modified Date = 10/19/2007 10:02:50 AM | Attr = ]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 535 bytes | Modified Date = 10/18/2007 8:47:16 PM | Attr = ]
pd2 -> %System32%\pd2 -> [Folder | Modified Date = 10/15/2007 4:37:50 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 10/19/2007 11:51:56 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 10/5/2007 10:07:32 AM | Attr = ]
ue1 -> %System32%\ue1 -> [Folder | Modified Date = 10/15/2007 4:37:50 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 10/20/2007 12:27:38 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/20/2007 11:57:46 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.6.1.1 | Size = 740442 bytes | Modified Date = 5/10/2007 6:37:16 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 10/5/2007 10:07:32 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 | Attr = ]

< End of report >

My computer is running better it seems.... It takes 30 seconds to boot up at the Desktop for some reason... it acts like it's Frozen.. the kicks over and boots up.... the other thing is a program keeps trying to install... though ask me which one it is.. and I'll tell ya I forget ATM.

#7
XJadynX

Posted 19 October 2007 - 04:42 PM

New Member

Topic Starter
Member
9 posts

Here is the MAIN text you asked for

Deckard's System Scanner v20071014.68
Run by Justin on 2007-10-20 12:32:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 3 Restore Point(s) --
3: 2007-10-20 22:32:12 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-10-19 21:52:05 UTC - RP2 - ComboFix created restore point
1: 2007-10-19 21:51:58 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Justin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:20 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Justin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Justin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.5.107.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188106856882
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188106846820
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab60096.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/...he.cab60231.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...5d3c47945c52d3d
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8216 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SSHDRV85 - c:\windows\system32\drivers\sshdrv85.sys <Not Verified; ; ProtectCD>

S2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys (file missing)
S3 catchme - c:\docume~1\justin\locals~1\temp\catchme.sys (file missing)
S3 ELacpi - c:\windows\system32\drivers\elacpi.sys (file missing)
S3 npkcusb - c:\program files\wizet\maplestory\npkcusb.sys (file missing)
S3 pohci13F - c:\docume~1\justin\locals~1\temp\pohci13f.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 wg121 (NETGEAR WG121 802.11g Wireless USB2.0 Adapter) - c:\windows\system32\drivers\wg121nd5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-09-20 and 2007-10-20 -----------------------------

2007-10-20 12:33:09 0 d-------- C:\Program Files\Trend Micro
2007-10-19 11:35:07 0 d-------- C:\VundoFix Backups
2007-10-19 10:03:14 0 -rahs---- C:\MSDOS.SYS
2007-10-19 10:03:14 0 -rahs---- C:\IO.SYS
2007-10-18 20:21:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-15 16:38:08 246 --a------ C:\Program Files\Common Files\lavuf
2007-10-15 16:37:57 0 d--hs---- C:\WINDOWS\SnVzdGlu
2007-10-15 16:37:49 0 d-------- C:\WINDOWS\system32\ue1
2007-10-15 16:37:49 0 d-------- C:\WINDOWS\system32\pd2
2007-10-15 16:37:49 0 d-------- C:\WINDOWS\system32\cos2
2007-10-15 16:37:44 0 d-------- C:\Temp
2007-10-08 22:00:03 0 d-------- C:\Documents and Settings\Justin\Application Data\PlayFirst
2007-10-08 22:00:03 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-08 21:59:56 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-04 19:46:10 0 d-------- C:\Program Files\anywebcam
2007-10-02 21:13:01 0 d-------- C:\Program Files\Common Files\PocketSoft
2007-10-02 21:13:00 0 d-------- C:\Program Files\RedlightCenter

-- Find3M Report ---------------------------------------------------------------

2007-10-20 12:25:34 0 d-------- C:\Program Files\Steam2
2007-10-20 11:55:19 0 d-------- C:\Program Files\Common Files
2007-10-19 09:54:04 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-19 09:53:59 0 d-------- C:\Program Files\Yahoo!
2007-10-18 20:42:02 0 d-------- C:\Program Files\iWin.com Games
2007-10-18 20:40:27 0 d-------- C:\Program Files\GameShadow
2007-10-08 23:35:42 0 d-------- C:\Program Files\MSN Games
2007-10-06 18:26:01 0 d-------- C:\Program Files\World of Warcraft
2007-10-02 21:13:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-30 21:10:49 135882 --a------ C:\Documents and Settings\Justin\Application Data\Cosmos Prefs
2007-09-19 11:06:57 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-19 11:06:57 56 -r-hs--c- C:\WINDOWS\system32\FC1E23DAAB.sys
2007-09-17 11:13:24 0 d-------- C:\Documents and Settings\Justin\Application Data\Sonic
2007-09-17 11:13:18 0 d-------- C:\Documents and Settings\Justin\Application Data\Leadertech
2007-09-16 19:44:37 0 d-------- C:\Program Files\Stardock
2007-09-16 19:44:37 0 d-------- C:\Program Files\Common Files\Stardock
2007-09-10 21:09:56 0 d-------- C:\Documents and Settings\Justin\Application Data\Uniblue
2007-09-10 13:50:28 0 d-------- C:\Program Files\Ubisoft
2007-09-05 19:22:49 0 d-------- C:\Program Files\Sierra
2007-09-04 14:44:44 0 d-------- C:\Documents and Settings\Justin\Application Data\U3
2007-09-04 14:38:51 61678 --a------ C:\Documents and Settings\Justin\Application Data\PFP120JPR.{PB
2007-09-04 14:38:51 12358 --a------ C:\Documents and Settings\Justin\Application Data\PFP120JCM.{PB
2007-09-04 14:38:49 0 d-------- C:\Documents and Settings\Justin\Application Data\Corel
2007-09-02 00:00:09 0 d-------- C:\Documents and Settings\Justin\Application Data\uTorrent
2007-08-28 20:13:11 0 d-------- C:\Documents and Settings\Justin\Application Data\Bioshock
2007-08-25 21:09:51 0 d-------- C:\Program Files\2K Games
2007-08-25 21:09:41 0 d-------- C:\Documents and Settings\Justin\Application Data\InstallShield
2007-08-25 20:49:22 5956 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-24 15:44:46 0 dr-h----- C:\Documents and Settings\Justin\Application Data\SecuROM
2007-08-17 16:23:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-08-17 16:23:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-08-17 16:23:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-08-17 16:23:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-08-17 16:23:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-08-17 16:23:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-08-17 16:23:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-08-17 16:23:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-08-17 16:23:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 09:01 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 06:20 PM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 02:56 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 05:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 05:44 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 12:20 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/11/2006 02:14 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/05/2006 07:27 PM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [04/02/2007 06:51 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/17/2007 04:23 PM]
"nwiz"="nwiz.exe" [08/17/2007 04:23 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/17/2007 04:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [10/31/2006 02:06 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"Steam"="C:\Program Files\Steam2\Steam.exe" [10/06/2007 04:48 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 12/20/2001 11:34 PM 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ef6c55-464f-11dc-85b4-0013721812a6}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9089f04-5b46-11dc-85db-0013721812a6}]
AutoRun\command- F:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2007-10-20 12:33:51 ------------

AND HERE IS THE EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2046.09 MiB / 1612.01 MiB
Pagefile Memory (total/avail): 3938.2 MiB / 3675.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.85 MiB

C: is Fixed (NTFS) - 144.32 GiB total, 60.94 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ/P - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 144.32 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Justin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IKAIKA2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Justin
LOGONSERVER=\\IKAIKA2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Justin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Justin\LOCALS~1\Temp
USERDOMAIN=IKAIKA2
USERNAME=Justin
USERPROFILE=C:\Documents and Settings\Justin
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Justin (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Caesar IV --> C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Counter-Strike: Source --> "C:\Program Files\Steam2\steam.exe" steam://uninstall/240
Day of Defeat: Source --> "C:\Program Files\Steam2\steam.exe" steam://uninstall/300
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
FlashBoot 1.4.0.157 --> "C:\Program Files\FlashBoot\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iDailyDiary 3.20 --> "C:\Program Files\iDailyDiary\unins000.exe"
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Intel® Viiv™ --> MsiExec.exe /X{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MUSHclient (remove only) --> C:\Program Files\MUSHclient\uninstall.exe
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RedLightCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35C73A54-1428-4893-B041-58AA594F4ACD}\setup.exe" -l0x9
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Shareaza version 2.2.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
Silent Hunter 4 Wolves of the Pacific --> C:\Program Files\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0009 -removeonly
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The Station Access Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{486C9B67-788E-4144-B7C1-810F0F7CE871}\setup.exe" -l0x9
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989}
Wild Hawaii 2006 Screen Saver --> C:\Documents and Settings\All Users\Application Data\Softdisk LLC\Screen Saver Studio\Wild Hawaii 2006\UNINSTAL.EXE
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
World of Warcraft Desktop --> C:\PROGRA~1\Stardock\OBJECT~1\THEMEM~1\thememgr.exe /uninstallwise
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1632 / Warning
Event Submitted/Written: 10/20/2007 00:25:33 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}', feature 'SoleFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type1631 / Warning
Event Submitted/Written: 10/20/2007 00:25:33 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}', feature 'SoleFeature', component '{71264A65-7637-11D5-8B40-00105A9846E9}' failed. The resource 'C:\WINDOWS\Downloaded Program Files\dwusplay.dll' does not exist.

Event Record #/Type1629 / Error
Event Submitted/Written: 10/20/2007 00:10:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WinPFind3U.exe, version 1.0.42.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1628 / Error
Event Submitted/Written: 10/20/2007 00:09:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WinPFind3U.exe, version 1.0.42.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1627 / Warning
Event Submitted/Written: 10/20/2007 11:59:55 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}', feature 'SoleFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type5562 / Error
Event Submitted/Written: 10/20/2007 00:26:52 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The NOD32 Kernel Service service hung on starting.

Event Record #/Type5558 / Error
Event Submitted/Written: 10/20/2007 00:25:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type5534 / Error
Event Submitted/Written: 10/20/2007 11:59:03 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The NOD32 Kernel Service service hung on starting.

Event Record #/Type5533 / Error
Event Submitted/Written: 10/20/2007 11:57:54 AM
Event ID/Source: 34 / W32Time
Event Description:
The time service has detected that the system time needs to be
changed by -86398 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.130.100:123) is working properly.

Event Record #/Type5529 / Error
Event Submitted/Written: 10/20/2007 11:57:39 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

-- End of Deckard's System Scanner: finished at 2007-10-20 12:33:51 ------------

#8
Rorschach112

Posted 19 October 2007 - 04:56 PM

Ralphie

Retired Staff
47,710 posts

Well your logs are looking good. Not sure about your start up problems, doesn't seem to be malware related.

Next download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Let me know if you are having any problems after that.

#9
XJadynX

Posted 19 October 2007 - 05:56 PM

New Member

Topic Starter
Member
9 posts

Call me an idiot... I did everything you said and forgot to save the report < sighs > I'll have to do it again later as I have to leave for now.... I'll repost later on if that's okay..... I would like to say thank you now before I forget.. for helping me with this... Nod is no long detecting anything running in the active Memory.... Mahalo Nui

Justin

#10
Rorschach112

Posted 19 October 2007 - 06:00 PM

Ralphie

Retired Staff
47,710 posts

I'm glad I could be of help. You can do this instead when your back

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.