Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Humbly Requesting Assistance [RESOLVED]

Started by Domar , Jan 06 2008 11:05 PM

  • This topic is locked This topic is locked

#1
Domar
Posted 06 January 2008 - 11:05 PM

Domar

    New Member

  • Member
  • Pip
  • 7 posts
Hey there, this is my first time here, lemme explain what my problem is, my girlfriend asked me a few weeks ago to find a free game for her friend, so i go, i find what appears to be the game, i send it over to her, she installs it, plays it for a while, gets bored, a friend gets on, i send it to her, shes having trouble in the install, so i figure i'll install it too, help out step by step, y'know? BitDefender warns me theres a trojan in the file, specifically Trojan.Bzub.NGP, but that it has blocked it from infecting my computer, i checked online for any free antivirus which has the ability to get rid of that certain one, and i found one, counter spy, so i grabbed it, sent it to the both of them to try to get rid of the virus from their comps, they apparently did get free of it cause they haven't voiced any concerns about it since. Now, i'm figuring everything is fine, until a day or two after that, when bitdefender is telling me that it has blocked the same trojan from doing something, so i look into it, find somehow it was able to infect my computer, creating the file advpac.dll in my system32 folder(obviously so people would pass it up, due to it being next to advpack.dll), ran a full virus scan with bitdefender, it found only that same virus again, but for some reason it couldn't disinfect or move to quarantine, all it could do was block it from doing more to my system.

So of course i decided to try out the counterspy program, didn't help, still had the virus, swapped back to bitdefender, and found during the time between the antivirus swaps, it had grabbed more viruses onto my comp, so i got rid of them, i of course tried manually deleting the file, no luck, i tried un-registering it as a dll, it couldn't, i even tried out three deleting programs which can bypass any type of write protection, apparently, but even they couldn't get rid of it, its been on here for over a week and my system restores only go back 5 days, so i'm stuck with a virus on here with apparently only reformatting to get rid of it(which isn't an option, i've got gigs upon gigs of stuff on here i can't lose, and my cd burner no longer burns cds). I've been able to help everyone i know to get rid of viruses and whatever other comp problems they need help with, and its hard to admit, but i am totally stumped on what to do, so i'm swallowing my geek pride and coming to you for help. Is there any way you guys know to get rid of this thing? i read the rules for posting and stuff, and got a hijack thing to put up, so here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:29 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
c:\program files\softwin\bitdefender10\bdmcon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {449402D2-0B6C-4018-B1D2-7CB124D15DFC} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: {94e109f1-cfd3-494a-1d14-7330b7cc7ec4} - {4ce7cc7b-0337-41d1-a494-3dfc1f901e49} - C:\WINDOWS\system32\mkcjxlsy.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {80BB55D5-0982-4A14-95AE-B5B293FF85B6} - C:\WINDOWS\system32\rqrpppm.dll (file missing)
O2 - BHO: (no name) - {C5391850-22D6-430D-BBBD-D13D76330CD7} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDAgent] C:\Program Files\Softwin\BitDefender10\bdagent.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Program Files\Advanced System Optimizer\startUp manager.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F18085-77C3-4363-8095-F8EB16784146}: NameServer = 74.128.1.33,74.128.1.31
O20 - Winlogon Notify: rqrpppm - rqrpppm.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8069 bytes
  • 0

Advertisements

#2
BHowett
Posted 07 January 2008 - 09:24 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your query and we will go through it again.

The fixes may take several attempts and my replies may take some time but stick with it, and we will be sure to get you sorted.

NOTE: I am still in training so I have to let the experts check the content of my fixes before I post them. This may take a little longer but the fixes will be verified and correct.

I will post your first set of instructions shortly.
  • 0

#3
BHowett
Posted 07 January 2008 - 12:05 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Domar,

Well things aren’t looking that bad so you should be fine, and I think we can get around reformatting.

P2P Warning!

I see you are using BitComet please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur .

Please decide if you want to keep using P2P so I can put it in my next speech of you don't want to keep it.
===============================================


Fix with HijackThis

(You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.)


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {449402D2-0B6C-4018-B1D2-7CB124D15DFC} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: {94e109f1-cfd3-494a-1d14-7330b7cc7ec4} - {4ce7cc7b-0337-41d1-a494-3dfc1f901e49} - C:\WINDOWS\system32\mkcjxlsy.dll (file missing)
O2 - BHO: (no name) - {80BB55D5-0982-4A14-95AE-B5B293FF85B6} - C:\WINDOWS\system32\rqrpppm.dll (file missing)
O2 - BHO: (no name) - {C5391850-22D6-430D-BBBD-D13D76330CD7} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O20 - Winlogon Notify: rqrpppm - rqrpppm.dll (file missing)

 Now close all windows other than HiJackThis (especially Internet Explorer!), then click Fix Checked. Close HiJackThis. Reboot into safe mode..(Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.)

Using Windows Explorer (to get there right-click your Start button and go to "My Computer"or Hold down the Windows Key + E ), please delete these files (if present):

C:\WINDOWS\system32\advpac.dll


After that, Reboot, and post a new HijackThis log here in your reply.
  • 0

#4
Domar
Posted 07 January 2008 - 02:17 PM

Domar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi there BHowett, thank you for taking the time to respond to my problem here, first off, i can't get rid of bitcomet, its vital for sharing files with friends, i find that sites such as megaupload or rapidshare take forever to upload files and then they limit the amount of data you can download from them, i used to use file transfers over instant messaging programs, but those will suddenly stop for no reason, which gets old fast. Well, i went ahead and opened Hijack This, did a system scan without a log, i checked all 5 of the things you asked me to, and i clicked fix selected, when i did, i got a warning that the virus in advpac.dll was doing something, but was stopped by my antivirus, the hijack this window went blank, and i closed it, then reset the computer and booted up in safe mode, i went into the folder where advpac.dll is, and tried deleting it, but ran into the same problem yet again, its still write-protected and unable to delete, heres the new hijackthis log you asked for, i saw that advpac.dll was still on there despite doing the fix thing earlier, perhaps i need something to prevent it from registering it back onto my computer, or whatever its doing? if i could get more help, i'd greatly appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:38 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {449402D2-0B6C-4018-B1D2-7CB124D15DFC} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDAgent] C:\Program Files\Softwin\BitDefender10\bdagent.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F18085-77C3-4363-8095-F8EB16784146}: NameServer = 74.128.1.33,74.128.1.31
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7775 bytes
  • 0

#5
BHowett
Posted 07 January 2008 - 05:05 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Domar,

Don’t worry :) , lets take a closer look and see what we are working with .

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#6
Domar
Posted 07 January 2008 - 06:37 PM

Domar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Alright, i went ahead and did that, i should tell you that, i tried to install a newer version of bitdefender, 2008, but found that my product key won't work on it, so i swapped back over to the v10, along with that, i installed trendmicro's internet security, and norton, and both of them have had really sloppy uninstalls(especially norton, its liveupdate feature still boots up and complains that it can't find new updates and stuff, really annoying), so if you guys possibly know how to get their remaining stuff off my comp, that'd be cool, but it takes a backseat to my current predicament, also, during the dss scan, bitdefender found a delf virus in my temp files.

Deckard's System Scanner v20071014.68
Run by Nick on 2008-01-07 19:23:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
19: 2008-01-08 00:23:57 UTC - RP335 - Deckard's System Scanner Restore Point
18: 2008-01-07 01:36:09 UTC - RP334 - Installed BitDefender Internet Security v10
17: 2008-01-07 01:30:16 UTC - RP333 - Removed BitDefender Internet Security v10
16: 2008-01-07 00:39:50 UTC - RP332 - Installed BitDefender Internet Security v10
15: 2008-01-07 00:33:31 UTC - RP331 - Removed BitDefender Internet Security 2008


-- First Restore Point --
1: 2008-01-02 13:00:42 UTC - RP317 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.86 GiB (less than 15%) free.


-- HijackThis (run as Nick.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:01 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\Nick\Desktop\dss.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {449402D2-0B6C-4018-B1D2-7CB124D15DFC} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDAgent] C:\Program Files\Softwin\BitDefender10\bdagent.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F18085-77C3-4363-8095-F8EB16784146}: NameServer = 74.128.1.33,74.128.1.31
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7782 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080107-145756-176 O2 - BHO: {94e109f1-cfd3-494a-1d14-7330b7cc7ec4} - {4ce7cc7b-0337-41d1-a494-3dfc1f901e49} - C:\WINDOWS\system32\mkcjxlsy.dll (file missing)
backup-20080107-145756-227 O2 - BHO: (no name) - {C5391850-22D6-430D-BBBD-D13D76330CD7} - C:\WINDOWS\system32\vtsqp.dll (file missing)
backup-20080107-145756-317 O20 - Winlogon Notify: rqrpppm - rqrpppm.dll (file missing)
backup-20080107-145756-413 O2 - BHO: (no name) - {80BB55D5-0982-4A14-95AE-B5B293FF85B6} - C:\WINDOWS\system32\rqrpppm.dll (file missing)
backup-20080107-145756-570 O2 - BHO: (no name) - {449402D2-0B6C-4018-B1D2-7CB124D15DFC} - C:\WINDOWS\system32\advpac.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ioiurygw - c:\windows\system32\drivers\idnuomof.dat
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 bdftdif (BitDefender Firewall TDI Filter) - c:\program files\common files\softwin\bitdefender firewall\bdftdif.sys <Not Verified; Softwin SRL; BitDefender 10>
R1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys <Not Verified; Softwin SRL; BitDefender 10>
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 Bdfndisf (BitDefender Firewall NDIS Filter Service) - c:\windows\system32\drivers\bdfndisf.sys <Not Verified; Softwin SRL; BitDefender 10>
R3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 powervr - c:\windows\system32\drivers\powervr.sys <Not Verified; Imagination Technologies Ltd.; KYRO>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: VIA/S3G UniChrome Pro IGP
Device ID: PCI\VEN_1106&DEV_3108&SUBSYS_12031565&REV_01\4&3600494A&0&0008
Manufacturer: VIA/S3G
Name: VIA/S3G UniChrome Pro IGP
PNP Device ID: PCI\VEN_1106&DEV_3108&SUBSYS_12031565&REV_01\4&3600494A&0&0008
Service: viagfx


-- Scheduled Tasks -------------------------------------------------------------

2008-01-01 23:31:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-07 and 2008-01-07 -----------------------------

2008-01-06 23:37:09 0 d-------- C:\Program Files\Trend Micro
2008-01-06 20:37:05 0 d-------- C:\Documents and Settings\Nick\Application Data\Bitdefender
2008-01-06 20:36:13 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-01-04 16:45:11 0 d-------- C:\Documents and Settings\LocalService\Start Menu <STARTM~1>
2008-01-04 16:22:30 0 d-------- C:\Program Files\BitDefender
2008-01-04 16:11:57 0 d-------- C:\Program Files\Common Files\BitDefender
2008-01-01 23:34:24 0 d-------- C:\Program Files\iPod
2008-01-01 23:34:00 0 d-------- C:\Program Files\iTunes
2007-12-30 04:30:29 0 d-------- C:\Documents and Settings\Nick\Application Data\Systweak
2007-12-30 04:29:01 0 d-------- C:\Program Files\Advanced System Optimizer
2007-12-29 01:19:40 0 d-------- C:\Program Files\Cygnus
2007-12-28 18:33:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-26 14:18:51 19456 --a------ C:\WINDOWS\system32\drivers\idnuomof.dat
2007-12-26 14:18:19 84992 --a------ C:\WINDOWS\system32\advpac.dll
2007-12-25 23:35:06 0 d-------- C:\Program Files\QuickTime
2007-12-25 01:27:45 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-12-25 01:27:45 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-25 01:15:43 0 d-------- C:\Documents and Settings\Nick\Application Data\Sunbelt Software
2007-12-25 01:05:16 390299 --ahs---- C:\WINDOWS\system32\pqstv.ini2
2007-12-22 22:13:33 0 d-------- C:\Program Files\GameTap
2007-12-22 22:13:33 0 d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-12-12 13:47:40 0 d--h----- C:\Documents and Settings\Nick\QMCache00 <QMCACH~1>
2007-12-12 13:47:39 0 d-------- C:\Documents and Settings\Nick\Application Data\Move Networks
2007-12-09 19:53:11 0 d-------- C:\Program Files\PeerGuardian2


-- Find3M Report ---------------------------------------------------------------

2008-01-07 19:23:53 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-07 05:10:12 0 d-------- C:\Program Files\Zoom Player
2008-01-06 20:35:45 0 d-------- C:\Program Files\Common Files
2008-01-04 20:49:00 0 d-------- C:\Program Files\Steam
2008-01-01 23:35:42 0 d-------- C:\Program Files\DivX
2007-12-30 05:00:45 0 d-------- C:\Program Files\Fire Client
2007-12-22 22:13:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 18:27:31 0 d-------- C:\Program Files\psx emulation cheater
2007-12-21 14:00:32 0 d-------- C:\Program Files\WarRock
2007-12-18 00:32:42 0 d-------- C:\Program Files\World of Warcraft
2007-12-11 16:23:34 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-12-03 00:37:53 0 d-------- C:\Program Files\MindArk
2007-12-03 00:30:46 0 d-------- C:\Documents and Settings\Nick\Application Data\Nexon
2007-11-28 23:19:09 0 d-------- C:\Program Files\Microsoft Games
2007-11-28 23:17:32 0 d-------- C:\Program Files\MagicISO
2007-11-27 22:41:41 0 d-------- C:\Program Files\GameSpy Arcade
2007-11-25 07:00:53 0 d-------- C:\Program Files\Age of Empires 2
2007-11-22 19:07:35 0 d-------- C:\Program Files\Sierra
2007-11-22 18:51:45 0 d-------- C:\Program Files\Java
2007-11-22 18:46:01 0 d-------- C:\Program Files\DAEMON Tools
2007-11-20 22:36:42 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-11-20 22:27:15 0 d-------- C:\Program Files\THQ
2007-11-11 23:38:39 0 d-------- C:\Program Files\Electronic Arts
2007-11-03 15:52:57 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-10-20 16:54:00 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{449402D2-0B6C-4018-B1D2-7CB124D15DFC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 09:32 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 PM]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/2007 03:49 PM]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [04/02/2007 04:48 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/18/2006 03:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/07/2007 01:08 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [10/30/2006 10:01 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/17/2007 06:53 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [06/22/2007 11:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqp.dll




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7822 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-07 19:25:48 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 958.42 MiB / 432.55 MiB
Pagefile Memory (total/avail): 2312.89 MiB / 1849.47 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.14 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 298.08 GiB total, 0.86 GiB free.
D: is CDROM (Unformatted)
E: is Fixed (NTFS) - 114.48 GiB total, 28.95 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6Y120L0 - 114.49 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 114.48 GiB - E:

\\.\PHYSICALDRIVE0 - WDC WD3200AAJB-00TYA0 - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Bitdefender Firewall v8.0 (Softwin)
AV: Bitdefender Antivirus v8.0 (Softwin)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1151 (Trend Micro, Inc.) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Trillian\\trillian.exe"="E:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\\sysreset\\mirc.exe"="E:\\sysreset\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"E:\\Program Files\\FlashGet\\FlashGet.exe"="E:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonJP\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonJP\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nick\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DOMAR-G7
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nick
LOGONSERVER=\\DOMAR-G7
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nick\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nick\LOCALS~1\Temp
USERDOMAIN=DOMAR-G7
USERNAME=Nick
USERPROFILE=C:\Documents and Settings\Nick
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Nick (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3GP Video Converter 3 --> C:\Program Files\Xilisoft\3GP Video Converter 3\Uninstall.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced System Optimizer --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The Asian Dynasties --> C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
Alien Shooter - Vengeance --> C:\Program Files\Alien Shooter - Vengeance\Uninstall\uninstall.exe /C "/U:C:\Program Files\Alien Shooter - Vengeance\Uninstall\uninstall.xml"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
balldroppings --> C:\Program Files\balldroppings\Uninstal.exe
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Single Player v1.3.0.0 --> C:\Program Files\Electronic Arts\Battlefield 2142\mods\2142_sp\Uninstall MiniMod 1.3.0.0.
BitComet 0.94 --> C:\Program Files\BitComet\uninst.exe
BitDefender Internet Security v10 --> MsiExec.exe /I{8A36FA9C-E350-41F0-B339-F040297F4C6C}
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
CC File Transfer 2.8 --> "C:\Program Files\CC File Transfer\unins000.exe"
Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Cygnus Hex Editor --> C:\PROGRA~1\Cygnus\UNWISE.EXE C:\PROGRA~1\Cygnus\INSTALL.LOG
DesuBuddy --> C:\Program Files\DesuBuddy\Uninstal.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dungeon Siege Legends of Aranna --> "C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
Entropia Universe --> C:\Program Files\MindArk\Entropia Universe\Uninstall.exe
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
FEARCombat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
Fire Client v2.14 --> "C:\Program Files\Fire Client\unins000.exe"
FlashGet 1.8.8.1009 --> E:\Program Files\FlashGet\uninst.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KYRO --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PowerVR\KYRO\Uninst.isu" -c"C:\Program Files\PowerVR\SharedUninst\pmxgenin.dll"
Lineage II --> C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
Linksys EasyLink Advisor 1.5 (1044) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LuniaGSP --> "C:\LuniaGSP\uninstall.exe"
MapleStory --> MsiExec.exe /I{99217575-1F9D-438A-A2E9-D8FC1D96A04F}
MegaLeecher --> "C:\Program Files\MegaLeecher\Uninstall.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "E:\sysreset\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
My Screen Recorder Pro 2.3 --> "C:\Program Files\Deskshare\My Screen Recorder Pro\unins000.exe"
Nethergate --> MsiExec.exe /I{1DED5EFD-410A-48DB-909A-2B2022BB50D2}
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerVR Tools --> C:\WINDOWS\system32\pmxinit.exe -RemoveCPLPages
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Ragnarok Online --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU1FB0.inf
Ragnarok Sakray --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU1FB6.inf
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Retribution --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\STARCR~1\maps\RETRIB~1\Uninst.isu
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RPGXP --> MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Shattered Galaxy --> C:\PROGRA~1\KRU\SHATTE~1\UNWISE.EXE C:\PROGRA~1\KRU\SHATTE~1\INSTALL.LOG
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Soldat 1.4.1 --> "C:\Soldat\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Swiff Player 1.1 --> "C:\Program Files\GlobFX Technologies\Swiff Player\unins000.exe"
Trickster Online --> C:\Trickster Online\uninst.exe
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0297 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Voyage Century Online 1.21 --> "C:\Program Files\Voyage Century Online\unins000.exe"
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
WoWgasmic Launcher --> rundll32.exe dfshim.dll,ShArpMaintain WoWgasmic Launcher.application, Culture=neutral, PublicKeyToken=aabc5c675aa301fd, processorArchitecture=msil
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZDaemon (remove only) --> "C:\Program Files\ZDaemon\uninstall.exe"
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type6375 / Error
Event Submitted/Written: 01/06/2008 07:35:37 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: BitDefender Internet Security v10 -- Please restart your computer to install the new version of BitDefender Internet Security v10.

Event Record #/Type6332 / Error
Event Submitted/Written: 01/05/2008 02:51:22 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 - Update '{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Event Record #/Type6302 / Error
Event Submitted/Written: 01/05/2008 01:03:59 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: BitDefender Internet Security v10 -- A newer version of BitDefender Internet Security v10 has been detected on this computer, and has to be uninstalled in order to continue this installation.

Event Record #/Type6301 / Warning
Event Submitted/Written: 01/05/2008 01:03:52 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type6267 / Error
Event Submitted/Written: 01/04/2008 07:19:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application startup manager.exe, version 2.20.4.749, faulting module mfc71.dll, version 7.10.3077.0, fault address 0x00019d56.
Processing media-specific event for [startup manager.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27155 / Error
Event Submitted/Written: 01/07/2008 03:08:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type27151 / Error
Event Submitted/Written: 01/07/2008 03:06:46 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type27150 / Error
Event Submitted/Written: 01/07/2008 03:03:20 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AmdK8
bdftdif
bdpredir
BIOS
Fips
IPSec
MRxSmb
NetBIOS
NetBT
prodrv06
RasAcd
Rdbss
SCDEmu
Tcpip

Event Record #/Type27149 / Error
Event Submitted/Written: 01/07/2008 03:03:20 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type27148 / Error
Event Submitted/Written: 01/07/2008 03:03:20 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-01-07 19:25:48 ------------
  • 0

#7
BHowett
Posted 08 January 2008 - 09:51 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Domar,

We will clean out Norton in a bit but first, Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#8
Domar
Posted 08 January 2008 - 02:36 PM

Domar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, i was pretty sure i didn't have the vundo virus, just the bzub and delf, but i went ahead and grabbed that program anyway, i started up the scan and two minutes later bitdefender suddenly crashed, i couldn't send the error report, and it refused to boot back up, i allowed the vundo scan to continue and finish, but it found nothing, so it closed, i restarted my computer and bitdefender was able to boot back up, now what?

Whoops, i'm sorry, i didn't read the part of your post which said to put the logs in my reply, here they are.

VundoFix V6.7.7

Checking Java version...

Scan started at 3:15:15 PM 1/8/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:41 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {449402D2-0B6C-4018-B1D2-7CB124D15DFC} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDAgent] C:\Program Files\Softwin\BitDefender10\bdagent.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F18085-77C3-4363-8095-F8EB16784146}: NameServer = 74.128.1.33,74.128.1.31
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7813 bytes

Edited by Domar, 08 January 2008 - 06:37 PM.

  • 0

#9
BHowett
Posted 08 January 2008 - 10:05 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Domar,

There is some evidence of a vundo infection in you DSS log so lets try this tool.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply.


Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#10
Domar
Posted 08 January 2008 - 10:38 PM

Domar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Woo! thank you very very much, during the combofix run i noticed that it showed up with what it was deleting, and one of them was advpac.dll, after the log was formed i went to the system32 folder, and it was gone, well, heres the two logs you were asking for. I was starting to believe that i'd never get rid of that thing, this is very appreciated.

ComboFix 08-01-09.2 - Nick 2008-01-08 23:14:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.393 [GMT -5:00]
Running from: C:\Documents and Settings\Nick\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\advpac.dll
C:\WINDOWS\system32\drivers\idnuomof.dat
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\wnrmlmhb.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_IOIURYGW
-------\LEGACY_SFSYNC02
-------\ioiurygw
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-08 23:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 15:15 . 2008-01-08 15:15 <DIR> d-------- C:\VundoFix Backups
2008-01-07 19:23 . 2008-01-07 19:23 <DIR> d-------- C:\Deckard
2008-01-06 23:37 . 2008-01-06 23:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 20:37 . 2008-01-06 20:37 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Bitdefender
2008-01-06 20:36 . 2008-01-06 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-01-04 21:52 . 2008-01-04 21:52 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-04 16:26 . 2008-01-06 19:33 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-04 16:22 . 2008-01-04 16:22 <DIR> d-------- C:\Program Files\BitDefender
2008-01-04 16:11 . 2008-01-06 19:34 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-01-01 23:37 . 2008-01-08 22:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 23:37 . 2008-01-01 23:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-01 23:34 . 2008-01-01 23:35 <DIR> d-------- C:\Program Files\iTunes
2008-01-01 23:34 . 2008-01-01 23:34 <DIR> d-------- C:\Program Files\iPod
2007-12-30 04:30 . 2007-12-30 04:30 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Systweak
2007-12-30 04:29 . 2007-12-30 06:20 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2007-12-29 01:19 . 2007-12-29 01:19 <DIR> d-------- C:\Program Files\Cygnus
2007-12-28 18:33 . 2007-12-28 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-25 23:35 . 2007-12-25 23:37 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 01:27 . 2007-12-25 01:27 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-12-25 01:27 . 2007-12-25 01:27 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-25 01:15 . 2007-12-25 01:15 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Sunbelt Software
2007-12-22 22:13 . 2007-12-22 22:13 <DIR> d-------- C:\Program Files\GameTap
2007-12-22 22:13 . 2007-12-24 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-12-12 13:47 . 2007-12-12 13:48 <DIR> d--h----- C:\Documents and Settings\Nick\QMCache00
2007-12-12 13:47 . 2007-12-12 13:47 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Move Networks
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 19:53 . 2008-01-08 23:26 <DIR> d-------- C:\Program Files\PeerGuardian2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 22:30 --------- d-----w C:\Program Files\Zoom Player
2008-01-05 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 01:49 --------- d-----w C:\Program Files\Steam
2008-01-02 04:35 --------- d-----w C:\Program Files\DivX
2007-12-30 10:00 --------- d-----w C:\Program Files\Fire Client
2007-12-23 03:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 23:27 --------- d-----w C:\Program Files\psx emulation cheater
2007-12-21 19:00 --------- d-----w C:\Program Files\WarRock
2007-12-18 05:32 --------- d-----w C:\Program Files\World of Warcraft
2007-12-11 21:23 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-12-03 05:37 --------- d-----w C:\Program Files\MindArk
2007-12-03 05:30 --------- d-----w C:\Documents and Settings\Nick\Application Data\Nexon
2007-11-29 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-11-29 04:19 --------- d-----w C:\Program Files\Microsoft Games
2007-11-29 04:17 --------- d-----w C:\Program Files\MagicISO
2007-11-28 03:41 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-25 12:00 --------- d-----w C:\Program Files\Age of Empires 2
2007-11-23 00:07 --------- d-----w C:\Program Files\Sierra
2007-11-22 23:51 --------- d-----w C:\Program Files\Java
2007-11-22 23:46 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-22 23:43 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 03:27 --------- d-----w C:\Program Files\THQ
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 04:38 --------- d-----w C:\Program Files\Electronic Arts
2007-10-20 21:54 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-09-28 00:57 56 --sh--r C:\WINDOWS\system32\95851D467E.sys
2007-09-30 16:18 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 13:08 4670968]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 10:01 392832]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 06:53 171464]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 11:56 919280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48 290816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-18 15:25 7630848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 10:39]
R1 bdftdif;BitDefender Firewall TDI Filter;C:\Program Files\Common Files\Softwin\BitDefender Firewall\bdftdif.sys [2007-02-02 17:41]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 01:23]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-13 13:52]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 17:40]
S3 powervr;powervr;C:\WINDOWS\system32\DRIVERS\powervr.sys [2004-09-22 11:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 04:31:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 23:26:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\sockspy.dll
.
Completion time: 2008-01-08 23:31:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 04:31:54
.
2008-01-05 12:44:02 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:25 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDAgent] C:\Program Files\Softwin\BitDefender10\bdagent.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F18085-77C3-4363-8095-F8EB16784146}: NameServer = 74.128.1.33,74.128.1.31
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7714 bytes
  • 0

Advertisements

#11
BHowett
Posted 09 January 2008 - 09:00 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Domar,

Well good news advpac.dll and vundo appear to be gone, so well done :) All we have left is to look in to a 3rd party firewall and clean up Norton .

But just a heads up from what I gather looking at your logs there is reference to BitDefender TrendMicro, and Norton. It appears you are using BitDefender as AV, and have since uninstalled TrendMicro, and Norton, but I want you to know that it is critical that you only use one Antivirus and one firewall.


Download Firewall

I don't see any firewall in your HijackThis log, so I assume you use windows firewall.

It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are:
Tutorial about Firewalls can be found here

===============================================


Download and run the Norton Removal Tool

Please visit Symantec support by clicking HERE

Choose the Norton product you had installed.

Then follow the steps listed on the page that opens.

===============================================


Please post a new Deckard's System Scanner log for me to take a look at.
  • 0

#12
Domar
Posted 09 January 2008 - 06:04 PM

Domar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ah, don't worry about my firewall, i'm using bitdefender internet security, it has a firewall built-in, which i've found to work excellently, even better than zonealarm's(which was what i was using before i swapped to bitdefender a few years back), now, unfortunately, i don't actually remember the version of norton that i was using, it was quite a while ago and i've got a bad memory, i cannot find anything in the files it left behind to indicate which version i was using at the time, i just remember it didn't perform all that well and when i tried to uninstall, it didn't do it cleanly, leaving behind many things such as the auto updater, a few core components which boot up along with my computer that do nothing except eat up my ram, a few registries, and perhaps worst of all, all of the viruses it quarantined were left in the quarantine folder after uninstall without being disinfected, which was around 20 of them, and i needed to go to great lengths to get them under control again, i know that i'm never using norton antivirus again due to this horrible performance.
  • 0

#13
BHowett
Posted 09 January 2008 - 09:12 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Domar,

That’s ok we can do it the hard way ……


Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

LiveUpdate 3.1
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1


Delete bad services

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop Automatic LiveUpdate Scheduler
sc stop CLTNetCnService
sc stop LiveUpdate
sc stop Symantec Core LC
sc delete Automatic LiveUpdate Scheduler
sc delete CLTNetCnService
sc delete LiveUpdate
sc delete Symantec Core LC

exit



Double click FixServices.bat. A window will open and close. This is normal.
===============================================

Delete folders

Using Windows Explorer (to get there right-click your Start button and go to "My Computer"or Hold down the Windows Key + E ), please delete these folders (if present):

C:\Program Files\Symantec
C:\Program Files\Common Files\Symantec Shared

===============================================


click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

thanks,
  • 0

#14
Domar
Posted 09 January 2008 - 11:08 PM

Domar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
M'kay, i followed your directions to the letter, heres the main and extra txts.

Deckard's System Scanner v20071014.68
Run by Nick on 2008-01-10 00:01:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-01-10 05:01:37 UTC - RP341 - Deckard's System Scanner Restore Point
9: 2008-01-10 04:57:54 UTC - RP340 - Removed Java™ 6 Update 2
8: 2008-01-10 04:57:03 UTC - RP339 - Removed Java™ SE Runtime Environment 6 Update 1
7: 2008-01-09 08:00:22 UTC - RP338 - Software Distribution Service 3.0
6: 2008-01-09 04:13:18 UTC - RP337 - ComboFix created restore point


-- First Restore Point --
1: 2008-01-07 00:39:50 UTC - RP332 - Installed BitDefender Internet Security v10


Performed disk cleanup.

System Drive C: has 2.65 GiB (less than 15%) free.


-- HijackThis (run as Nick.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:43 AM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\Nick\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDAgent] C:\Program Files\Softwin\BitDefender10\bdagent.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F18085-77C3-4363-8095-F8EB16784146}: NameServer = 74.128.1.33,74.128.1.31
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7590 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080107-145756-176 O2 - BHO: {94e109f1-cfd3-494a-1d14-7330b7cc7ec4} - {4ce7cc7b-0337-41d1-a494-3dfc1f901e49} - C:\WINDOWS\system32\mkcjxlsy.dll (file missing)
backup-20080107-145756-227 O2 - BHO: (no name) - {C5391850-22D6-430D-BBBD-D13D76330CD7} - C:\WINDOWS\system32\vtsqp.dll (file missing)
backup-20080107-145756-317 O20 - Winlogon Notify: rqrpppm - rqrpppm.dll (file missing)
backup-20080107-145756-413 O2 - BHO: (no name) - {80BB55D5-0982-4A14-95AE-B5B293FF85B6} - C:\WINDOWS\system32\rqrpppm.dll (file missing)
backup-20080107-145756-570 O2 - BHO: (no name) - {449402D2-0B6C-4018-B1D2-7CB124D15DFC} - C:\WINDOWS\system32\advpac.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 bdftdif (BitDefender Firewall TDI Filter) - c:\program files\common files\softwin\bitdefender firewall\bdftdif.sys <Not Verified; Softwin SRL; BitDefender 10>
R1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys <Not Verified; Softwin SRL; BitDefender 10>
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 Bdfndisf (BitDefender Firewall NDIS Filter Service) - c:\windows\system32\drivers\bdfndisf.sys <Not Verified; Softwin SRL; BitDefender 10>
R3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 catchme - c:\docume~1\nick\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 powervr - c:\windows\system32\drivers\powervr.sys <Not Verified; Imagination Technologies Ltd.; KYRO>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S2 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: VIA/S3G UniChrome Pro IGP
Device ID: PCI\VEN_1106&DEV_3108&SUBSYS_12031565&REV_01\4&3600494A&0&0008
Manufacturer: VIA/S3G
Name: VIA/S3G UniChrome Pro IGP
PNP Device ID: PCI\VEN_1106&DEV_3108&SUBSYS_12031565&REV_01\4&3600494A&0&0008
Service: viagfx


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1452)
2006-01-26 20:19:52 73728 --a------ C:\WINDOWS\system32\sockspy.dll
2005-09-23 06:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-13 02:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-06-07 13:08:10 6144 --a------ C:\Program Files\Yahoo!\Messenger\idle.dll <Not Verified; Yahoo! Inc.; Yahoo! Messenger>
2006-09-18 15:25:10 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-05-15 18:02:16 58368 --a------ C:\Program Files\Softwin\BitDefender10\bdshelxt.dll <Not Verified; ; BDShellExt Module>
2007-05-08 16:10:08 128512 --a------ C:\Program Files\WinRAR\RarExt.dll
2007-04-09 07:22:39 204800 --a------ C:\Program Files\PowerISO\PWRISOSH.DLL <Not Verified; PowerISO Computing, Inc.; PowerISO Shell Dynamic Link Library>
2007-07-18 14:23:12 81920 --a------ C:\Program Files\CC File Transfer\ccfileshell.dll <Not Verified; ; AAFileShell Module>

C:\WINDOWS\system32\svchost.exe (pid 2700)
2006-01-26 20:19:52 73728 --a------ C:\WINDOWS\system32\sockspy.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-01-08 23:31:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-10 and 2008-01-10 -----------------------------

2008-01-08 15:15:15 0 d-------- C:\VundoFix Backups
2008-01-06 23:37:09 0 d-------- C:\Program Files\Trend Micro
2008-01-06 20:37:05 0 d-------- C:\Documents and Settings\Nick\Application Data\Bitdefender
2008-01-06 20:36:13 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-01-04 16:45:11 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-04 16:22:30 0 d-------- C:\Program Files\BitDefender
2008-01-04 16:11:57 0 d-------- C:\Program Files\Common Files\BitDefender
2008-01-01 23:34:24 0 d-------- C:\Program Files\iPod
2008-01-01 23:34:00 0 d-------- C:\Program Files\iTunes
2007-12-30 04:30:29 0 d-------- C:\Documents and Settings\Nick\Application Data\Systweak
2007-12-30 04:29:01 0 d-------- C:\Program Files\Advanced System Optimizer
2007-12-29 01:19:40 0 d-------- C:\Program Files\Cygnus
2007-12-28 18:33:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-25 23:35:06 0 d-------- C:\Program Files\QuickTime
2007-12-25 01:27:45 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-12-25 01:27:45 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-25 01:15:43 0 d-------- C:\Documents and Settings\Nick\Application Data\Sunbelt Software
2007-12-22 22:13:33 0 d-------- C:\Program Files\GameTap
2007-12-22 22:13:33 0 d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-12-12 13:47:40 0 d--h----- C:\Documents and Settings\Nick\QMCache00
2007-12-12 13:47:39 0 d-------- C:\Documents and Settings\Nick\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-01-10 00:02:15 0 d-------- C:\Program Files\PeerGuardian2
2008-01-10 00:00:31 0 d-------- C:\Program Files\Common Files
2008-01-09 23:59:04 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-09 23:58:10 0 d-------- C:\Program Files\Java
2008-01-09 18:54:30 0 d-------- C:\Program Files\Zoom Player
2008-01-04 20:49:00 0 d-------- C:\Program Files\Steam
2008-01-01 23:35:42 0 d-------- C:\Program Files\DivX
2007-12-30 05:00:45 0 d-------- C:\Program Files\Fire Client
2007-12-22 22:13:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 18:27:31 0 d-------- C:\Program Files\psx emulation cheater
2007-12-21 14:00:32 0 d-------- C:\Program Files\WarRock
2007-12-18 00:32:42 0 d-------- C:\Program Files\World of Warcraft
2007-12-11 16:23:34 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-12-03 00:37:53 0 d-------- C:\Program Files\MindArk
2007-12-03 00:30:46 0 d-------- C:\Documents and Settings\Nick\Application Data\Nexon
2007-11-28 23:19:09 0 d-------- C:\Program Files\Microsoft Games
2007-11-28 23:17:32 0 d-------- C:\Program Files\MagicISO
2007-11-27 22:41:41 0 d-------- C:\Program Files\GameSpy Arcade
2007-11-25 07:00:53 0 d-------- C:\Program Files\Age of Empires 2
2007-11-22 19:07:35 0 d-------- C:\Program Files\Sierra
2007-11-22 18:46:01 0 d-------- C:\Program Files\DAEMON Tools
2007-11-20 22:36:42 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-11-20 22:27:15 0 d-------- C:\Program Files\THQ
2007-11-11 23:38:39 0 d-------- C:\Program Files\Electronic Arts
2007-11-03 15:52:57 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-10-20 16:54:00 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 09:32 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 PM]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/2007 03:49 PM]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [04/02/2007 04:48 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/18/2006 03:25 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/07/2007 01:08 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [10/30/2006 10:01 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/17/2007 06:53 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [06/22/2007 11:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll




-- End of Deckard's System Scanner: finished at 2008-01-10 00:02:51 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 958.42 MiB / 379.82 MiB
Pagefile Memory (total/avail): 2312.93 MiB / 1754.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 298.08 GiB total, 2.65 GiB free.
D: is CDROM (Unformatted)
E: is Fixed (NTFS) - 114.48 GiB total, 28.88 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6Y120L0 - 114.49 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 114.48 GiB - E:

\\.\PHYSICALDRIVE0 - WDC WD3200AAJB-00TYA0 - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Bitdefender Firewall v8.0 (Softwin)
AV: Bitdefender Antivirus v8.0 (Softwin)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1151 (Trend Micro, Inc.) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nick\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DOMAR-G7
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nick
LOGONSERVER=\\DOMAR-G7
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nick\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nick\LOCALS~1\Temp
USERDOMAIN=DOMAR-G7
USERNAME=Nick
USERPROFILE=C:\Documents and Settings\Nick
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Nick (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3GP Video Converter 3 --> C:\Program Files\Xilisoft\3GP Video Converter 3\Uninstall.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced System Optimizer --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The Asian Dynasties --> C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
Alien Shooter - Vengeance --> C:\Program Files\Alien Shooter - Vengeance\Uninstall\uninstall.exe /C "/U:C:\Program Files\Alien Shooter - Vengeance\Uninstall\uninstall.xml"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
balldroppings --> C:\Program Files\balldroppings\Uninstal.exe
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Single Player v1.3.0.0 --> C:\Program Files\Electronic Arts\Battlefield 2142\mods\2142_sp\Uninstall MiniMod 1.3.0.0.
BitComet 0.94 --> C:\Program Files\BitComet\uninst.exe
BitDefender Internet Security v10 --> MsiExec.exe /I{8A36FA9C-E350-41F0-B339-F040297F4C6C}
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
CC File Transfer 2.8 --> "C:\Program Files\CC File Transfer\unins000.exe"
Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Cygnus Hex Editor --> C:\PROGRA~1\Cygnus\UNWISE.EXE C:\PROGRA~1\Cygnus\INSTALL.LOG
DesuBuddy --> C:\Program Files\DesuBuddy\Uninstal.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dungeon Siege Legends of Aranna --> "C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
Entropia Universe --> C:\Program Files\MindArk\Entropia Universe\Uninstall.exe
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
FEARCombat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
Fire Client v2.14 --> "C:\Program Files\Fire Client\unins000.exe"
FlashGet 1.8.8.1009 --> E:\Program Files\FlashGet\uninst.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KYRO --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PowerVR\KYRO\Uninst.isu" -c"C:\Program Files\PowerVR\SharedUninst\pmxgenin.dll"
Lineage II --> C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
Linksys EasyLink Advisor 1.5 (1044) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
LuniaGSP --> "C:\LuniaGSP\uninstall.exe"
MapleStory --> MsiExec.exe /I{99217575-1F9D-438A-A2E9-D8FC1D96A04F}
MegaLeecher --> "C:\Program Files\MegaLeecher\Uninstall.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "E:\sysreset\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
My Screen Recorder Pro 2.3 --> "C:\Program Files\Deskshare\My Screen Recorder Pro\unins000.exe"
Nethergate --> MsiExec.exe /I{1DED5EFD-410A-48DB-909A-2B2022BB50D2}
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerVR Tools --> C:\WINDOWS\system32\pmxinit.exe -RemoveCPLPages
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Ragnarok Online --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU1FB0.inf
Ragnarok Sakray --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU1FB6.inf
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Retribution --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\STARCR~1\maps\RETRIB~1\Uninst.isu
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RPGXP --> MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Shattered Galaxy --> C:\PROGRA~1\KRU\SHATTE~1\UNWISE.EXE C:\PROGRA~1\KRU\SHATTE~1\INSTALL.LOG
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Soldat 1.4.1 --> "C:\Soldat\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Swiff Player 1.1 --> "C:\Program Files\GlobFX Technologies\Swiff Player\unins000.exe"
Trickster Online --> C:\Trickster Online\uninst.exe
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0297 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Voyage Century Online 1.21 --> "C:\Program Files\Voyage Century Online\unins000.exe"
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
WoWgasmic Launcher --> rundll32.exe dfshim.dll,ShArpMaintain WoWgasmic Launcher.application, Culture=neutral, PublicKeyToken=aabc5c675aa301fd, processorArchitecture=msil
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZDaemon (remove only) --> "C:\Program Files\ZDaemon\uninstall.exe"
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type6428 / Error
Event Submitted/Written: 01/07/2008 10:30:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application BitComet.exe, version 0.94.10.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6427 / Error
Event Submitted/Written: 01/07/2008 10:30:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application BitComet.exe, version 0.94.10.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6426 / Error
Event Submitted/Written: 01/07/2008 10:30:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application BitComet.exe, version 0.94.10.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6425 / Error
Event Submitted/Written: 01/07/2008 08:24:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application BF2142.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6375 / Error
Event Submitted/Written: 01/06/2008 07:35:37 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: BitDefender Internet Security v10 -- Please restart your computer to install the new version of BitDefender Internet Security v10.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27688 / Error
Event Submitted/Written: 01/10/2008 00:00:25 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Symantec Core LC service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type27662 / Warning
Event Submitted/Written: 01/09/2008 09:35:25 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type27653 / Warning
Event Submitted/Written: 01/09/2008 08:40:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type27652 / Warning
Event Submitted/Written: 01/09/2008 08:13:27 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type27643 / Warning
Event Submitted/Written: 01/09/2008 07:58:36 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-10 00:02:51 ------------
  • 0

#15
BHowett
Posted 10 January 2008 - 07:49 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Domar,

Congradulations your logs are clean :) the tools we used are updated so frequently it really does no good to keep them, so please remove them.


This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have.

I know you already have some of the programs like Antivirus, and 3rd party firewall, but I still like to share the information incase you ever need it, or want to change them.

  • First
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re enable system restore here:


    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above.


    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Posted Image 1.) Watch what you download!
    Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

    Posted Image 2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

    It's important to always keep current with the latest security fixes from Microsoft.
    Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

    Posted Image 3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

    Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
    Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

    So why is ActiveX so dangerous that you have to increase the security for it?
    When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
    Would you run just any random file downloaded off a web site without knowing what it is and what it does?

    Posted Image 4.) Install Javacool's SpywareBlaster

    It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.

    Posted Image 5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

    Posted Image 6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

    Posted Image 7.) Another excellent program by Javacool we recommend is SpywareGuard.
    It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

    Posted Image 8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

    *It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

    Posted Image 9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

    Posted Image 10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
    NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.

    Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you! :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP