Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Exe icons have disappeared from desktop and start [RESOLVED]


  • This topic is locked This topic is locked

#1
viper151

viper151

    Member

  • Member
  • PipPip
  • 47 posts
Hi :)

Not all but a lot of icons from exe files only have disappeared and have been replaced with the uknown file icon. That hasn't affected every icon and some of them can be restored manually(properties, change icon) But they are a lot and not everything can be restored :)

Here is a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:53 πμ, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Crypto SA\AccessRunner ADSL USB\CnxDslTb.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe
C:\Temp-torrents\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webba.bma.upatras.gr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto SA\AccessRunner ADSL USB\CnxDslTb.exe" "Crypto SA\AccessRunner ADSL USB"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AccessRunner DSL.lnk = ?
O4 - Startup: AP Launch.lnk = C:\Program Files\DVBViewerTE\AP Launch.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{711B1E2D-8BE9-430F-8A46-77B69BA7D6B9}: NameServer = 194.219.227.1 193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O24 - Desktop Component 1: (no name) - http://www.greek-tracker.com/browse

--
End of file - 6827 bytes



And One more question..What is the last one log ? (024) I know this site and its familiar to me but why is this one there?

Edited by viper151, 12 March 2008 - 02:58 PM.

  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi viper151

welcome to geekstogo :)

sorry to keep you waiting. lets do a deeper scan of your machine for me to analyse.

(if your problem has already been resolved, could you just let me know so that i an move onto other logs to help others, thanks)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

you may need to post the logs over 2 replies to ensure all the information is posted.

andrewuk
  • 0

#3
viper151

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Those are pretty big txts.. lol :)

Now the problem hasnt gone...

Main.txt

Deckard's System Scanner v20071014.68
Run by viper151 on 2008-03-19 10:19:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-03-19 08:19:20 UTC - RP427 - Deckard's System Scanner Restore Point
1: 2008-03-18 01:06:13 UTC - RP426 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as viper151.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:45 πμ, on 19/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Crypto SA\AccessRunner ADSL USB\CnxDslTb.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\svchost.exe
C:\Temp-torrents\dss.exe
C:\TEMP-T~1\viper151.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webba.bma.upatras.gr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto SA\AccessRunner ADSL USB\CnxDslTb.exe" "Crypto SA\AccessRunner ADSL USB"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AccessRunner DSL.lnk = ?
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{711B1E2D-8BE9-430F-8A46-77B69BA7D6B9}: NameServer = 194.219.227.1 193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O24 - Desktop Component 1: (no name) - http://www.greek-tracker.com/browse

--
End of file - 6949 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\windows\system32\shell32.dll,71
.hlp - hlpfile - DefaultIcon - C:\windows\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\windows\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\windows\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\windows\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Gernuwa - c:\windows\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 AW_HOST - c:\windows\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awecho - c:\windows\system32\drivers\awechomd.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awlegacy - c:\windows\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 USIUDF - c:\windows\system32\drivers\usiudf.sys <Not Verified; Ulead Systems, Inc.; Ulead UDF File System Driver>
R2 BT848 (CRYPTO WDM Video Capture) - c:\windows\system32\drivers\bt848.sys
R2 BTTUNER (CRYPTO WDM TvTuner) - c:\windows\system32\drivers\bttuner.sys <Not Verified; Conexant Systems, Inc.; bttuner.sys>
R2 BTXBAR (CRYPTO WDM Crossbar) - c:\windows\system32\drivers\btxbar.sys <Not Verified; Conexant Systems, Inc.; btxbar.sys>
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 CnxEtP (Crypto F200 USB ADSL Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 CnxEtU (Crypto F200 USB ADSL Interface Device Driver) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 CnxTgNW (Crypto F200 USB ADSL WAN PPPoA Adapter Driver) - c:\windows\system32\drivers\cnxtgnw.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SKYNET (TechniSat DVB-PC TV Star PCI) - c:\windows\system32\drivers\skynet.sys <Not Verified; B2C2, Inc.; B2C2 Broadband Receiver PCI Adapter>
R3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
R3 ULCDRHlp - c:\windows\system32\drivers\ulcdrhlp.sys <Not Verified; Ulead Systems, Inc.; Ulead CD/DVD Burning Engine>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S1 SysTool (SysTool Overclocking Utility) - c:\windows\system32\drivers\systool.sys <Not Verified; ; Low-Level Driver>
S3 HWIONT - d:\downloads\filmnet win xp\filmnetp3xp\ccrypt standalone\hwiont.sys <Not Verified; The freeware company; Windws NT hardware access driver>
S3 obm - c:\temp-torrents\obm.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 wampapache - "c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S3 wampmysqld - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld
S4 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
S4 awhost32 (Symantec pcAnywhere Host Service) - "c:\program files\symantec\pcanywhere\awhost32.exe" <Not Verified; Symantec Corporation; pcAnywhere>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S4 OpenVPNService (OpenVPN Service) - c:\program files\openvpn\bin\openvpnserv.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-18 20:44:16 286 --a------ C:\windows\Tasks\DVBDream Weekly 20080314_024629.job
2008-03-17 20:12:59 312 --a------ C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-03-14 17:15:00 396 --a------ C:\windows\Tasks\1-Click Maintenance.job


-- Files created between 2008-02-19 and 2008-03-19 -----------------------------

2008-03-18 23:11:08 0 d-------- C:\Counter-Strike 1.6 V32
2008-03-18 15:17:48 0 d-------- C:\Program Files\Unity
2008-03-17 23:09:52 0 d-------- C:\Documents and Settings\viper151\Application Data\VideoReDoPlus
2008-03-17 23:09:48 0 d-------- C:\Program Files\VideoReDoPlus
2008-03-17 22:58:36 0 d-------- C:\Program Files\avijoin
2008-03-17 20:08:28 0 d-------- C:\Program Files\Hamachi
2008-03-13 23:40:11 0 d-------- C:\Fall Out Boy
2008-03-13 20:13:45 0 d-------- C:\Program Files\TechniSat DVB
2008-03-11 19:39:07 0 d-------- C:\6 Amateur Greek Videakia! Part III
2008-03-07 13:39:34 0 d-------- C:\Lost.4x06.The_Other_Woman.PROPER.HDTV_XviD-FoV
2008-03-07 13:19:42 0 d-------- C:\Happy S1E16 (GT)
2008-03-07 08:13:57 0 d-------- C:\Documents and Settings\viper151\Application Data\AD ON Multimedia
2008-03-06 22:06:19 0 d-------- C:\windows\uninstall
2008-03-06 00:53:15 0 d-------- C:\windows\system32\AGEIA
2008-03-06 00:53:14 0 d-------- C:\Program Files\AGEIA Technologies
2008-03-06 00:41:56 0 d-------- C:\Program Files\Ubisoft
2008-03-05 18:04:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft
2008-03-05 18:04:08 0 d-------- C:\Program Files\Mixesoft
2008-03-04 15:23:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 21:19:54 0 d-------- C:\cc
2008-03-03 18:17:48 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP


-- Find3M Report ---------------------------------------------------------------

2008-03-19 10:13:46 0 d-------- C:\Program Files\AutoGK
2008-03-19 10:13:45 43698 --a------ C:\windows\system32\xvid-uninstall.exe
2008-03-19 10:13:05 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-19 10:12:12 546 --a------ C:\Documents and Settings\viper151\Application Data\AutoGK.ini
2008-03-19 09:39:54 0 d-------- C:\Documents and Settings\viper151\Application Data\uTorrent
2008-03-19 02:12:37 0 d-------- C:\Documents and Settings\viper151\Application Data\Hamachi
2008-03-18 22:16:58 0 d-------- C:\Program Files\Warcraft III
2008-03-13 21:17:30 0 d-------- C:\Program Files\DVBViewerTE
2008-03-13 11:15:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 08:13:57 0 d-------- C:\Program Files\MyPhoneExplorer
2008-03-06 00:52:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 15:23:07 0 d-------- C:\Program Files\Common Files
2008-02-19 21:38:17 0 d-------- C:\Program Files\Electronic Arts
2008-02-18 19:13:24 0 d-------- C:\Documents and Settings\viper151\Application Data\Vso
2008-02-14 22:11:55 0 d-------- C:\Documents and Settings\viper151\Application Data\Leadertech
2008-02-14 22:10:54 0 --a------ C:\windows\PowerReg.dat
2008-02-12 21:25:40 441856 --a------ C:\windows\system32\libx264.dll
2008-02-12 21:25:40 46364 --a------ C:\windows\system32\libvorbisfile.dll
2008-02-12 21:25:40 182493 --a------ C:\windows\system32\libvorbis-0.dll
2008-02-12 21:25:40 51790 --a------ C:\windows\system32\libogg-0.dll
2008-02-12 21:25:40 148196 --a------ C:\windows\system32\libnut.dll
2008-02-12 21:25:40 358766 --a------ C:\windows\system32\libamrwb-3.dll
2008-02-12 21:25:40 28160 --a------ C:\windows\system32\avutil-49.dll
2008-02-12 21:25:40 536576 --a------ C:\windows\system32\avformat-51.dll
2008-02-12 21:25:38 520119 --a------ C:\windows\system32\xvidcore.dll
2008-02-12 21:25:38 66108 --a------ C:\windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-02-12 21:25:38 66108 --a------ C:\windows\system32\pthread.dll <Not Verified; Open Source Software community project; >
2008-02-12 21:25:38 1155649 --a------ C:\windows\system32\libvorbisenc-2.dll
2008-02-12 21:25:38 383399 --a------ C:\windows\system32\libmp3lame-0.dll
2008-02-12 21:25:38 504438 --a------ C:\windows\system32\libamrnb-3.dll
2008-02-12 21:25:38 4550656 --a------ C:\windows\system32\avcodec-51.dll
2008-02-12 21:25:36 53267 --a------ C:\windows\system32\libgsm.dll
2008-02-12 19:08:15 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-02-11 23:25:57 0 d-------- C:\Documents and Settings\viper151\Application Data\Skype
2008-02-11 23:25:41 0 d-------- C:\Documents and Settings\viper151\Application Data\skypePM
2008-02-11 08:28:32 0 d-------- C:\Program Files\Hasbro Interactive
2008-02-02 22:58:22 0 d-------- C:\Documents and Settings\viper151\Application Data\Adobe
2008-02-02 15:18:04 0 d-------- C:\Program Files\Bonjour
2008-02-02 15:18:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-02 15:06:02 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-30 15:13:09 0 d-------- C:\Documents and Settings\viper151\Application Data\Notepad++
2008-01-30 15:12:38 0 d-------- C:\Program Files\Notepad++
2008-01-30 11:40:30 0 d-------- C:\Program Files\Screamer Radio
2008-01-30 11:35:47 0 d-------- C:\Documents and Settings\viper151\Application Data\streamripper
2008-01-30 11:34:13 0 d-------- C:\Program Files\Streamripper
2008-01-29 22:22:10 0 d-------- C:\Documents and Settings\viper151\Application Data\XTrackCad
2008-01-29 11:57:36 0 d-------- C:\Program Files\XTrkCAD4
2008-01-28 23:56:36 0 d-------- C:\Program Files\Womble Multimedia
2008-01-28 20:25:41 0 d-------- C:\Program Files\Skype
2008-01-28 20:25:39 0 d-------- C:\Program Files\Common Files\Skype
2008-01-22 23:18:33 0 d-------- C:\Program Files\DeadDiskDoctor
2008-01-22 23:01:43 0 d-------- C:\Program Files\DiskInternals
2008-01-22 23:00:14 0 d-------- C:\Program Files\Registry Clean Expert
2008-01-07 14:29:06 352 --ah----- C:\windows\nod32fixtemdono.reg
2007-12-30 03:05:00 3176 --a------ C:\windows\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [01/05/2006 04:07 §£]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [10/04/2006 08:19 §£]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [06/06/2003 04:52 ££]
"nwiz"="nwiz.exe" [28/06/2007 11:43 ££ C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [28/06/2007 11:43 ££]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [28/06/2007 11:43 ££]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 ££]
"CnxDslTaskBar"="C:\Program Files\Crypto SA\AccessRunner ADSL USB\CnxDslTb.exe" [16/06/2004 01:55 ££]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [21/12/2007 08:21 §£]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [04/08/2004 12:56 §£]
"@"="" []
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [04/02/2008 12:25 ££]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [04/02/2008 12:25 ££]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [28/02/2007 11:06 ££]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 11:55 §£ 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 10:39 §£ 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31/01/2005 02:13 ££ 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 14/02/2006 11:00 §£ 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"WinVNC4"=2 (0x2)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"StarWindService"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"OpenVPNService"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NOD32krn"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"IviRegMgr"=2 (0x2)
"IDriverT"=3 (0x3)
"awhost32"=2 (0x2)
"aawservice"=2 (0x2)


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F5C04010-CF65-FE00-B534-C14F6F8C0001}]
C:\windows\system32\Win32dll.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

8005 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-19 10:21:25 ------------



Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1022.48 MiB / 595.53 MiB
Pagefile Memory (total/avail): 2458.86 MiB / 2142.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.86 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.11 GiB total, 9.92 GiB free.
D: is Fixed (NTFS) - 37.41 GiB total, 1.01 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.11 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 37.41 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe:*:Enabled:pcAnywhere Host"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX02.453\\utorrent.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX02.453\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\CNC3.exe"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\CNC3.exe:*:Enabled:Play Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\MaNGOS WoW Server\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe"="D:\\MaNGOS WoW Server\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe:*:Enabled:mysqld-nt"
"D:\\MaNGOS WoW Server\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\MaNGOS WoW Server\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\MaNGOS WoW Server\\realmd.exe"="D:\\MaNGOS WoW Server\\realmd.exe:*:Enabled:realmd"
"D:\\MaNGOS WoW Server\\mangosd.exe"="D:\\MaNGOS WoW Server\\mangosd.exe:*:Enabled:mangosd"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.625\\l2asrv.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.625\\l2asrv.exe:*:Enabled:l2asrv"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX39.718\\l2asrv.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX39.718\\l2asrv.exe:*:Enabled:l2asrv"
"C:\\wamp\\Apache2\\bin\\httpd.exe"="C:\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.7\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.7\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.8\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.8\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Disabled:WinDVD"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Football Manager 2008\\Football Manager 2008\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Football Manager 2008\\Football Manager 2008\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"D:\\World of Warcraft\\BackgroundDownloader.exe"="D:\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\RedlightCenter\\RedLightCenter\\Redlightcenter.exe"="C:\\Program Files\\RedlightCenter\\RedLightCenter\\Redlightcenter.exe:*:Enabled:Redlightcenter"
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer Enterprise Edition for Win32"
"C:\\Program Files\\RealVNC\\VNCTool\\vnctool.exe"="C:\\Program Files\\RealVNC\\VNCTool\\vnctool.exe:*:Enabled:VNC Deployment Tool"
"D:\\Games\\Football Manager 2008\\Sports Interactive\\Football Manager 2008\\fm.exe"="D:\\Games\\Football Manager 2008\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Empire Earth II\\EE2.exe"="D:\\Empire Earth II\\EE2.exe:*:Enabled:Empire Earth II"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Games\\cod\\iw3mp.exe"="D:\\Games\\cod\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Enterprise Edition for Win32"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Monte Cristo\\Fire Department 3\\FD3.exe"="C:\\Program Files\\Monte Cristo\\Fire Department 3\\FD3.exe:*:Enabled:FD3"
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"="C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe:*:Enabled:Lost Via Domus Game"
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe"="C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe:*:Enabled:Lost Via Domus Updater"
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"="C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe:*:Enabled:Lost Via Domus Requirements Tool"
"D:\\Games\\C&C3\\RetailExe\\1.0\\cnc3game.dat"="D:\\Games\\C&C3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"D:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat"="D:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.062\\newcs.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.062\\newcs.exe:*:Enabled:newcs"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.781\\CW203.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.781\\CW203.exe:*:Enabled:CW203"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\dvbdream\\dvbdream.exe"="C:\\dvbdream\\dvbdream.exe:*:Enabled:dvbdream"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\viper151\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THERMAL
ComSpec=C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\viper151
LOGONSERVER=\\THERMAL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\OpenVPN\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\windows
TEMP=C:\DOCUME~1\viper151\LOCALS~1\Temp
TMP=C:\DOCUME~1\viper151\LOCALS~1\Temp
USERDOMAIN=THERMAL
USERNAME=viper151
USERPROFILE=C:\Documents and Settings\viper151
windir=C:\windows


-- User Profiles ---------------------------------------------------------------

viper151 (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\windows\UNRecode.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Δήλωση χρήστη Canon MP160 --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings --> MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings --> MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\720b6626565121c6841038cea334ae6\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{FEE98626-0015-4411-AFBF-0358C884B9B3}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{416D34D7-2F3C-429D-86EF-5F4613D85889}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Aspi Installer --> C:\Temp\UNWISE.EXE C:\Temp\INSTALL.LOG
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
AVI Joiner --> "C:\Program Files\avijoin\unins000.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0008
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
ConvertXtoDVD 2.1.8.193 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins001.exe"
Counter-Strike 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
Crypto AccessRunner ADSL --> "C:\Program Files\Crypto SA\AccessRunner ADSL USB\setup.exe" -u
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
dBpoweramp m4a Codec --> "C:\windows\system32\SpoonUninstall.exe" <uninstall>C:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Music Converter --> "C:\windows\system32\SpoonUninstall.exe" <uninstall>C:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVB Dream version 1.4i --> "c:\dvbdream\unins000.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Temp-torrents\HijackThis.exe" /uninstall
Image Grabber II --> "C:\Program Files\Image Grabber II\uninstall.exe"
ImTOO 3GP Video Converter --> C:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
Instant Access --> C:\Program Files\Internet Explorer\IEXPLORE.EXE http://scripts.downl...ssUninstall.exe
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
InterVideo WinDVR 3 --> "C:\Program Files\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe" REMOVEALL
InterVideo WinProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A68CB46-C79E-4F0D-86D5-5C9A3CAA0FD5}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.89 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lost Via Domus --> "C:\Program Files\InstallShield Installation Information\{2702B8FC-6003-4AC6-ADBC-EC65746D800A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\windows\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0015-0408-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0016-0408-0000-0000000FF1CE}
Microsoft Office Groove MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00BA-0408-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0044-0408-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00A1-0408-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001A-0408-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0018-0408-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007 --> MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proofing (Greek) 2007 --> MsiExec.exe /X{90120000-002C-0408-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0019-0408-0000-0000000FF1CE}
Microsoft Office Shared MUI (Greek) 2007 --> MsiExec.exe /X{90120000-006E-0408-0000-0000000FF1CE}
Microsoft Office Word MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001B-0408-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{6F6B46DC-4289-454E-8FFD-80CE597F403B}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG Video Wizard --> C:\PROGRA~1\WOMBLE~1\MPEGVI~1\UNWISE.EXE C:\PROGRA~1\WOMBLE~1\MPEGVI~1\INSTALL.LOG
mpegable X4 live --> C:\windows\AKDeInstall.exe "/C:\Program Files\mpegable\"
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371032}
NFO Creator --> C:\windows\system32\GKSUI18.EXE C:\Program Files\CyberLeadingCorp\NFO Creator\UNINSTAL.DAT
No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\windows\system32\nvudisp.exe UninstallGUI
ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
OpenVPN 2.0.9-gui-1.0.3 --> C:\Program Files\OpenVPN\Uninstall.exe
OTEnet-SAGEM Fast 800-840 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x8
PCTV RADIO II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CRYPTO\PCTV RADIO II\Uninst.isu"
PDF Settings --> MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
Play65 --> C:\Program Files\Play65\Play65.exe /uninstall
Play89 --> C:\Program Files\Play89\Play89.exe /uninstall
Pro Evolution Soccer 2008 --> C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0409
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
R for Windows 2.4.1 --> "C:\Program Files\R\R-2.4.1\unins000.exe"
Roll --> C:\windows\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Siemens ADSL Router USB Driver --> C:\Program Files\InstallShield Installation Information\{4D72C47A-8A8C-49C4-BFAC-34EC5D65183B}\setup.exe -runfromtemp -l0x0009 -removeonly FORCE_UNINSTALL
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic CinePlayer DVD Pack --> MsiExec.exe /I{D4576E0D-2295-4B8E-B663-B68086B00EE5}
Sony Ericsson Media Studio 2.5 --> C:\PROGRA~1\MAKAYA~1\SONYER~1\Setup.exe /remove
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StatBar 2.406 --> "C:\Program Files\Globe Software\StatBar\unins000.exe"
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symant
  • 0

#4
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the extra.txt seems to have got cutt off, if you still have it could you re-post the extra.txt please.

andrewuk
  • 0

#5
viper151

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1022.48 MiB / 595.53 MiB
Pagefile Memory (total/avail): 2458.86 MiB / 2142.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.86 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.11 GiB total, 9.92 GiB free.
D: is Fixed (NTFS) - 37.41 GiB total, 1.01 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.11 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 37.41 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe:*:Enabled:pcAnywhere Host"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX02.453\\utorrent.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX02.453\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\CNC3.exe"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\CNC3.exe:*:Enabled:Play Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\MaNGOS WoW Server\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe"="D:\\MaNGOS WoW Server\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe:*:Enabled:mysqld-nt"
"D:\\MaNGOS WoW Server\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\MaNGOS WoW Server\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\MaNGOS WoW Server\\realmd.exe"="D:\\MaNGOS WoW Server\\realmd.exe:*:Enabled:realmd"
"D:\\MaNGOS WoW Server\\mangosd.exe"="D:\\MaNGOS WoW Server\\mangosd.exe:*:Enabled:mangosd"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.625\\l2asrv.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.625\\l2asrv.exe:*:Enabled:l2asrv"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX39.718\\l2asrv.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX39.718\\l2asrv.exe:*:Enabled:l2asrv"
"C:\\wamp\\Apache2\\bin\\httpd.exe"="C:\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.7\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.7\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.8\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.8\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Disabled:WinDVD"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Football Manager 2008\\Football Manager 2008\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Football Manager 2008\\Football Manager 2008\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"D:\\World of Warcraft\\BackgroundDownloader.exe"="D:\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\RedlightCenter\\RedLightCenter\\Redlightcenter.exe"="C:\\Program Files\\RedlightCenter\\RedLightCenter\\Redlightcenter.exe:*:Enabled:Redlightcenter"
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer Enterprise Edition for Win32"
"C:\\Program Files\\RealVNC\\VNCTool\\vnctool.exe"="C:\\Program Files\\RealVNC\\VNCTool\\vnctool.exe:*:Enabled:VNC Deployment Tool"
"D:\\Games\\Football Manager 2008\\Sports Interactive\\Football Manager 2008\\fm.exe"="D:\\Games\\Football Manager 2008\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Empire Earth II\\EE2.exe"="D:\\Empire Earth II\\EE2.exe:*:Enabled:Empire Earth II"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Games\\cod\\iw3mp.exe"="D:\\Games\\cod\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Enterprise Edition for Win32"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Monte Cristo\\Fire Department 3\\FD3.exe"="C:\\Program Files\\Monte Cristo\\Fire Department 3\\FD3.exe:*:Enabled:FD3"
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"="C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe:*:Enabled:Lost Via Domus Game"
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe"="C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe:*:Enabled:Lost Via Domus Updater"
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"="C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe:*:Enabled:Lost Via Domus Requirements Tool"
"D:\\Games\\C&C3\\RetailExe\\1.0\\cnc3game.dat"="D:\\Games\\C&C3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"D:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat"="D:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.062\\newcs.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.062\\newcs.exe:*:Enabled:newcs"
"C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.781\\CW203.exe"="C:\\Documents and Settings\\viper151\\Local Settings\\Temp\\Rar$EX00.781\\CW203.exe:*:Enabled:CW203"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\dvbdream\\dvbdream.exe"="C:\\dvbdream\\dvbdream.exe:*:Enabled:dvbdream"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\viper151\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THERMAL
ComSpec=C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\viper151
LOGONSERVER=\\THERMAL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\OpenVPN\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\windows
TEMP=C:\DOCUME~1\viper151\LOCALS~1\Temp
TMP=C:\DOCUME~1\viper151\LOCALS~1\Temp
USERDOMAIN=THERMAL
USERNAME=viper151
USERPROFILE=C:\Documents and Settings\viper151
windir=C:\windows


-- User Profiles ---------------------------------------------------------------

viper151 (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\windows\UNRecode.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Δήλωση χρήστη Canon MP160 --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings --> MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings --> MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\720b6626565121c6841038cea334ae6\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{FEE98626-0015-4411-AFBF-0358C884B9B3}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{416D34D7-2F3C-429D-86EF-5F4613D85889}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Aspi Installer --> C:\Temp\UNWISE.EXE C:\Temp\INSTALL.LOG
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
AVI Joiner --> "C:\Program Files\avijoin\unins000.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0008
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
ConvertXtoDVD 2.1.8.193 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins001.exe"
Counter-Strike 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
Crypto AccessRunner ADSL --> "C:\Program Files\Crypto SA\AccessRunner ADSL USB\setup.exe" -u
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
dBpoweramp m4a Codec --> "C:\windows\system32\SpoonUninstall.exe" <uninstall>C:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Music Converter --> "C:\windows\system32\SpoonUninstall.exe" <uninstall>C:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVB Dream version 1.4i --> "c:\dvbdream\unins000.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Temp-torrents\HijackThis.exe" /uninstall
Image Grabber II --> "C:\Program Files\Image Grabber II\uninstall.exe"
ImTOO 3GP Video Converter --> C:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
Instant Access --> C:\Program Files\Internet Explorer\IEXPLORE.EXE http://scripts.downl...ssUninstall.exe
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
InterVideo WinDVR 3 --> "C:\Program Files\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe" REMOVEALL
InterVideo WinProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A68CB46-C79E-4F0D-86D5-5C9A3CAA0FD5}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.89 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lost Via Domus --> "C:\Program Files\InstallShield Installation Information\{2702B8FC-6003-4AC6-ADBC-EC65746D800A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\windows\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0015-0408-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0016-0408-0000-0000000FF1CE}
Microsoft Office Groove MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00BA-0408-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0044-0408-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00A1-0408-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001A-0408-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0018-0408-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007 --> MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proofing (Greek) 2007 --> MsiExec.exe /X{90120000-002C-0408-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0019-0408-0000-0000000FF1CE}
Microsoft Office Shared MUI (Greek) 2007 --> MsiExec.exe /X{90120000-006E-0408-0000-0000000FF1CE}
Microsoft Office Word MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001B-0408-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{6F6B46DC-4289-454E-8FFD-80CE597F403B}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG Video Wizard --> C:\PROGRA~1\WOMBLE~1\MPEGVI~1\UNWISE.EXE C:\PROGRA~1\WOMBLE~1\MPEGVI~1\INSTALL.LOG
mpegable X4 live --> C:\windows\AKDeInstall.exe "/C:\Program Files\mpegable\"
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371032}
NFO Creator --> C:\windows\system32\GKSUI18.EXE C:\Program Files\CyberLeadingCorp\NFO Creator\UNINSTAL.DAT
No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\windows\system32\nvudisp.exe UninstallGUI
ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
OpenVPN 2.0.9-gui-1.0.3 --> C:\Program Files\OpenVPN\Uninstall.exe
OTEnet-SAGEM Fast 800-840 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x8
PCTV RADIO II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CRYPTO\PCTV RADIO II\Uninst.isu"
PDF Settings --> MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
Play65 --> C:\Program Files\Play65\Play65.exe /uninstall
Play89 --> C:\Program Files\Play89\Play89.exe /uninstall
Pro Evolution Soccer 2008 --> C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0409
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
R for Windows 2.4.1 --> "C:\Program Files\R\R-2.4.1\unins000.exe"
Roll --> C:\windows\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Siemens ADSL Router USB Driver --> C:\Program Files\InstallShield Installation Information\{4D72C47A-8A8C-49C4-BFAC-34EC5D65183B}\setup.exe -runfromtemp -l0x0009 -removeonly FORCE_UNINSTALL
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic CinePlayer DVD Pack --> MsiExec.exe /I{D4576E0D-2295-4B8E-B663-B68086B00EE5}
Sony Ericsson Media Studio 2.5 --> C:\PROGRA~1\MAKAYA~1\SONYER~1\Setup.exe /remove
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StatBar 2.406 --> "C:\Program Files\Globe Software\StatBar\unins000.exe"
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec pcAnywhere --> MsiExec.exe /I{12018183-866A-11D3-97DF-0000F8D8F2E9}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak Overlay BETA 2 (#63) --> "C:\Program Files\TSO\uninstall.exe"
TechniSat DVB-PC TV Star --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D032A7F0-8B5C-4603-8B46-235025D5F9C1}\Setup.exe" -l0x9 anything -removeonly
Theme Manager --> C:\PROGRA~1\Stardock\OBJECT~2\THEMEM~1\thememgr.exe /uninstallwise
Ulead Data-Add 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD8E6D29-95EC-494E-8AF5-566E784819A6}\setup.exe" -l0x9
Ulead DVD MovieFactory 4.0 Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x9
Ulead MediaStudio Pro 8.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6E71574-2126-4E95-816E-32B2411C94BA}\setup.exe" -l0x9
Unity Web Player --> C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb936558) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B6B2802B-6631-4EBE-A062-44AE0C1F0BED}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VideoReDo/Plus Version 2.5.4.507 --> "C:\Program Files\VideoReDoPlus\unins000.exe"
VNC Deployment Tool 1.6.4 --> "C:\Program Files\RealVNC\VNCTool\unins000.exe"
VNC Enterprise Edition E4.3.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
VNC Mirror Driver 1.7.1 --> "C:\Program Files\RealVNC\VNC4\Mirror Driver\unins000.exe"
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
WampServer 2.0 --> "c:\wamp\unins000.exe"
Warcraft III: All Products --> C:\windows\War3Unin.exe C:\windows\War3Unin.dat
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WindowFX --> C:\PROGRA~1\Stardock\OBJECT~2\WindowFX\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\WindowFX\INSTALL.LOG
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinStyles --> C:\PROGRA~1\OBJECT~1\WINSTY~1\UNWISE.EXE C:\PROGRA~1\OBJECT~1\WINSTY~1\INSTALL.LOG
XTrkCAD Model Railroad Design Software --> C:\Program Files\XTrkCAD4\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
XviD MPEG4 Video Codec (remove only) --> "C:\windows\system32\xvid-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1038 / Success
Event Submitted/Written: 03/19/2008 09:38:39 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1031 / Success
Event Submitted/Written: 03/19/2008 00:07:17 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1015 / Success
Event Submitted/Written: 03/18/2008 10:48:02 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1003 / Success
Event Submitted/Written: 03/18/2008 06:12:58 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type947 / Success
Event Submitted/Written: 03/14/2008 09:08:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type74792 / Error
Event Submitted/Written: 03/19/2008 10:09:49 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type74786 / Error
Event Submitted/Written: 03/19/2008 09:38:45 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type74783 / Error
Event Submitted/Written: 03/19/2008 09:30:28 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type74782 / Error
Event Submitted/Written: 03/19/2008 09:19:26 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type74781 / Warning
Event Submitted/Written: 03/19/2008 09:18:07 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-03-19 10:21:25 ------------

Sorry didnt notice :)
  • 0

#6
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi viper151

before we deal with your icons (i beleive i can see the problem) - we should do some scans of your machine, i suspect there is other malware in there.

What is the last one log ? (024) I know this site and its familiar to me but why is this one there?

this is an Active Desktop component - these are local or remote html files that are imbedded directly on your desktop as a background. if you did not add it, we can safely remove it - just let me know if you added it.

also, do you recognise this address: FORTHnet Technical Operations, 58 Antigonis Str, 104 42 ATHENS, GR. is it your ISP? or company?

the scans will likely take 2 hours, quite possibly much longer. so just let them run.

====STEP 1====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 2====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 3====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In your next reply could i see:
1. the malwarebytes log
2. the kaspersky scan log
3. a new hyjackthis log
4. the answers to the 2 questions above

there will be a lot of information to post in the next reply, therefore you may need to post the information over more than one reply to ensure it is all posted.

andrewuk
  • 0

#7
viper151

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Yep i added that but i've tottaly forgot it :)
Yep Thats my isp :)


Malwarebytes found no malicious software..But it took only 3 minutes :/

Malwarebytes' Anti-Malware 1.09
Database version: 509

Scan type: Quick Scan
Objects scanned: 30483
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky on next message.
  • 0

#8
viper151

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
The kaspersky log is gonna be ready in some hours cause i gotta do some works...
Maybe i'm not sure yet so maybe i'll be able to post again next tuesday sorry for that.. :)
  • 0

#9
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
no problem, i will be here :)
  • 0

#10
viper151

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
oK I'M back :) so here it is the kaspersky log.:)
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 26, 2008 2:55:30 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/03/2008
Kaspersky Anti-Virus database records: 663365
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\

Scan Statistics:
Total number of scanned objects: 129690
Number of viruses found: 6
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 03:22:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\viper151\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\cert8.db Object is locked skipped
C:\Documents and Settings\viper151\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\foxmarks.log Object is locked skipped
C:\Documents and Settings\viper151\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\history.dat Object is locked skipped
C:\Documents and Settings\viper151\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\key3.db Object is locked skipped
C:\Documents and Settings\viper151\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\parent.lock Object is locked skipped
C:\Documents and Settings\viper151\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\search.sqlite Object is locked skipped
C:\Documents and Settings\viper151\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\viper151\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Application Data\Mozilla\Firefox\Profiles\mtsdymn2.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Temp\~DFD63F.tmp Object is locked skipped
C:\Documents and Settings\viper151\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\viper151\My Documents\Downloads\Kante to Windows XP Professional Original\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\viper151\My Documents\Downloads\Kante to Windows XP Professional Original\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\viper151\My Documents\Downloads\Kante to Windows XP Professional Original\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\viper151\My Documents\Downloads\Kante to Windows XP Professional Original\keyfinder.exe RarSFX: infected - 3 skipped
C:\Documents and Settings\viper151\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\viper151\ntuser.dat.LOG Object is locked skipped
C:\Program Files\No-IP\DUC - viper151.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{907035B9-EBE2-49E8-AC67-20D6D74E2BD1}\RP450\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Music\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\Music\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\Music\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\Music\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\Music\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\system Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Utilities\rapidshare.rar/router reconnect/Reconnect/Fritz!Box/bat/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
D:\Utilities\rapidshare.rar/router reconnect/Reconnect/Fritz!Box/bat2/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
D:\Utilities\rapidshare.rar/router reconnect/Reconnect/Fritz!Box/exe/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
D:\Utilities\rapidshare.rar RAR: infected - 3 skipped

Scan was interrupted by user! i interrupted accidentally at 97% but until then it had 3 hours fully working
  • 0

Advertisements


#11
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

i interrupted accidentally at 97% but until then it had 3 hours fully working

it can take a while if this is the first time

in this post we will remove the malware picked up in the scans and see if we can get your icons back.

i also want to scan a supicious looking file

====STEP 1====
Please download the OTMoveIt2 by OldTimer and Save it to your desktop.

Do NOT run it yet



Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.




Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\Music\01 Track 1.wma
    D:\Music\02 Track 2.wma
    D:\Music\03 Track 3.wma
    D:\Music\06 Track 6.wma
    D:\Music\07 Track 7.wma
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


====STEP 2====
click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /daft
This will open the Deckard File Association Tool
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.


====STEP 3====
you may have to temporarily disable all your security programs for this next step.

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\windows\system32\Win32dll.exe

Click on the submit button

Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal

(the file may no longer be in your machine though)


In your next reply could i see:
1. the Jotti scan log
2. the OTMoveIT log
3. a new hijackthis log
4. some idea of how your machine is running now

andrewuk

Edited by andrewuk, 25 March 2008 - 09:00 PM.

  • 0

#12
viper151

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:38 πμ, on 26/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
C:\Program Files\No-IP\DUC20.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\vncclipboard.exe
C:\Temp-torrents\HiJackThis(2).exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webba.bma.upatras.gr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto SA\AccessRunner ADSL USB\CnxDslTb.exe" "Crypto SA\AccessRunner ADSL USB"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AccessRunner DSL.lnk = ?
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Run VNC Server.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe
O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{711B1E2D-8BE9-430F-8A46-77B69BA7D6B9}: NameServer = 194.219.227.1 193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O24 - Desktop Component 1: (no name) - http://www.greek-tracker.com/browse

--
End of file - 6864 bytes





D:\Music\01 Track 1.wma moved successfully.
D:\Music\02 Track 2.wma moved successfully.
D:\Music\03 Track 3.wma moved successfully.
D:\Music\06 Track 6.wma moved successfully.
D:\Music\07 Track 7.wma moved successfully.
[Custom Input]
< purity >

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03262008_103240


Step 2 done

but in step 3 i got this
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

and this 0 bytes size received / Se ha recibido un archivo vacio



No difference in my machine icons still dont exist :)
  • 0

#13
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the scans did not pick up what i thought they might, so lets go down another route.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

andrewuk
  • 0

#14
viper151

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
ComboFix 08-03-25.4 - viper151 2008-03-27 11:15:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1033.18.540 [GMT 2:00]
Running from: C:\Documents and Settings\viper151\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\pack.epk
C:\windows\system32\crack.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-26 10:32 . 2008-03-26 10:32 <DIR> d-------- C:\_OTMoveIt
2008-03-20 09:11 . 2008-03-20 09:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-20 09:11 . 2008-03-20 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-20 08:50 . 2008-03-20 08:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-20 08:50 . 2008-03-20 08:50 <DIR> d-------- C:\Documents and Settings\viper151\Application Data\Malwarebytes
2008-03-20 08:50 . 2008-03-20 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-19 23:29 . 2008-03-19 23:29 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-19 23:05 . 2008-03-19 23:05 104 --a------ C:\WINDOWS\WebUpdateSvc.INI
2008-03-19 23:04 . 2008-03-19 23:05 <DIR> d-------- C:\Program Files\Workspace Macro Pro 6.5
2008-03-19 18:16 . 2008-03-19 18:16 <DIR> d-------- C:\WINDOWS\Macro Scheduler Std
2008-03-19 18:16 . 2008-03-19 18:28 <DIR> d-------- C:\Program Files\Macro Scheduler
2008-03-19 17:32 . 2008-03-19 18:34 <DIR> d-------- C:\Program Files\Counter-Strike
2008-03-19 12:41 . 2008-03-19 12:41 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-03-19 12:40 . 2008-03-19 12:41 <DIR> d-------- C:\Program Files\AutoGK
2008-03-19 12:34 . 2008-03-19 12:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-19 11:20 . 2008-03-19 11:48 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-03-19 11:20 . 2008-03-19 11:20 <DIR> d-------- C:\Documents and Settings\viper151\Application Data\URSoft
2008-03-19 10:15 . 2008-03-19 10:15 <DIR> d-------- C:\Deckard
2008-03-18 23:11 . 2008-03-19 14:19 <DIR> d-------- C:\Counter-Strike 1.6 V32
2008-03-18 15:17 . 2008-03-18 15:17 <DIR> d-------- C:\Program Files\Unity
2008-03-17 23:09 . 2008-03-17 23:09 <DIR> d-------- C:\Program Files\VideoReDoPlus
2008-03-17 23:09 . 2008-03-20 00:25 <DIR> d-------- C:\Documents and Settings\viper151\Application Data\VideoReDoPlus
2008-03-17 20:08 . 2008-03-17 20:09 <DIR> d-------- C:\Program Files\Hamachi
2008-03-13 23:40 . 2008-03-13 23:40 <DIR> d-------- C:\Fall Out Boy
2008-03-13 21:25 . 2008-03-26 01:36 130 --a------ C:\WINDOWS\EurekaLog.ini
2008-03-13 20:13 . 2008-03-13 20:13 <DIR> d-------- C:\Program Files\TechniSat DVB
2008-03-07 08:13 . 2008-03-07 08:13 <DIR> d-------- C:\Documents and Settings\viper151\Application Data\AD ON Multimedia
2008-03-06 22:06 . 2008-03-06 22:06 <DIR> d-------- C:\WINDOWS\uninstall\Satellite TV for PC Elite
2008-03-06 22:06 . 2008-03-06 22:06 <DIR> d-------- C:\WINDOWS\uninstall
2008-03-06 00:53 . 2008-03-06 00:53 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-03-06 00:53 . 2008-03-06 00:53 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-03-06 00:41 . 2008-03-06 00:41 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-05 18:04 . 2008-03-05 18:04 <DIR> d-------- C:\Program Files\Mixesoft
2008-03-05 18:04 . 2008-03-05 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft
2008-03-04 15:23 . 2008-03-04 15:23 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 18:17 . 2008-03-20 01:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 21:22 --------- d-----w C:\Documents and Settings\viper151\Application Data\uTorrent
2008-03-25 21:21 --------- d-----w C:\Documents and Settings\viper151\Application Data\Hamachi
2008-03-19 19:56 --------- d-----w C:\Program Files\Warcraft III
2008-03-19 10:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-19 10:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 10:31 --------- d-----w C:\Program Files\KONAMI
2008-03-19 10:30 --------- d-----w C:\Program Files\Symantec
2008-03-19 10:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-19 10:17 --------- d-----w C:\Program Files\DivX
2008-03-17 18:08 25,280 ----a-w C:\windows\system32\drivers\hamachi.sys
2008-03-13 19:17 --------- d-----w C:\Program Files\DVBViewerTE
2008-03-07 06:13 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-03-06 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 19:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-19 19:38 --------- d-----w C:\Program Files\Electronic Arts
2008-02-18 17:13 --------- d-----w C:\Documents and Settings\viper151\Application Data\Vso
2008-02-14 20:11 --------- d-----w C:\Documents and Settings\viper151\Application Data\Leadertech
2008-02-12 17:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-11 21:25 --------- d-----w C:\Documents and Settings\viper151\Application Data\skypePM
2008-02-11 21:25 --------- d-----w C:\Documents and Settings\viper151\Application Data\Skype
2008-02-11 06:28 --------- d-----w C:\Program Files\Hasbro Interactive
2008-02-04 10:59 --------- d-----w C:\Program Files\ESET
2008-02-04 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-02-02 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-02 13:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 13:18 --------- d-----w C:\Program Files\Bonjour
2008-02-02 13:06 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-30 13:13 --------- d-----w C:\Documents and Settings\viper151\Application Data\Notepad++
2008-01-30 13:12 --------- d-----w C:\Program Files\Notepad++
2008-01-30 09:40 --------- d-----w C:\Program Files\Screamer Radio
2008-01-30 09:35 --------- d-----w C:\Documents and Settings\viper151\Application Data\streamripper
2008-01-30 09:34 --------- d-----w C:\Program Files\Streamripper
2008-01-29 20:22 --------- d-----w C:\Documents and Settings\viper151\Application Data\XTrackCad
2008-01-29 00:53 612,864 ----a-w C:\windows\system32\x264vfw.dll
2008-01-28 21:56 --------- d-----w C:\Program Files\Womble Multimedia
2008-01-28 18:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-28 18:25 --------- d-----w C:\Program Files\Skype
2008-01-28 18:25 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-28 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-22 17:00 103,736 ----a-w C:\windows\system32\PnkBstrB.exe
2008-01-10 11:16 159,839 ----a-w C:\windows\system32\xvidvfw.dll
2008-01-10 11:15 755,027 ----a-w C:\windows\system32\xvidcore.dll
2008-01-06 18:48 66,872 ----a-w C:\windows\system32\PnkBstrA.exe
2008-01-06 16:33 22,328 ----a-w C:\Documents and Settings\viper151\Application Data\PnkBstrK.sys
2007-04-20 18:38 87,608 ----a-w C:\Documents and Settings\viper151\Application Data\ezpinst.exe
2007-04-20 18:38 47,360 ----a-w C:\Documents and Settings\viper151\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sh--r C:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2008-02-04 12:25 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-06-06 16:52 151552]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"CnxDslTaskBar"="C:\Program Files\Crypto SA\AccessRunner ADSL USB\CnxDslTb.exe" [2004-06-16 13:55 233472]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-04-18 12:37:34 131072]
Run VNC Server.lnk - C:\Program Files\RealVNC\VNC4\winvnc4.exe [2007-12-05 01:00:16 914808]
Workspace Macro Pro Hotkeys.lnk - C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe [2007-03-04 20:40:06 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 10:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2006-02-14 11:00 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"WinVNC4"=2 (0x2)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"StarWindService"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"OpenVPNService"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NOD32krn"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"IviRegMgr"=2 (0x2)
"IDriverT"=3 (0x3)
"awhost32"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\RealVNC\\VNCTool\\vnctool.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe"=
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"=
"D:\\Games\\C&C3\\RetailExe\\1.0\\cnc3game.dat"=
"D:\\Games\\C&C3\\RetailExe\\1.9\\cnc3game.dat"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\dvbdream\\dvbdream.exe"=
"C:\\Program Files\\Counter-Strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Cinemsup;Cinemsup;C:\windows\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R1 epfwtdir;epfwtdir;C:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 BT848;CRYPTO WDM Video Capture;C:\windows\system32\drivers\BT848.sys [2001-11-06 08:20]
R2 BTTUNER;CRYPTO WDM TvTuner;C:\windows\system32\drivers\BTTUNER.sys [2001-03-07 12:30]
R2 BTXBAR;CRYPTO WDM Crossbar;C:\windows\system32\drivers\BTXBAR.sys [1999-07-21 11:28]
R3 CnxEtP;Crypto F200 USB ADSL Adapter Filter Driver;C:\windows\system32\DRIVERS\CnxEtP.sys [2004-06-16 13:51]
R3 CnxEtU;Crypto F200 USB ADSL Interface Device Driver;C:\windows\system32\DRIVERS\CnxEtU.sys [2004-06-16 13:51]
R3 CnxTgNW;Crypto F200 USB ADSL WAN PPPoA Adapter Driver;C:\windows\system32\DRIVERS\CnxTgNW.sys [2004-06-16 13:51]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\windows\system32\DRIVERS\SkyNET.SYS [2006-03-14 03:22]
R3 tap0801;TAP-Win32 Adapter V8;C:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 14:37]
S1 SysTool;SysTool Overclocking Utility;C:\windows\system32\DRIVERS\SysTool.sys [2006-11-10 15:08]
S3 obm;obm;C:\Temp-torrents\obm.sys []
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7bf5d9b-ec5e-11db-8be6-806d6172696f}]
\Shell\AutoRun\command - E:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F5C04010-CF65-FE00-B534-C14F6F8C0001}]
C:\windows\system32\Win32dll.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 15:15:00 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-26 23:09:18 C:\windows\Tasks\DVBDream Weekly 20080314_024629.job"
- C:\dvbdream\dvbdream.exe
"2008-03-24 19:22:46 C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 11:18:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-27 11:18:38
ComboFix-quarantined-files.txt 2008-03-27 09:18:29
.
2007-07-29 13:47:08 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:23 μμ, on 27/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
C:\Program Files\No-IP\DUC20.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wscntfy.exe
C:\windows\explorer.exe
C:\Program Files\RealVNC\VNC4\vncclipboard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Temp-torrents\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webba.bma.upatras.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto SA\AccessRunner ADSL USB\CnxDslTb.exe" "Crypto SA\AccessRunner ADSL USB"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AccessRunner DSL.lnk = ?
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Run VNC Server.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe
O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{711B1E2D-8BE9-430F-8A46-77B69BA7D6B9}: NameServer = 194.219.227.1 193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O24 - Desktop Component 1: (no name) - http://www.greek-tracker.com/browse

--
End of file - 7211 bytes
  • 0

#15
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post i want to move your hijackthis program to a folder and clear some items, and again try and scan that file another way

====STEP 1====
You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.


====STEP 2====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O8 - Extra context menu item: E&?a???? st? Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ?p?st??? st? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: ?&p?st??? st? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Temp-torrents\obm.sys

Driver::
obm

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7bf5d9b-ec5e-11db-8be6-806d6172696f}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


====STEP 3====
Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\windows\system32\Win32dll.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File



In your enxt reply could i see:
1. the combofix log
2. the hijackthis log
3. let me know that you uploaded that file

there will be a lot of information to post in the next reply, therefore you may need to post the information over more than one reply to ensure it is all posted.

andrewuk
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP