Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mrofinu100186 and DIL.tmp will not LEAVE!

Started by INNEEDOFHELPPLEASE , Apr 05 2008 07:29 AM

  • This topic is locked This topic is locked

#16
harrythook
Posted 06 April 2008 - 11:56 AM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Download RootAlyzer to your desktop.
  • Unzip it to a folder on your desktop, close all windows, and run RootAlyzer.exe
  • Click Ok to the two prompts and let the program run it's Quick Scan automatically, this should only take a few seconds
  • Click the Deep Scan tab, check all the boxes and click Ok. Let the scan run un-interrupted, it will take a few minutes.
  • When it is finished scanning, a Log tab will appear at the top, click that. Highlight all the text, right-click on it and press Copy.
  • Paste that information back here by pressing Ctrl + V, or right-click and press Paste. Also mention if you had any problems.

Lets see if you can download these.

H
  • 0

Advertisements

#17
INNEEDOFHELPPLEASE
Posted 06 April 2008 - 12:04 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 895.36 MiB / 309.57 MiB
Pagefile Memory (total/avail): 2165.65 MiB / 1717.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.95 MiB

C: is Fixed (NTFS) - 182.23 GiB total, 60.25 GiB free.
D: is Fixed (FAT32) - 4.06 GiB total, 2.38 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - HDT722520DLAT80 - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 182.23 GiB - C:
\PARTITION1 - Unknown - 4.07 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: v (McAfee) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-3148D5A58A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-3148D5A58A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-3148D5A58A
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

'Full Speed' Internet Booster + Performance Tests --> "C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests\uninstall.exe" "/U:C:\Program Files\'Full Speed' Internet Booster + Performance Tests\Uninstall\uninstall.xml"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Ares 1.9.0 --> "C:\Program Files\Ares\uninstall.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
Canon iP1600 --> C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Day of Defeat: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/300
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DeathAdder™ Mouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\setup.exe"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Free Video to Mp3 Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
GoldWave v5.12 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.12" "C:\Program Files\GoldWave\unstall.log"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\Owner\Application Data\IJJIGame\uninst.exe
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEC511B1-59CB-4F15-AD75-0543034572A5}\Setup.exe"
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E1A2759-42C4-4629-B535-11BDA56C190D}\setup.exe" -l0x9 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Paint.NET v3.07 --> MsiExec.exe /X{97B27D16-69D4-409C-B6B3-AA8FA52CCC3E}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB898458) -->
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trend Micro Antivirus --> MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1925 / Error
Event Submitted/Written: 04/06/2008 00:18:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application 17PHolmes1001186.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x014301c7.
Processing media-specific event for [17PHolmes1001186.exe!ws!]

Event Record #/Type1916 / Error
Event Submitted/Written: 04/05/2008 09:08:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module firefox.exe, version 1.8.20080.31114, fault address 0x00192946.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1914 / Error
Event Submitted/Written: 04/05/2008 02:53:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011f6c.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1913 / Error
Event Submitted/Written: 04/05/2008 02:38:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module firefox.exe, version 1.8.20080.31114, fault address 0x00020422.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1902 / Error
Event Submitted/Written: 04/05/2008 07:47:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type22514 / Error
Event Submitted/Written: 04/06/2008 00:49:37 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Event Record #/Type22495 / Error
Event Submitted/Written: 04/06/2008 00:17:48 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Event Record #/Type22477 / Error
Event Submitted/Written: 04/06/2008 11:53:34 AM
Event ID/Source: 12 / PlugPlayManager
Event Description:
The device 'RAS Async Adapter' (SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac) disappeared from the system without first being prepared for removal.

Event Record #/Type22474 / Error
Event Submitted/Written: 04/06/2008 11:20:37 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Event Record #/Type22453 / Error
Event Submitted/Written: 04/06/2008 11:04:13 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-04-06 14:02:22 ------------

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-06 13:59:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-04-06 17:59:18 UTC - RP646 - Deckard's System Scanner Restore Point
68: 2008-04-05 19:01:14 UTC - RP645 - Installed Ad-Aware 2007
67: 2008-04-05 15:12:54 UTC - RP644 - Restore Operation
66: 2008-04-05 04:40:25 UTC - RP643 - System Checkpoint
65: 2008-04-04 03:55:14 UTC - RP642 - System Checkpoint


-- First Restore Point --
1: 2008-03-06 13:06:06 UTC - RP578 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:58 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...DTP&M=T6532
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...DTP&M=T6532
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T6532
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...DTP&M=T6532
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe"
O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL11.tmp
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload....Plugin11USA.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bol...geUploader3.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload....Plugin10USA.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5883 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080405-095934-120 O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe"
backup-20080405-095934-975 O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL19.tmp
backup-20080406-104219-259 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080406-105500-154 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20080406-105500-424 O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL10.tmp

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - c:\windows\system32\drivers\ssfs0509.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro TDI Driver>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft; Ad-Aware 2007 Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\antivirus\tmntsrv.exe" <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\antivirus\tmproxy.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 11:20:43 50688 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-04-06 11:06:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-06 11:05:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-06 11:05:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 10:57:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-05 15:01:16 0 d-------- C:\Program Files\Lavasoft
2008-04-05 15:01:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-05 11:18:26 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-04-02 22:56:15 22020096 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-03-30 18:12:05 0 d-------- C:\Program Files\Audacity
2008-03-29 07:09:35 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-03-29 07:09:04 0 d-------- C:\Program Files\MSECACHE
2008-03-28 22:14:21 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-28 22:05:31 0 d-------- C:\678586b3954c511ae87d04ecc2f9ddc3
2008-03-28 22:05:28 0 d-------- C:\Program Files\MSXML 6.0
2008-03-22 11:47:19 0 d-------- C:\wally
2008-03-22 10:58:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-21 16:29:14 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-21 11:05:25 0 d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-21 11:05:23 0 d-------- C:\Program Files\DVDVideoSoft
2008-03-21 10:50:59 0 d-------- C:\WINDOWS\nview
2008-03-21 10:50:59 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-21 10:38:32 0 d-------- C:\NVIDIA
2008-03-20 19:36:19 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-20 19:36:11 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-03-20 19:36:10 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-03-20 19:36:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-03-20 19:36:09 160289 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-03-20 18:27:56 0 d-------- C:\ATI
2008-03-20 16:17:28 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-20 16:11:27 0 d-------- C:\Program Files\ATI Technologies
2008-03-10 18:44:44 0 d-------- C:\Program Files\Common Files\BitDefender
2008-03-07 11:04:03 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-03-07 10:57:45 0 d-------- C:\Program Files\Common Files\ATI Technologies(2)
2008-03-07 10:13:42 552 --a------ C:\WINDOWS\system32\d3d8caps.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-06 12:58:46 0 d-------- C:\Program Files\QuickTime
2008-04-06 12:57:35 0 d-------- C:\Program Files\GoldWave
2008-04-06 12:48:59 0 d-------- C:\Program Files\Steam
2008-04-05 15:00:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 11:19:57 0 d-------- C:\Program Files\Bonjour
2008-04-05 09:28:28 0 d-------- C:\Program Files\Trend Micro
2008-04-04 17:46:45 0 d-------- C:\Program Files\Microsoft Works
2008-03-28 22:30:00 0 d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2008-03-26 12:13:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-22 11:08:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-22 10:58:21 0 d-------- C:\Program Files\Common Files
2008-03-22 10:35:29 0 d-------- C:\Program Files\CCleaner
2008-03-21 16:29:15 0 d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-03-21 10:58:44 0 d-------- C:\Program Files\Wizet 2
2008-03-21 10:58:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 10:38:34 0 d-------- C:\Program Files\Driver Cleaner Pro
2008-03-14 19:56:03 3254 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-02-25 23:10:53 299520 --a------ C:\WINDOWS\system32\ati2dvag(3).dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-02-25 23:10:53 299520 --a------ C:\WINDOWS\system32\ati2dvag(2).dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-02-25 23:02:15 172032 --a------ C:\WINDOWS\system32\atipdlxx(3).dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-02-25 23:02:15 172032 --a------ C:\WINDOWS\system32\atipdlxx(2).dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-02-25 23:01:44 43520 --a------ C:\WINDOWS\system32\ati2edxx(3).dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-02-25 23:01:44 43520 --a------ C:\WINDOWS\system32\ati2edxx(2).dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-02-25 23:01:31 126976 --a------ C:\WINDOWS\system32\ati2evxx(4).dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-02-25 23:00:02 598016 --a------ C:\WINDOWS\system32\ati2evxx(3).exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-02-25 23:00:02 532480 --a------ C:\WINDOWS\system32\ati2evxx(2).exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-02-25 22:49:29 3176480 --a------ C:\WINDOWS\system32\ati3duag(3).dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-02-25 22:49:29 3176480 --a------ C:\WINDOWS\system32\ati3duag(2).dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-02-25 22:41:47 1755264 --a------ C:\WINDOWS\system32\ativvaxx(3).dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-02-25 22:41:47 1755264 --a------ C:\WINDOWS\system32\ativvaxx(2).dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-02-25 22:25:32 393216 --a------ C:\WINDOWS\system32\atikvmag(3).dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-02-25 22:25:32 393216 --a------ C:\WINDOWS\system32\atikvmag(2).dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-02-25 22:19:20 167936 --a------ C:\WINDOWS\system32\atiok3x2(3).dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-02-25 22:19:20 167936 --a------ C:\WINDOWS\system32\atiok3x2(2).dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-02-25 22:16:49 520192 --a------ C:\WINDOWS\system32\ati2cqag(3).dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-02-25 22:16:49 520192 --a------ C:\WINDOWS\system32\ati2cqag(2).dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-02-23 15:29:02 0 d-------- C:\Documents and Settings\Owner\Application Data\ChemTable Software
2008-02-23 14:45:14 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-02-23 14:28:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-17 17:30:17 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-02-09 19:03:39 0 d-------- C:\Program Files\OGPlanet


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [12/06/2006 11:30 PM]
"AutoInclude"="C:\WINDOWS\TEMP\DIL11.tmp" []
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [04/06/2008 12:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [03/28/2008 07:00 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoInclude]
C:\WINDOWS\TEMP\DIL12.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0.exe]
"C:\aidualc3\c0.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCClient.exe]
"C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TM Outbreak Agent]
"C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"NVSvc"=2 (0x2)
"PrismXL"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{193a5fab-ffee-11da-b622-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283b87f1-92d3-11da-9815-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb7fa335-3a79-11d7-93b8-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com


-- End of Deckard's System Scanner: finished at 2008-04-06 14:02:22 ------------
  • 0

#18
harrythook
Posted 06 April 2008 - 12:52 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
You will need to do this for both of the following links, one at a time.

EXEFIX


REGFIX

  • Click on the link
  • click on open
  • click on open
  • click on extract
  • follow the prompts to save
  • when you get to the final box that shows the Reg icon, click on it
  • allow it to merge

Do that for both, then let me know it worked properly

H
  • 0

#19
INNEEDOFHELPPLEASE
Posted 06 April 2008 - 12:56 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Yes they both entered in properly
  • 0

#20
harrythook
Posted 06 April 2008 - 01:01 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Back to OTMoveit, use this script.
[kill explorer]
YN -> 17pholmes1001186.exe -> %SystemRoot%\17PHolmes1001186.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> AutoInclude -> %SystemRoot%\Temp\DIL11.tmp [C:\WINDOWS\TEMP\DIL11.tmp]
YY -> runner1 -> %SystemRoot%\mrofinu1001186.exe [C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310]
[Files/Folders - Created Within 30 days]
NY -> 678586b3954c511ae87d04ecc2f9ddc3 -> %SystemDrive%\678586b3954c511ae87d04ecc2f9ddc3
NY -> mrofinu1001186.exe -> %SystemRoot%\mrofinu1001186.exe
[Files/Folders - Modified Within 30 days]
NY -> 678586b3954c511ae87d04ecc2f9ddc3 -> %SystemDrive%\678586b3954c511ae87d04ecc2f9ddc3
NY -> mrofinu1001186.exe -> %SystemRoot%\mrofinu1001186.exe
[start explorer]

lets see if it works now.

H
  • 0

#21
harrythook
Posted 06 April 2008 - 01:27 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey INNEEDOFHELPPLEASE

Back to OTMoveit, use this script.

I made a mistake there, and have been chasing my tail because of it. I used the wrong saved speech and sent us off in the wrong direction.
I apoligize, my bad :)

Lets try it the right way:
Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


[kill explorer]
YN -> 17pholmes1001186.exe -> %SystemRoot%\17PHolmes1001186.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> AutoInclude -> %SystemRoot%\Temp\DIL11.tmp [C:\WINDOWS\TEMP\DIL11.tmp]
YY -> runner1 -> %SystemRoot%\mrofinu1001186.exe [C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310]
[Files/Folders - Created Within 30 days]
NY -> 678586b3954c511ae87d04ecc2f9ddc3 -> %SystemDrive%\678586b3954c511ae87d04ecc2f9ddc3
NY -> mrofinu1001186.exe -> %SystemRoot%\mrofinu1001186.exe
[Files/Folders - Modified Within 30 days]
NY -> 678586b3954c511ae87d04ecc2f9ddc3 -> %SystemDrive%\678586b3954c511ae87d04ecc2f9ddc3
NY -> mrofinu1001186.exe -> %SystemRoot%\mrofinu1001186.exe
[start explorer]



The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Note we are using the CORRECT tool this time.

Harry
  • 0

#22
INNEEDOFHELPPLEASE
Posted 06 April 2008 - 01:41 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AutoInclude deleted successfully.
File C:\WINDOWS\Temp\DIL11.tmp not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 deleted successfully.
C:\WINDOWS\mrofinu1001186.exe moved successfully.
[Files/Folders - Created Within 30 days]
C:\678586b3954c511ae87d04ecc2f9ddc3 folder moved successfully.
File C:\WINDOWS\mrofinu1001186.exe not found!
[Files/Folders - Modified Within 30 days]
File C:\678586b3954c511ae87d04ecc2f9ddc3 not found!
File C:\WINDOWS\mrofinu1001186.exe not found!
< End of fix log >
OTScanIt by OldTimer - Version 1.0.9.0 fix logfile created on 04062008_154043
  • 0

#23
harrythook
Posted 06 April 2008 - 01:48 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Much better fresh HJT please
  • 0

#24
INNEEDOFHELPPLEASE
Posted 06 April 2008 - 01:49 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:49 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\mrofinu1001186.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...DTP&M=T6532
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...DTP&M=T6532
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T6532
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...DTP&M=T6532
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload....Plugin11USA.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bol...geUploader3.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload....Plugin10USA.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5653 bytes
  • 0

#25
harrythook
Posted 06 April 2008 - 01:59 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
I like that log a lot better, its amazing what happens when someone gives the right directions.
Once again, I am sorry for that.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Harry
  • 0

Advertisements

#26
INNEEDOFHELPPLEASE
Posted 06 April 2008 - 02:10 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
ComboFix 08-04-04.1 - Owner 2008-04-06 16:05:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.261 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 68911 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu1001186.exe.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:58 . 2008-04-06 13:58 <DIR> d-------- C:\Deckard
2008-04-06 11:55 . 2008-04-06 11:55 <DIR> d-------- C:\_OTMoveIt
2008-04-06 11:06 . 2008-04-06 11:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-06 11:05 . 2008-04-06 11:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-06 11:05 . 2008-04-06 11:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 10:57 . 2008-04-06 10:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 18:12 . 2008-03-30 18:12 <DIR> d-------- C:\Program Files\Audacity
2008-03-29 07:09 . 2008-03-29 07:09 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-29 07:09 . 2008-03-29 07:09 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-28 22:14 . 2008-03-28 22:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-28 22:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-26 12:02 . 2008-03-26 12:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 12:02 . 2008-03-26 12:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 11:47 . 2008-03-26 12:23 <DIR> d-------- C:\wally
2008-03-22 10:58 . 2008-03-22 10:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-22 10:31 . 2008-03-22 10:31 52,010 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-21 16:29 . 2008-03-21 16:29 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-03-21 11:25 . 2008-03-25 09:08 0 --a------ C:\WINDOWS\system32\NvApps.xml
2008-03-21 11:05 . 2008-03-21 11:05 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-03-21 11:05 . 2008-03-21 11:05 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-21 10:50 . 2008-03-21 10:50 <DIR> d-------- C:\WINDOWS\nview
2008-03-21 10:50 . 2008-03-21 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-21 10:38 . 2008-03-21 10:38 <DIR> d-------- C:\NVIDIA
2008-03-20 19:36 . 2007-12-20 22:35 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-03-20 19:36 . 2007-12-20 22:35 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-03-20 19:36 . 2007-12-20 22:35 887,724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-03-20 19:36 . 2007-11-27 15:34 160,289 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-03-20 19:36 . 2007-11-20 04:23 11,874 -ra------ C:\WINDOWS\atiogl.xml
2008-03-20 19:36 . 2007-08-31 10:20 7,167 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-03-20 19:36 . 2008-03-20 19:36 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-20 18:27 . 2008-03-20 18:27 <DIR> d-------- C:\ATI
2008-03-20 16:17 . 2008-03-07 10:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-20 16:11 . 2008-03-21 10:50 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-10 18:44 . 2008-03-21 11:04 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-07 11:04 . 2008-03-07 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-03-07 10:57 . 2008-03-21 10:26 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies(2)
2008-03-07 10:13 . 2008-03-07 10:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 19:22 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:21 --------- d-----w C:\Program Files\GoldWave
2008-04-06 19:14 --------- d-----w C:\Program Files\Steam
2008-04-05 19:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 15:19 --------- d-----w C:\Program Files\Bonjour
2008-04-05 13:28 --------- d-----w C:\Program Files\Trend Micro
2008-04-05 13:03 --------- d-----w C:\Program Files\Unlocker
2008-04-04 21:46 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 02:30 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-03-29 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-22 15:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-22 14:35 --------- d-----w C:\Program Files\CCleaner
2008-03-21 20:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-03-21 15:05 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-21 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 14:58 --------- d-----w C:\Program Files\Wizet 2
2008-03-21 14:38 --------- d-----w C:\Program Files\Driver Cleaner Pro
2008-03-14 23:56 3,254 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag(3).dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag(2).dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx(3).dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx(2).dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx(3).dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx(2).dll
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx(4).dll
2008-02-26 03:00 598,016 ----a-w C:\WINDOWS\system32\ati2evxx(3).exe
2008-02-26 03:00 532,480 ----a-w C:\WINDOWS\system32\ati2evxx(2).exe
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag(3).dll
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag(2).dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx(3).dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx(2).dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag(3).dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag(2).dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2(3).dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2(2).dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag(3).dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag(2).dll
2008-02-23 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-23 19:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\ChemTable Software
2008-02-23 18:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\PC Tools
2008-02-23 18:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-17 21:30 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-09 23:03 --------- d-----w C:\Program Files\OGPlanet
2007-11-10 13:00 80 --sh--r C:\WINDOWS\system32\845E730390.dll
.

------- Sigcheck -------

2007-06-13 06:23 1043968 5c251c5f757570c860def33f582c946e C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 15:00 1042944 e13874a27c095960b3ddfd6466423c2e C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 06:23 1043968 281b8881e2d2dff277ef1ca7c748544c C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 07:00 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 58880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2006-12-06 23:30 237568]
"AutoInclude"="C:\WINDOWS\TEMP\DIL4F.tmp" [2008-04-06 16:08 4096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 15:00 64512 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.FPS1"= frapsvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 212992 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoInclude]
C:\WINDOWS\TEMP\DIL12.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0.exe]
--a------ 2007-04-15 11:07 651264 C:\aidualc3\c0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-12-08 21:57 563200 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 15:00 58880 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 75264 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 21:07 138240 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 20:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 12:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 12:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1638400 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2004-02-17 18:51 962625 C:\Program Files\Trend Micro\Antivirus\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCClient.exe]
--a------ 2004-02-17 18:51 680005 C:\Program Files\Trend Micro\Antivirus\PCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 11:54 294912 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a------ 2005-08-27 09:09 151552 C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-22 13:36 14866944 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1001186.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2006-11-17 17:14 4850176 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-18 09:02 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TM Outbreak Agent]
--a------ 2004-02-17 18:50 303104 C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 13:19 26624 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"NVSvc"=2 (0x2)
"PrismXL"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 09:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283b87f1-92d3-11da-9815-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb7fa335-3a79-11d7-93b8-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 16:08:00
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 16:08:35
ComboFix-quarantined-files.txt 2008-04-06 20:08:20
Pre-Run: 64,470,106,112 bytes free
Post-Run: 64,446,197,760 bytes free
.
2008-03-29 10:49:29 --- E O F ---
  • 0

#27
harrythook
Posted 06 April 2008 - 02:18 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0

#28
INNEEDOFHELPPLEASE
Posted 06 April 2008 - 02:28 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I have Media Center, what should I choose Professional or Home Edition or another choice?
  • 0

#29
INNEEDOFHELPPLEASE
Posted 06 April 2008 - 02:54 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • 0

#30
harrythook
Posted 06 April 2008 - 02:56 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok, reboot.
Run combofix again and post that log and a fresh HJT


H
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP