Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows\nail.exe [RESOLVED]


  • This topic is locked This topic is locked

#1
loupa

loupa

    Member

  • Member
  • PipPip
  • 11 posts
I am new to "geeks to go" and need help removing a file on my PC called window\nail.exe. I am including a hijackthis log file. I also have downloaded the latest version of AVG, I have not installed it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:50 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\service32.exe
C:\WINDOWS\sysnet32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Luis\My Documents\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0E8BD50B-851C-5F1B-F6B8-0B35CE4DE0B7} - InpriseMon.dll (file missing)
R3 - URLSearchHook: (no name) - {6C9EE1EC-B477-656D-152A-2212B69D4463} - uio.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Internet Explorer Hot Fix - {CF5DE932-2294-45B3-8B5C-A2E8627250F5} - C:\WINDOWS\System32\sadvp.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O4 - HKUS\S-1-5-21-1390067357-1993962763-854245398-1007\..\Run: [NI.UERS_0001_NI57M1124] "C:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe" -nag (User 'Julie')
O4 - HKUS\S-1-5-21-1390067357-1993962763-854245398-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Julie')
O4 - HKUS\S-1-5-21-1390067357-1993962763-854245398-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Julie')
O4 - HKUS\S-1-5-21-1390067357-1993962763-854245398-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Julie')
O4 - HKUS\S-1-5-21-1390067357-1993962763-854245398-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Julie')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208120796749
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Filter hijack: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf4765.dll
O22 - SharedTaskScheduler: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O22 - SharedTaskScheduler: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - (no file)

--
End of file - 4869 bytes
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Hi, loupa :)

Welcome.
    • NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
  • Download FixIEDef.exe by ShadowPuterDude to the Desktop.
    Note: FixIEDef now supports Non-English Language Systems

  • Double-click FixIEDef.exe:
    Posted Image

  • That will open the About FixIEDef screen. Click OK to continue:
    Posted Image

  • Next, press the Scan! button:
    Posted Image

  • FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
    Posted Image

  • Wait for the scan to finish. It shouldn't take very long:

    Posted Image

    Posted Image

    • WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
  • After the !!! All Finished !!! message is displayed, click Exit:
    Posted Image

  • Post the FixIEDef log file, located on the Desktop.

    Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

See: http://www.beyondlog...processutil.htm

  • 0

#3
loupa

loupa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
********************************************************************************
* *
* FixIEDef Log *
* Version 1.3.14.3473 *
* *
********************************************************************************

Created at 22:11:45 on Monday, April 14, 2008

Time Zone : (GMT-05:00) Eastern Time (US & Canada)

Operating System : Microsoft Windows XP Professional
Service Pack Level: Service Pack 2
System Langauge : English
Processor : X86
Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\system32\favme.exe

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Hi, loupa :)

Posted ImageDownload Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.
If the files are too long, attach them to a reply:
  • Scroll down to the [Attachments]
  • Browse to the following folder:
    • C:\Deckard\System Scanner
  • Click Upload to upload these files one by one
  • Submit your reply

  • 0

#5
loupa

loupa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Deckard's System Scanner v20071014.68
Run by Luis on 2008-04-15 06:18:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-04-15 10:18:39 UTC - RP857 - Deckard's System Scanner Restore Point
66: 2008-04-15 00:20:15 UTC - RP856 - System Checkpoint
65: 2008-04-13 22:30:05 UTC - RP855 - Software Distribution Service 3.0
64: 2008-04-13 22:13:47 UTC - RP854 - Software Distribution Service 3.0
63: 2008-04-13 21:33:53 UTC - RP853 - Installed Windows XP Service Pack 2.


-- First Restore Point --
1: 2008-01-16 23:31:37 UTC - RP791 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Luis.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:50 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\service32.exe
C:\WINDOWS\sysnet32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Luis\Desktop\dss.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Luis\MYDOCU~1\HIJACK~1\Luis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0E8BD50B-851C-5F1B-F6B8-0B35CE4DE0B7} - InpriseMon.dll (file missing)
R3 - URLSearchHook: (no name) - {6C9EE1EC-B477-656D-152A-2212B69D4463} - uio.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Internet Explorer Hot Fix - {CF5DE932-2294-45B3-8B5C-A2E8627250F5} - C:\WINDOWS\System32\sadvp.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208120796749
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Filter hijack: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf4765.dll
O22 - SharedTaskScheduler: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O22 - SharedTaskScheduler: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - (no file)

--
End of file - 3900 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 atimtag - c:\windows\system32\drivers\atimtag.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
S3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: ATI RADEON VE DDR
Device ID: PCI\VEN_1002&DEV_5159&SUBSYS_053A1002&REV_00\4&9AEDED5&0&0008
Manufacturer: ATI Technologies Inc.
Name: ATI RADEON VE DDR
PNP Device ID: PCI\VEN_1002&DEV_5159&SUBSYS_053A1002&REV_00\4&9AEDED5&0&0008
Service: atimtag


-- Scheduled Tasks -------------------------------------------------------------

2008-04-08 10:25:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-14 15:23:13 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Application Data\Mozilla
2008-04-14 14:35:51 0 d-------- C:\WINDOWS\Mozilla
2008-04-14 07:20:54 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Application Data\Identities
2008-04-14 07:20:37 0 dr------- C:\Documents and Settings\Ana.GATEWAY\Favorites
2008-04-14 07:20:37 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Desktop
2008-04-14 07:20:37 0 d--hs---- C:\Documents and Settings\Ana.GATEWAY\Cookies
2008-04-14 07:20:37 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\Application Data
2008-04-14 07:20:37 0 d---s---- C:\Documents and Settings\Ana.GATEWAY\Application Data\Microsoft
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\Templates
2008-04-14 07:20:36 0 dr------- C:\Documents and Settings\Ana.GATEWAY\Start Menu
2008-04-14 07:20:36 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\SendTo
2008-04-14 07:20:36 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\Recent
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\PrintHood
2008-04-14 07:20:36 786432 --ah----- C:\Documents and Settings\Ana.GATEWAY\NTUSER.DAT
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\NetHood
2008-04-14 07:20:36 0 dr------- C:\Documents and Settings\Ana.GATEWAY\My Documents
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\Local Settings
2008-04-14 07:07:44 0 d-------- C:\Documents and Settings\Noelle\Application Data\Mozilla
2008-04-13 19:45:38 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-13 19:29:31 0 d-------- C:\Program Files\Bonjour
2008-04-13 19:08:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-13 18:13:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-13 18:07:39 0 d-------- C:\WINDOWS\Prefetch
2008-04-13 17:39:00 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-13 17:33:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-13 17:07:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-13 16:27:08 0 d-------- C:\Program Files\PowerISO
2008-04-13 16:26:20 0 d-------- C:\Documents and Settings\Luis\Application Data\WinRAR
2008-04-13 16:13:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-13 15:59:42 0 d-------- C:\Program Files\uTorrent
2008-04-13 15:59:40 0 d-------- C:\Documents and Settings\Luis\Application Data\uTorrent
2008-04-13 15:51:06 2098 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-13 15:50:47 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 15:50:47 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-13 15:50:47 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-13 15:50:47 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-13 15:47:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-13 15:47:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-13 15:47:36 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-30 15:46:27 0 d-------- C:\Documents and Settings\Zen\Application Data\Sun
2008-03-19 12:23:16 0 d---s---- C:\Documents and Settings\Zen\UserData
2008-03-18 18:23:03 0 d-------- C:\Documents and Settings\Justice\Application Data\Real
2008-03-16 11:58:27 0 d-------- C:\Program Files\Canon
2008-03-16 11:55:10 0 d-------- C:\Program Files\Common Files\Canon
2008-03-16 11:46:21 146944 --a------ C:\WINDOWS\system32\ptpusd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-04-15 06:14:27 5120 --a------ C:\WINDOWS\svchost.dll
2008-04-13 23:10:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 22:53:28 0 d-------- C:\Program Files\Common Files
2008-04-13 20:16:38 0 d-------- C:\Documents and Settings\Luis\Application Data\Adobe
2008-04-13 19:29:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 17:38:38 0 dr------- C:\Program Files\Movie Maker
2008-04-13 17:38:20 0 d-------- C:\Program Files\Windows NT
2008-04-13 17:07:18 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-13 16:13:11 0 d-------- C:\Documents and Settings\Luis\Application Data\Mozilla
2008-04-13 14:43:14 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-04-13 14:42:14 0 d-------- C:\Program Files\McAfee.com
2008-04-02 19:50:39 0 d-------- C:\Program Files\Real
2008-03-16 12:07:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-10 10:05:23 0 d-------- C:\Program Files\MyWebSearch
2008-03-10 10:05:23 0 d-------- C:\Program Files\Google
2008-03-09 23:58:21 0 d-------- C:\Program Files\eMusic Remote
2008-03-09 23:39:21 0 d-------- C:\Program Files\Quicken
2008-03-09 23:33:59 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-29 16:54:44 0 d-------- C:\Program Files\kodak
2008-02-17 00:31:48 0 d-------- C:\Documents and Settings\Luis\Application Data\Intuit
2008-02-16 19:36:13 0 d-------- C:\Documents and Settings\Luis\Application Data\CyberLink
2008-02-16 19:30:19 0 d-------- C:\Program Files\CyberLink
2008-02-16 19:27:25 0 d-------- C:\Program Files\InterActual


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF5DE932-2294-45B3-8B5C-A2E8627250F5}]
C:\WINDOWS\System32\sadvp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 08:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"4F27V1D89M"=C:\WINDOWS\service32.exe
"Service"=C:\WINDOWS\sysnet32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinAccestor.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinAccestor.exe
backup=C:\WINDOWS\pss\WinAccestor.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Luis^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Luis\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abrek]
barint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceSD]
NopeZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barint]
backorif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst]
C:\WINDOWS\dinst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbwr.exe]
C:\WINDOWS\System32\dmbwr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERTYDF]
stuffmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gdwp]
C:\WINDOWS\System32\n?svc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iehelper]
cnftips.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kargo]
Brong32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc]
C:\WINDOWS\System32\msedpb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
"C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UERS_0001_NI57M1124]
"C:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NukeSpan]
trycrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prcmon]
Trayz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TemplateDongle]
JAguAr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TorontoMail]
powerdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trycrt]
bingo9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uint32]
InpriseMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnSpyPC]
"C:\Program Files\UnSpyPC\UnSpyPC.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-04-15 06:22:35 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ Processor
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 639.42 MiB / 446.98 MiB
Pagefile Memory (total/avail): 1564.69 MiB / 1443.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.96 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.28 GiB total, 8.77 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - QUANTUM FIREBALLP AS40.0 - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.28 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Luis\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GATEWAY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Luis
LOGONSERVER=\\GATEWAY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS;C:\WINDOWS\COMMAND
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 4, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Luis\LOCALS~1\Temp
TMP=C:\DOCUME~1\Luis\LOCALS~1\Temp
USERDOMAIN=GATEWAY
USERNAME=Luis
USERPROFILE=C:\Documents and Settings\Luis
winbootdir=C:\WINDOWS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Luis (admin)
ana (admin)
Justice & Noelle
Julie (admin)
Julie.GATEWAY (admin)
Noelle
Justice
Zen
Ana.GATEWAY
Administrator.GATEWAY (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,[email protected]
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\Setup.exe" -l0x9
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window DSLR 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon EOS Kiss_N REBEL_XT 350D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX (E) --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
HijackThis 2.0.2 --> "C:\Documents and Settings\Luis\My Documents\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Lexmark 4200 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
Lexmark 4200 Series Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Express 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Entertainment Download Troubleshooter --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnediag.inf,Uninstall
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
OLYMPUS CAMEDIA Master 2.01 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OLYMPUS\CAMEDIA Master\Uninst.isu"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3415 / Error
Event Submitted/Written: 04/13/2008 11:00:47 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
errorInitialization of the COM subsystem failed. Error code: 0x80080005

Event Record #/Type3218 / Error
Event Submitted/Written: 04/13/2008 08:04:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bridge.exe, version 2.0.0.975, faulting module bridge.exe, version 2.0.0.975, fault address 0x0007e565.
Processing media-specific event for [bridge.exe!ws!]

Event Record #/Type3217 / Error
Event Submitted/Written: 04/13/2008 07:47:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bridge.exe, version 2.0.0.975, faulting module bridge.exe, version 2.0.0.975, fault address 0x0007e565.
Processing media-specific event for [bridge.exe!ws!]

Event Record #/Type3183 / Warning
Event Submitted/Written: 04/13/2008 06:10:35 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type3182 / Warning
Event Submitted/Written: 04/13/2008 06:10:35 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type46831 / Error
Event Submitted/Written: 04/15/2008 06:15:40 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error:
%%1058

Event Record #/Type46819 / Warning
Event Submitted/Written: 04/14/2008 10:32:43 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type46818 / Warning
Event Submitted/Written: 04/14/2008 09:38:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type46817 / Warning
Event Submitted/Written: 04/14/2008 09:10:44 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type46816 / Warning
Event Submitted/Written: 04/14/2008 08:57:02 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-04-15 06:22:35 ------------
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Hi, loupa :)

Please print these instructions for reference, as you will have to restart your computer during the fix.

RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop. Once downloaded, RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)

Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Please download FixWareout from Here or Here.

Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.
  • Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin; follow the prompts.
  • If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
  • You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  • Once the desktop loads a text file will open (report.txt).
    Please post the C:\fixwareout\report.txt ) into this topic.
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Filter hijack: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf4765.dll
O22 - SharedTaskScheduler: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O22 - SharedTaskScheduler: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - (no file)



Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]C:\WINDOWS\svchost.dllC:\WINDOWS\service32.exeC:\WINDOWS\sysnet32.exeC:\WINDOWS\System32\n?svc32.exe /uC:\WINDOWS\System32\barint.exeC:\WINDOWS\System32\NopeZ.exeC:\WINDOWS\System32\backorif.exeC:\WINDOWS\System32\stuffmon.exeC:\WINDOWS\dinst.exeC:\WINDOWS\System32\dmbwr.exeC:\WINDOWS\mf4765.dllPurityHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF5DE932-2294-45B3-8B5C-A2E8627250F5}HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\4F27V1D89MHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\ServiceHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abrekHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceSDHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barintHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DinstHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbwr.exeHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERTYDFHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gdwp[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re-Scan with DSS and post a fresh Main.txt.

  • 0

#7
loupa

loupa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Username "Luis" - 04/15/2008 16:11:53 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=dword:00000000
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "pgtshlld" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "nidnsdr" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "cvvsic" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "pvdas" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "rsjch" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "rtcdaol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "8" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "9" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "10" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "11" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "12" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "13" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "14" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "15" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "16" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "17" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "18" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "19" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "20" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "21" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "22" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "24" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "25" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "26" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "27" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "28" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "29" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "30" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "31" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "33" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "34" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "35" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "36" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "37" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "38" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "39" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "40" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "41" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "42" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "43" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "44" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23rtcdool" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23naelch" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23rtcdaol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "rwbmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "50" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "51" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "52" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "53" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "54" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "55" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "56" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "57" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "58" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "59" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "60" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "61" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "62" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "63" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "64" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "65" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "66" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "67" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "1dedoc" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "llams_ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "domdnb" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "orcimlh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23tsniow" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "73" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "74" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "75" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "76" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "77" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "78" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "79" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "80" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "81" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "82" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "83" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "84" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "85" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "86" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "87" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "88" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "89" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "90" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "91" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "92" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "93" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "94" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "95" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "96" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "97" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "98" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "99" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "100" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "101" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "102" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "103" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "104" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "105" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "106" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "107" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "108" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "109" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "110" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "111" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "112" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "113" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "114" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "115" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "116" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "117" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "118" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "119" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "120" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "121" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "122" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "123" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "124" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "125" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "126" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "127" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "128" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "129" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "130" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "131" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "132" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "133" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "134" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "135" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "136" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "137" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "138" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "139" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "140" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "141" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "142" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "143" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "144" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "145" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "146" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "147" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "148" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "149" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "150" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "151" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "152" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "153" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "154" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "155" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "156" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "157" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "158" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "159" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "160" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "161" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "162" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "163" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "164" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "165" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "166" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "167" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "168" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "169" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "170" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "171" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "172" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "173" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "174" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "175" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "176" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "177" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "178" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "179" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "180" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "181" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "182" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "183" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "184" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "185" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "186" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "187" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "188" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "189" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "190" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "191" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "192" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "193" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "194" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "195" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "196" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "197" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "198" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "199" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "200" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "201" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "202" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "203" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "204" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "205" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "206" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "207" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "208" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "209" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "210" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "211" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "212" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "213" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "214" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "215" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "216" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "escmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "217" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "218" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "219" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "220" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "221" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "222" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "223" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "224" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "225" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "226" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "227" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "228" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "229" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "230" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "231" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "232" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "233" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "234" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "235" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "236" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "237" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "238" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "239" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "240" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "241" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "242" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "243" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "244" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "245" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "246" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "247" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "248" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "249" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "250" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "251" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "252" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "253" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "254" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "255" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "256" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "257" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "258" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "259" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "260" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "261" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "262" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "263" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "264" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "265" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "266" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "267" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "268" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "269" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "270" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "271" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "272" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "273" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "274" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "275" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "276" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "277" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "278" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "279" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "280" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "281" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "282" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "283" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "284" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "285" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "286" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "287" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "288" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "289" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "290" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "291" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "292" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "293" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "294" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "295" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "296" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "ffimd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://195.95.218.98.../ipdnssec6.gif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://195.95.218.98.../fixiemapi.gif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://195.95.218.98.../dmsadmins.gif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://195.95.218.98...eb/qwinnta.gif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://195.95.218.98...web/sesmgr.gif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://195.95.218.98.../dumpsprep.gif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://195.95.218.98...b/mqspbkup.gif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "pgtshlld" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "nidnsdr" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "cvvsic" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "recaps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ytpme" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "X" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "rtcdaol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tnepxps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "46aycpxp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23lserspg" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ibpnxesm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23rtcdool" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23naelch" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "lserspg" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23rtcdaol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tnmgfcc" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ifpnxesm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "dnerkbrgfc" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1dedoc" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llams_ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23tsniow" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "domdnb" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "orcimlh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "lavinraCputeS" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "swjsc" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "qemsc" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "rupsc" Value deleted
HKCR\CLSID\{2DED4B89-DE08-41EA-9DBA-86052D051B01}\_h\4 Deleted.
HKCR\CLSID\{5E42D525-E333-47A9-B798-4BFC76516BD3}\_h\4 Deleted.
HKCR\CLSID\{971FAE1C-2759-454D-952F-BA9B70DE2FD8}\_h\4 Deleted.
C:\WINDOWS\System32\cspur.exe Deleted
....
~~~~~ Misc files.
C:\Documents and Settings\Luis\Application Data\uns.tmp Deleted
C:\WINDOWS\BALLOON.WAV Deleted
C:\WINDOWS\Help\SPAlert.chm Deleted
C:\WINDOWS\RDT.INI Deleted
C:\WINDOWS\System32\favset.exe Deleted
C:\WINDOWS\System32\filesafer23.exe Deleted
C:\WINDOWS\System32\filesaver32.exe Deleted
C:\WINDOWS\System32\howiper.exe Deleted
C:\WINDOWS\System32\MSSOSXRT.EXE Deleted
C:\WINDOWS\System32\WOINST32.EXE Deleted
C:\Documents and Settings\All Users\Favorites\Online Pharmacy Deleted
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall Deleted
C:\Casino Deleted
....
~~~~~ Checking for older varients.
C:\WINDOWS\System32\sesmgr.exe Deleted
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

C:\WINDOWS\system32\csqgw.exe 55304 06/03/2005

Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/


~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
  • 0

#8
loupa

loupa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
< C:\WINDOWS\System32\n?svc32.exe /u >
C:\WINDOWS\System32\nνsvc32.exe moved successfully.
File/Folder C:\WINDOWS\System32\barint.exe not found.
File/Folder C:\WINDOWS\System32\NopeZ.exe not found.
File/Folder C:\WINDOWS\System32\backorif.exe not found.
File/Folder C:\WINDOWS\System32\stuffmon.exe not found.
File/Folder C:\WINDOWS\dinst.exe not found.
File/Folder C:\WINDOWS\System32\dmbwr.exe not found.
LoadLibrary failed for C:\WINDOWS\mf4765.dll
C:\WINDOWS\mf4765.dll NOT unregistered.
C:\WINDOWS\mf4765.dll moved successfully.
< Purity >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF5DE932-2294-45B3-8B5C-A2E8627250F5} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF5DE932-2294-45B3-8B5C-A2E8627250F5}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\4F27V1D89M >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run not found.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Service >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abrek >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abrek\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceSD >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceSD\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barint >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barint\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbwr.exe >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbwr.exe\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERTYDF >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERTYDF\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gdwp >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gdwp\\ deleted successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04152008_173817
  • 0

#9
loupa

loupa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Deckard's System Scanner v20071014.68
Run by Luis on 2008-04-15 17:41:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Luis.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:45 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Luis\Desktop\dss.exe
C:\DOCUME~1\Luis\MYDOCU~1\HIJACK~1\Luis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0E8BD50B-851C-5F1B-F6B8-0B35CE4DE0B7} - InpriseMon.dll (file missing)
R3 - URLSearchHook: (no name) - {6C9EE1EC-B477-656D-152A-2212B69D4463} - uio.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208120796749
O18 - Filter hijack: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf4765.dll

--
End of file - 2485 bytes

-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-14 15:23:13 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Application Data\Mozilla
2008-04-14 14:35:51 0 d-------- C:\WINDOWS\Mozilla
2008-04-14 07:20:54 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Application Data\Identities
2008-04-14 07:20:37 0 dr------- C:\Documents and Settings\Ana.GATEWAY\Favorites
2008-04-14 07:20:37 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Desktop
2008-04-14 07:20:37 0 d--hs---- C:\Documents and Settings\Ana.GATEWAY\Cookies
2008-04-14 07:20:37 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\Application Data
2008-04-14 07:20:37 0 d---s---- C:\Documents and Settings\Ana.GATEWAY\Application Data\Microsoft
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\Templates
2008-04-14 07:20:36 0 dr------- C:\Documents and Settings\Ana.GATEWAY\Start Menu
2008-04-14 07:20:36 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\SendTo
2008-04-14 07:20:36 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\Recent
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\PrintHood
2008-04-14 07:20:36 786432 --ah----- C:\Documents and Settings\Ana.GATEWAY\NTUSER.DAT
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\NetHood
2008-04-14 07:20:36 0 dr------- C:\Documents and Settings\Ana.GATEWAY\My Documents
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\Local Settings
2008-04-14 07:07:44 0 d-------- C:\Documents and Settings\Noelle\Application Data\Mozilla
2008-04-13 19:45:38 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-13 19:29:31 0 d-------- C:\Program Files\Bonjour
2008-04-13 19:08:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-13 18:13:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-13 18:07:39 0 d-------- C:\WINDOWS\Prefetch
2008-04-13 17:39:00 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-13 17:33:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-13 17:07:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-13 16:27:08 0 d-------- C:\Program Files\PowerISO
2008-04-13 16:26:20 0 d-------- C:\Documents and Settings\Luis\Application Data\WinRAR
2008-04-13 16:13:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-13 15:59:42 0 d-------- C:\Program Files\uTorrent
2008-04-13 15:59:40 0 d-------- C:\Documents and Settings\Luis\Application Data\uTorrent
2008-04-13 15:51:06 2098 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-13 15:50:47 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 15:50:47 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-13 15:50:47 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-13 15:50:47 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-13 15:47:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-13 15:47:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-13 15:47:36 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-30 15:46:27 0 d-------- C:\Documents and Settings\Zen\Application Data\Sun
2008-03-19 12:23:16 0 d---s---- C:\Documents and Settings\Zen\UserData
2008-03-18 18:23:03 0 d-------- C:\Documents and Settings\Justice\Application Data\Real
2008-03-16 11:58:27 0 d-------- C:\Program Files\Canon
2008-03-16 11:55:10 0 d-------- C:\Program Files\Common Files\Canon
2008-03-16 11:46:21 146944 --a------ C:\WINDOWS\system32\ptpusd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-04-15 06:14:27 5120 --a------ C:\WINDOWS\svchost.dll
2008-04-13 23:12:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 22:53:28 0 d-------- C:\Program Files\Common Files
2008-04-13 20:16:38 0 d-------- C:\Documents and Settings\Luis\Application Data\Adobe
2008-04-13 19:29:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 17:38:38 0 dr------- C:\Program Files\Movie Maker
2008-04-13 17:38:20 0 d-------- C:\Program Files\Windows NT
2008-04-13 17:07:18 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-13 16:13:11 0 d-------- C:\Documents and Settings\Luis\Application Data\Mozilla
2008-04-13 14:43:14 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-04-13 14:42:14 0 d-------- C:\Program Files\McAfee.com
2008-04-02 19:50:39 0 d-------- C:\Program Files\Real
2008-03-16 12:07:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-10 10:05:23 0 d-------- C:\Program Files\MyWebSearch
2008-03-10 10:05:23 0 d-------- C:\Program Files\Google
2008-03-09 23:58:21 0 d-------- C:\Program Files\eMusic Remote
2008-03-09 23:39:21 0 d-------- C:\Program Files\Quicken
2008-03-09 23:33:59 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-29 16:54:44 0 d-------- C:\Program Files\kodak
2008-02-17 00:31:48 0 d-------- C:\Documents and Settings\Luis\Application Data\Intuit
2008-02-16 19:36:13 0 d-------- C:\Documents and Settings\Luis\Application Data\CyberLink
2008-02-16 19:30:19 0 d-------- C:\Program Files\CyberLink
2008-02-16 19:27:25 0 d-------- C:\Program Files\InterActual


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinAccestor.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinAccestor.exe
backup=C:\WINDOWS\pss\WinAccestor.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Luis^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Luis\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iehelper]
cnftips.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kargo]
Brong32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc]
C:\WINDOWS\System32\msedpb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
"C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UERS_0001_NI57M1124]
"C:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NukeSpan]
trycrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prcmon]
Trayz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TemplateDongle]
JAguAr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TorontoMail]
powerdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trycrt]
bingo9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uint32]
InpriseMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnSpyPC]
"C:\Program Files\UnSpyPC\UnSpyPC.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-04-15 17:42:15 ------------
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Hi, loupa :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {0E8BD50B-851C-5F1B-F6B8-0B35CE4DE0B7} - InpriseMon.dll (file missing)
R3 - URLSearchHook: (no name) - {6C9EE1EC-B477-656D-152A-2212B69D4463} - uio.dll (file missing)


Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]C:\WINDOWS\system32\csqgw.exeC:\WINDOWS\svchost.dllC:\Program Files\MyWebSearchC:\WINDOWS\cnftips.exe /sC:\WINDOWS\Brong32.exe /sC:\WINDOWS\trycrt.exe /sC:\WINDOWS\Trayz.exe /sC:\WINDOWS\powerdll.exe /sC:\WINDOWS\bingo9.exe /sC:\WINDOWS\InpriseMon.exe /sC:\WINDOWS\System32\msedpb.exeC:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exeHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iehelperHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KargoHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmcHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search BarHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community ToolsHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email PluginHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UERS_0001_NI57M1124HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NukeSpanHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prcmonHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TorontoMailHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trycrtHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uint32[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re-Scan with DSS and post a fresh Main.txt.
  • 0

Advertisements


#11
loupa

loupa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
File/Folder kill explorer] not found.
C:\WINDOWS\system32\csqgw.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\svchost.dll
C:\WINDOWS\svchost.dll NOT unregistered.
C:\WINDOWS\svchost.dll moved successfully.
C:\Program Files\MyWebSearch\bar\Settings moved successfully.
C:\Program Files\MyWebSearch\bar\History moved successfully.
C:\Program Files\MyWebSearch\bar moved successfully.
C:\Program Files\MyWebSearch moved successfully.
< C:\WINDOWS\cnftips.exe /s >
File/Folder C:\WINDOWS\cnftips.exe not found.
< C:\WINDOWS\Brong32.exe /s >
File/Folder C:\WINDOWS\Brong32.exe not found.
< C:\WINDOWS\trycrt.exe /s >
File/Folder C:\WINDOWS\trycrt.exe not found.
< C:\WINDOWS\Trayz.exe /s >
File/Folder C:\WINDOWS\Trayz.exe not found.
< C:\WINDOWS\powerdll.exe /s >
File/Folder C:\WINDOWS\powerdll.exe not found.
< C:\WINDOWS\bingo9.exe /s >
File/Folder C:\WINDOWS\bingo9.exe not found.
< C:\WINDOWS\InpriseMon.exe /s >
File/Folder C:\WINDOWS\InpriseMon.exe not found.
File/Folder C:\WINDOWS\System32\msedpb.exe not found.
File/Folder C:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iehelper >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iehelper\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kargo >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kargo\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UERS_0001_NI57M1124 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UERS_0001_NI57M1124\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NukeSpan >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NukeSpan\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prcmon >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prcmon\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TorontoMail >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TorontoMail\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trycrt >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trycrt\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uint32 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uint32\\ deleted successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04152008_181020
  • 0

#12
loupa

loupa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Deckard's System Scanner v20071014.68
Run by Luis on 2008-04-15 18:12:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Luis.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:07 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Luis\Desktop\dss.exe
C:\DOCUME~1\Luis\MYDOCU~1\HIJACK~1\Luis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208120796749
O18 - Filter hijack: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf4765.dll

--
End of file - 2284 bytes

-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-14 15:23:13 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Application Data\Mozilla
2008-04-14 14:35:51 0 d-------- C:\WINDOWS\Mozilla
2008-04-14 07:20:54 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Application Data\Identities
2008-04-14 07:20:37 0 dr------- C:\Documents and Settings\Ana.GATEWAY\Favorites
2008-04-14 07:20:37 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Desktop
2008-04-14 07:20:37 0 d--hs---- C:\Documents and Settings\Ana.GATEWAY\Cookies
2008-04-14 07:20:37 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\Application Data
2008-04-14 07:20:37 0 d---s---- C:\Documents and Settings\Ana.GATEWAY\Application Data\Microsoft
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\Templates
2008-04-14 07:20:36 0 dr------- C:\Documents and Settings\Ana.GATEWAY\Start Menu
2008-04-14 07:20:36 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\SendTo
2008-04-14 07:20:36 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\Recent
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\PrintHood
2008-04-14 07:20:36 786432 --ah----- C:\Documents and Settings\Ana.GATEWAY\NTUSER.DAT
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\NetHood
2008-04-14 07:20:36 0 dr------- C:\Documents and Settings\Ana.GATEWAY\My Documents
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\Local Settings
2008-04-14 07:07:44 0 d-------- C:\Documents and Settings\Noelle\Application Data\Mozilla
2008-04-13 19:45:38 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-13 19:29:31 0 d-------- C:\Program Files\Bonjour
2008-04-13 19:08:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-13 18:13:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-13 18:07:39 0 d-------- C:\WINDOWS\Prefetch
2008-04-13 17:39:00 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-13 17:33:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-13 17:07:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-13 16:27:08 0 d-------- C:\Program Files\PowerISO
2008-04-13 16:26:20 0 d-------- C:\Documents and Settings\Luis\Application Data\WinRAR
2008-04-13 16:13:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-13 15:59:42 0 d-------- C:\Program Files\uTorrent
2008-04-13 15:59:40 0 d-------- C:\Documents and Settings\Luis\Application Data\uTorrent
2008-04-13 15:51:06 2098 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-13 15:50:47 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 15:50:47 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-13 15:50:47 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-13 15:50:47 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-13 15:47:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-13 15:47:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-13 15:47:36 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-30 15:46:27 0 d-------- C:\Documents and Settings\Zen\Application Data\Sun
2008-03-19 12:23:16 0 d---s---- C:\Documents and Settings\Zen\UserData
2008-03-18 18:23:03 0 d-------- C:\Documents and Settings\Justice\Application Data\Real
2008-03-16 11:58:27 0 d-------- C:\Program Files\Canon
2008-03-16 11:55:10 0 d-------- C:\Program Files\Common Files\Canon
2008-03-16 11:46:21 146944 --a------ C:\WINDOWS\system32\ptpusd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-04-13 23:12:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 22:53:28 0 d-------- C:\Program Files\Common Files
2008-04-13 20:16:38 0 d-------- C:\Documents and Settings\Luis\Application Data\Adobe
2008-04-13 19:29:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 17:38:38 0 dr------- C:\Program Files\Movie Maker
2008-04-13 17:38:20 0 d-------- C:\Program Files\Windows NT
2008-04-13 17:07:18 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-13 16:13:11 0 d-------- C:\Documents and Settings\Luis\Application Data\Mozilla
2008-04-13 14:43:14 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-04-13 14:42:14 0 d-------- C:\Program Files\McAfee.com
2008-04-02 19:50:39 0 d-------- C:\Program Files\Real
2008-03-16 12:07:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-10 10:05:23 0 d-------- C:\Program Files\Google
2008-03-09 23:58:21 0 d-------- C:\Program Files\eMusic Remote
2008-03-09 23:39:21 0 d-------- C:\Program Files\Quicken
2008-03-09 23:33:59 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-29 16:54:44 0 d-------- C:\Program Files\kodak
2008-02-17 00:31:48 0 d-------- C:\Documents and Settings\Luis\Application Data\Intuit
2008-02-16 19:36:13 0 d-------- C:\Documents and Settings\Luis\Application Data\CyberLink
2008-02-16 19:30:19 0 d-------- C:\Program Files\CyberLink
2008-02-16 19:27:25 0 d-------- C:\Program Files\InterActual


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinAccestor.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinAccestor.exe
backup=C:\WINDOWS\pss\WinAccestor.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Luis^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Luis\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TemplateDongle]
JAguAr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnSpyPC]
"C:\Program Files\UnSpyPC\UnSpyPC.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-04-15 18:12:32 ------------
  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Hi, loupa :)

Download the enclosed folder. [attachment=19945:regfix.zip]Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

Go to the Control Panel. Click on the JAVA icon. Under Temporary Internet Files, click on Settings. Click on Delete Files, then Ok, out of the properties window.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Alternate download:

http://filehippo.com...d_java_runtime/

Antivirus programs play an important role in the protection of your system. Here are some options:
How is the computer doing?
  • 0

#14
loupa

loupa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I could not load the virus protection software "Node32" as you recommended, It could not be supported with my processor. I have not encountered the file window\nail.exe popping up during startup so that's good! I installed AVG to protect my PC, although it has slowed the performance of PC. The true test is when my kids get a hold of the computer. Thank you for your support and dedication.
  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Lets check for remnants:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP