Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virtumonde problem keeps returning. plz help

Started by swarmer , Apr 16 2008 07:51 AM

  • Please log in to reply

#1
swarmer
Posted 16 April 2008 - 07:51 AM

swarmer

    New Member

  • Member
  • Pip
  • 3 posts
Hello,

I have been having a big headache with the virtumonde virus. I have done several scans using (kaspersky online scanner, spysweeper, spybot, adaware, panda active scan, etc.) but not much seems to work, i have also used vundofix, but bad files keep returning under different names.

any and all help will be most appreciated! thank you all so much for you time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:52 AM, on 4/16/2008
Platform: Windows XP SP3, v.3180 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Windows\Desktop\VirtumundoBeGone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} - C:\WINDOWS\system32\iiffCULD.dll
O2 - BHO: (no name) - {827BCE2B-36E1-4731-85FF-A64E209FEA1C} - C:\WINDOWS\system32\urqNGwTM.dll (file missing)
O2 - BHO: (no name) - {A6E435A1-A1A2-41A9-8E0F-7B71B816510A} - C:\WINDOWS\system32\yayabxvT.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5576 bytes
  • 0

Advertisements

#2
kahdah
Posted 16 April 2008 - 10:18 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello swarmer

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
swarmer
Posted 16 April 2008 - 11:19 AM

swarmer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello kahdah

thank you very much for a fast response.


Deckard's System Scanner v20071014.68
Run by Windows on 2008-04-16 11:14:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-04-16 17:14:04 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-04-16 14:47:57 UTC - RP2 - Installed DirectX
1: 2008-04-16 11:59:07 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Windows.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:31 AM, on 4/16/2008
Platform: Windows XP SP3, v.3180 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Documents and Settings\Windows\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Windows.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} - C:\WINDOWS\system32\iiffCULD.dll
O2 - BHO: (no name) - {827BCE2B-36E1-4731-85FF-A64E209FEA1C} - C:\WINDOWS\system32\urqNGwTM.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe

--
End of file - 4877 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R3 ADIDTSFiltService (ADI DTS Filter Service) - c:\windows\system32\drivers\adidts.sys <Not Verified; Analog Devices, Inc.; Analog Devices DTS Driver>
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>

S3 APAffinity - c:\program files\sunbelt software\autopilot\system\apaffinity.sys (file missing)
S3 APConvoy - c:\program files\sunbelt software\autopilot\system\apconvoy.sys (file missing)
S3 APFSCache - c:\program files\sunbelt software\autopilot\system\apfscache.sys (file missing)
S3 APPriority - c:\program files\sunbelt software\autopilot\system\appriority.sys (file missing)
S3 APStarvation - c:\program files\sunbelt software\autopilot\system\apstarvation.sys (file missing)
S3 APSysHooks - c:\program files\sunbelt software\autopilot\system\apsyshooks.sys (file missing)
S3 APWorkingSet - c:\program files\sunbelt software\autopilot\system\apworkingset.sys (file missing)
S3 AutoPilot2 - c:\program files\sunbelt software\autopilot\system\autopilot2.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 OOCleverCache (O&O CleverCache Pro) - "c:\program files\oo software\clevercache\ooccsvc.exe" <Not Verified; O&O Software GmbH; O&O CleverCache>
S4 APAutoStart - c:\program files\sunbelt software\autopilot\system\apasserv.exe (file missing)
S4 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
S4 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-02 22:02:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-16 and 2008-04-16 -----------------------------

2008-04-16 08:48:29 0 d-------- C:\WINDOWS\LastGood
2008-04-16 07:39:39 0 d-------- C:\Program Files\Trend Micro
2008-04-16 07:09:53 22028 --ahs---- C:\WINDOWS\system32\Tvxbayay.ini2
2008-04-16 06:42:26 0 d-------- C:\VundoFix Backups
2008-04-16 06:36:01 0 d-------- C:\Program Files\Webroot
2008-04-16 06:32:38 164 --a------ C:\install.dat
2008-04-16 06:28:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-16 06:28:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-16 05:34:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-16 05:28:03 1853 --a------ C:\WINDOWS\mozver.dat
2008-04-16 05:28:03 0 d-------- C:\Program Files\Panda Security
2008-04-16 04:14:04 29972 --ahs---- C:\WINDOWS\system32\MTwGNqru.ini2
2008-04-16 04:09:00 37888 -----n--- C:\WINDOWS\system32\iiffCULD.dll
2008-04-16 03:55:37 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-04-16 03:55:13 0 d-------- C:\Documents and Settings\Windows\Application Data\DAEMON Tools Pro
2008-04-16 03:50:17 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-04-16 03:29:37 0 d--h----- C:\WINDOWS\PIF
2008-04-15 03:16:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-15 02:55:45 0 d-------- C:\Program Files\Sierra Entertainment
2008-04-15 02:55:30 0 d-------- C:\wic
2008-04-14 11:32:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-14 11:32:42 0 d-------- C:\Documents and Settings\Windows\Application Data\Azureus
2008-04-14 11:32:14 0 d-------- C:\Program Files\Azureus
2008-04-14 06:21:42 0 d-------- C:\Program Files\Sierra
2008-04-14 04:10:22 0 d-------- C:\Program Files\LucasArts
2008-04-14 04:10:17 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-04-14 04:10:16 0 d-------- C:\Documents and Settings\Windows\WINDOWS
2008-04-13 11:23:04 0 d-------- C:\Program Files\Black Isle
2008-04-12 23:05:27 52736 --a------ C:\WINDOWS\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95>
2008-04-12 23:03:28 0 d-------- C:\Program Files\BlackIsle
2008-04-10 17:25:05 0 dr-h----- C:\Documents and Settings\Windows\Recent
2008-04-09 01:57:22 120 --a------ C:\drmHeader.bin
2008-04-04 15:45:27 0 d-------- C:\Program Files\eMule
2008-04-01 23:40:44 0 d-------- C:\Documents and Settings\Windows\Application Data\Help
2008-03-31 21:18:46 0 d-------- C:\Documents and Settings\Windows\Application Data\DAEMON Tools
2008-03-22 19:18:46 0 d-------- C:\Program Files\Gpotato
2008-03-17 15:49:50 0 d-------- C:\Program Files\Fury


-- Find3M Report ---------------------------------------------------------------

2008-04-16 04:52:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 02:55:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-15 02:54:44 0 d-------- C:\Program Files\Soulseek
2008-04-14 11:25:25 0 d-------- C:\Documents and Settings\Windows\Application Data\uTorrent
2008-04-12 21:55:38 0 d-------- C:\Program Files\Warcraft III
2008-04-11 20:20:57 0 d-------- C:\Program Files\Diablo II
2008-04-11 20:20:49 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-11 19:03:38 0 d-------- C:\Program Files\World of Warcraft
2008-04-09 20:09:34 0 d-------- C:\Program Files\MySpace
2008-04-06 04:37:03 0 d-------- C:\Program Files\City of Heroes
2008-04-01 23:40:44 0 d-------- C:\Program Files\SpeedConnect
2008-03-30 02:29:33 0 d-------- C:\Program Files\Winamp
2008-03-30 02:29:13 0 d-------- C:\Documents and Settings\Windows\Application Data\Winamp
2008-03-27 17:37:40 0 d-------- C:\Documents and Settings\Windows\Application Data\LimeWire
2008-03-24 17:01:54 0 d-------- C:\Documents and Settings\Windows\Application Data\Creative
2008-03-17 13:18:21 0 d-------- C:\Program Files\Steam
2008-03-15 22:54:18 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-10 13:58:59 35292 --a------ C:\WINDOWS\DIIUnin.dat
2008-03-10 13:09:24 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-03-10 13:09:24 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-03-10 13:09:24 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-03-10 08:37:03 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-03-10 08:37:03 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-03-10 08:27:28 0 d-------- C:\Program Files\Alcohol Soft
2008-03-09 09:06:18 0 d-------- C:\Documents and Settings\Windows\Application Data\FrostWire
2008-03-07 20:52:53 0 d--h----- C:\Documents and Settings\Windows\Application Data\ijjigame
2008-03-07 16:10:15 0 d--h----- C:\Program Files\Zero G Registry
2008-03-07 16:09:35 0 d-------- C:\Program Files\Ubisoft
2008-03-06 15:57:10 0 d-------- C:\Program Files\Matrix Online
2008-03-05 22:12:40 0 d-------- C:\Program Files\THQ
2008-03-05 14:13:35 0 d-------- C:\Program Files\Sony
2008-03-04 14:58:19 0 d-------- C:\Program Files\MythWar_en
2008-03-04 11:30:04 0 d-------- C:\Program Files\Codemasters
2008-03-03 14:28:09 0 d-------- C:\Program Files\StarWarsGalaxies
2008-03-02 11:51:28 0 d-------- C:\Documents and Settings\Windows\Application Data\GetRightToGo
2008-03-02 11:51:22 0 d-------- C:\Program Files\Turbine
2008-03-02 02:09:07 0 d-------- C:\Program Files\Common Files
2008-03-02 02:09:07 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-02 01:45:29 0 d-------- C:\Program Files\GameSpot
2008-03-02 01:45:28 5963 --a------ C:\Program Files\install.log
2008-02-29 12:53:50 0 d-------- C:\Documents and Settings\Windows\Application Data\Turbine
2008-02-29 11:42:43 0 d-------- C:\Program Files\GALA-NET
2008-02-29 11:42:42 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-29 07:18:47 0 d-------- C:\Program Files\NCSoft
2008-02-28 21:05:59 41 --a------ C:\Documents and Settings\Windows\Application Data\iPod Access Photo Prefs
2008-02-28 20:41:26 0 d-------- C:\Program Files\iPod Access Photo for Windows
2008-02-28 20:41:19 52 --ah----- C:\Documents and Settings\Windows\Application Data\iPodAccessPhoto_OwnerName
2008-02-28 20:36:16 0 d-------- C:\Program Files\Common Files\eSellerate
2008-02-28 20:21:19 10 --ah----- C:\Documents and Settings\Windows\Application Data\iPodAccessPhoto_Time
2008-02-28 08:39:34 0 d-------- C:\Documents and Settings\Windows\Application Data\Electronic Arts
2008-02-24 02:32:01 0 d-------- C:\Program Files\CCP
2008-02-23 02:45:36 0 d-------- C:\Program Files\Funcom
2008-02-15 01:31:51 76442 --a----c- C:\WINDOWS\War3Unin.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}]
04/16/2008 04:09 AM 37888 --------- C:\WINDOWS\system32\iiffCULD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{827BCE2B-36E1-4731-85FF-A64E209FEA1C}]
C:\WINDOWS\system32\urqNGwTM.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [07/13/2006 09:12 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 12:35 AM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [07/23/2007 12:06 PM]
"NvCplDaemon"="RUNDLL32.exe" [07/19/2007 07:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 11:51 AM]
"P17Helper"="P17.dll" [03/17/2006 05:11 PM C:\WINDOWS\system32\P17.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [10/26/2007 10:06 AM]
"NvMediaCenter"="RUNDLL32.exe" [07/19/2007 07:00 AM C:\WINDOWS\system32\rundll32.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 07:08 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/1/2007 4:22:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=1 (0x1)
"DisableLockWorkstation"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"NoSMHelp"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoSMHelp"=0 (0x0)
"NoWindowsUpdate"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"ForceActiveDesktopOn"=0 (0x0)
"NoSetActiveDesktop"=1 (0x1)
"NoViewContextMenu"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoDesktopCleanupWizard"=1 (0x1)
"HideRunAsVerb"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"HideRunAsVerb"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}"= C:\WINDOWS\system32\iiffCULD.dll [04/16/2008 04:09 AM 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\yayabxvT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##C98#dvd]
AutoRun\command- Z:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##C98#h]
AutoRun\command- Z:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

8139 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-16 11:14:54 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 6000+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of Memory in Use: 14%
Physical Memory (total/avail): 3070.42 MiB / 2636.91 MiB
Pagefile Memory (total/avail): 4445.5 MiB / 4181.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 40.83 GiB free.
D: is CDROM (UDF)
E: is CDROM (CDFS)
F: is Fixed (FAT32) - 149.01 GiB total, 7.75 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-22MHB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Windows\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DZA
ComSpec=C:\WINDOWS\system32\cmd.exe
devmgr_show_nonpresent_devices=1
FP_NO_HOST_CHECK=NO
HellgateEnv=C:\Program Files\Flagship Studios\Hellgate London\
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Windows
LOGONSERVER=\\DZA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Windows\LOCALS~1\Temp
TMP=C:\DOCUME~1\Windows\LOCALS~1\Temp
USERDOMAIN=DZA
USERNAME=Windows
USERPROFILE=C:\Documents and Settings\Windows
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Windows (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\SBAudigy\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A053D60-9267-11D5-8A2B-0050DA8B7D89}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Anarchy Online and the Lost Eden expansion pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72FD19BF-F4B8-4578-B258-478924F64D9E}\setup.exe" -l0x9 UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AquaMark3 --> C:\PROGRA~1\AQUAMA~1\UNWISE.EXE C:\PROGRA~1\AQUAMA~1\INSTALL.LOG
Archlord --> "C:\Program Files\Codemasters\Archlord\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative EAX Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Dawn of War - Dark Crusade --> C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn of War - Soulstorm --> "C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Dual-Core Optimizer --> MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
Dungeon Runners --> C:\Program Files\InstallShield Installation Information\{81D0AECB-DC55-4789-B257-5A968A5BE975}\setup.exe -runfromtemp -l0x0009 -removeonly
DUNGEONS & DRAGONS ONLINE™: Stormreach™ v01.05.00.8095 --> "C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\unins000.exe"
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Enemy Territory: QUAKE Wars --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10000
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
Fallout2 --> C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
Fury --> "C:\Program Files\Fury\unins000.exe"
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hellgate: London --> MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld2 --> C:\Program Files\Sierra\Homeworld2\uninstall.exe
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
Install(US)2 --> C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
iPod Access Photo for Windows v1.4 --> "C:\Program Files\iPod Access Photo for Windows\unins000.exe"
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Jagged Alliance 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/1620
Jagged Alliance 2: Unfinished Business --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2950
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LucasArts' TIE Fighter --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\TIE95\DeIsL1.isu"
LucasArts' X-Wing --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\XWING95\DeIsL1.isu"
LucasArts' X-Wing Alliance --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\XWingAlliance\DeIsL1.isu"
LucasArts' XvT: Flight School --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\XvT Flight School\DeIsL1.isu"
Medieval II: Total War --> "C:\Program Files\Steam\steam.exe" steam://uninstall/4700
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
MythWar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D7A134-43AE-4B6D-9DEF-E1DD78A0353E}\setup.exe" -l0x9 -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
Planescape - Torment --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A053D60-9267-11D5-8A2B-0050DA8B7D89}\setup.exe"
PlayNC Launcher --> C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Rappelz_USA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}\setup.exe" -l0x9 -removeonly
S.T.A.L.K.E.R. - Shadow of Chernobyl --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Shadowbane - Throne of Oblivion --> "C:\Program Files\Ubisoft\Shadowbane - Throne of Oblivion\UninstallerData\Uninstall Shadowbane - Throne of Oblivion.exe"
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SoulSeek Client 157 test 12b --> "C:\Program Files\Soulseek-Test\uninstall.exe"
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Galaxies: 14-Day Trial --> "C:\Program Files\InstallShield Installation Information\{A6EF0748-2F5D-4AAD-BF71-EAB1EC5106E8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Station Launcher --> "C:\Program Files\InstallShield Installation Information\{C77900DE-73B8-47F3-804A-F07A90C1589D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Lord of the Rings Online™: Shadows of Angmar™ v01.05.00.811 --> "C:\Program Files\Turbine\The Lord of the Rings Online\unins001.exe"
UFO: Afterlight --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7500
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World In Conflict --> "C:\Program Files\InstallShield Installation Information\{AA89DBA6-2CC9-46C5-9102-4B2833304AE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type2226 / Error
Event Submitted/Written: 04/16/2008 03:31:09 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-04-16 09:31:09,890 DZA [002612:003748] ERROR 000 AVG7.KRNL.ACT File C:\Documents and Settings\Windows\My Documents\Azureus Downloads\[PC] The Witcher [ENG-OnLY] [dopeman]\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe could not be unplaned from CleanDrv removal, error: 2

Event Record #/Type2225 / Error
Event Submitted/Written: 04/16/2008 03:28:09 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-04-16 09:28:09,921 DZA [002612:003748] ERROR 000 AVG7.KRNL.ACT File C:\Documents and Settings\Windows\My Documents\Azureus Downloads\[PC] The Witcher [ENG-OnLY] [dopeman]\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe could not be unplaned from CleanDrv removal, error: 2



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12798 / Warning
Event Submitted/Written: 04/16/2008 11:06:28 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12797 / Warning
Event Submitted/Written: 04/16/2008 09:38:55 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12793 / Warning
Event Submitted/Written: 04/16/2008 09:24:54 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12791 / Error
Event Submitted/Written: 04/16/2008 09:23:03 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type12786 / Error
Event Submitted/Written: 04/16/2008 08:38:55 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-04-16 11:14:54 ------------
  • 0

#4
kahdah
Posted 16 April 2008 - 11:30 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
swarmer
Posted 16 April 2008 - 12:14 PM

swarmer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello

heres the next step

ComboFix 08-04-15.8 - Windows 2008-04-16 11:50:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2381 [GMT -6:00]
Running from: C:\Documents and Settings\Windows\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Windows\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\WINDOWS\a.bat
C:\WINDOWS\G.EXE
C:\WINDOWS\system32\iiffCULD.dll
C:\WINDOWS\system32\launcher.exe
C:\WINDOWS\system32\MTwGNqru.ini
C:\WINDOWS\system32\MTwGNqru.ini2
C:\WINDOWS\system32\Tvxbayay.ini
C:\WINDOWS\system32\Tvxbayay.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-16 11:13 . 2008-04-16 11:13 <DIR> d-------- C:\Deckard
2008-04-16 08:49 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-04-16 07:39 . 2008-04-16 07:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-16 06:42 . 2008-04-16 08:32 <DIR> d-------- C:\VundoFix Backups
2008-04-16 06:32 . 2008-04-16 06:32 164 --a------ C:\install.dat
2008-04-16 06:28 . 2008-04-16 06:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-16 06:28 . 2008-04-16 06:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-16 06:19 . 2008-04-16 07:28 153 --a------ C:\WINDOWS\wininit.ini
2008-04-16 05:43 . 2007-07-19 00:41 61,312 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-16 05:43 . 2007-07-19 00:41 61,312 --a------ C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-04-16 05:43 . 2007-07-19 00:41 53,376 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-16 05:43 . 2007-07-19 00:41 53,376 --a------ C:\WINDOWS\system32\dllcache\1394bus.sys
2008-04-16 05:43 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-16 05:43 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\dllcache\enum1394.sys
2008-04-16 05:34 . 2008-04-16 05:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-16 05:28 . 2008-04-16 07:20 <DIR> d-------- C:\Program Files\Panda Security
2008-04-16 05:28 . 2008-04-16 05:28 1,853 --a------ C:\WINDOWS\mozver.dat
2008-04-16 03:55 . 2008-04-16 03:55 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\DAEMON Tools Pro
2008-04-16 03:55 . 2008-04-16 03:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-04-16 03:50 . 2008-04-16 03:56 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-04-16 03:29 . 2008-04-16 03:29 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-16 03:16 . 2008-04-16 03:16 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-16 03:16 . 2008-04-16 03:16 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-15 03:16 . 2008-04-15 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-15 02:55 . 2008-04-15 03:04 <DIR> d-------- C:\wic
2008-04-15 02:55 . 2008-04-15 02:55 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-04-14 11:32 . 2008-04-16 11:26 <DIR> d-------- C:\Program Files\Azureus
2008-04-14 11:32 . 2008-04-16 11:55 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Azureus
2008-04-14 11:32 . 2008-04-14 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-14 06:21 . 2008-04-14 06:21 <DIR> d-------- C:\Program Files\Sierra
2008-04-14 04:10 . 2008-04-14 04:22 <DIR> d-------- C:\Program Files\LucasArts
2008-04-14 04:10 . 2008-04-14 04:10 <DIR> d-------- C:\Documents and Settings\Windows\WINDOWS
2008-04-14 04:10 . 1997-01-18 10:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-13 11:23 . 2008-04-13 11:23 <DIR> d-------- C:\Program Files\Black Isle
2008-04-12 23:05 . 2008-04-12 23:05 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-04-12 23:03 . 2008-04-12 23:03 <DIR> d-------- C:\Program Files\BlackIsle
2008-04-09 01:57 . 2008-04-11 02:46 120 --a------ C:\drmHeader.bin
2008-04-04 15:45 . 2008-04-04 15:47 <DIR> d-------- C:\Program Files\eMule
2008-03-31 21:18 . 2008-03-31 21:18 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\DAEMON Tools
2008-03-22 19:18 . 2008-03-22 19:18 <DIR> d-------- C:\Program Files\Gpotato
2008-03-17 22:58 . 2007-07-19 06:59 82,432 --a------ C:\WINDOWS\system32\233ef63a.dll
2008-03-17 15:49 . 2008-03-17 16:41 <DIR> d-------- C:\Program Files\Fury

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 10:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 08:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 08:54 --------- d-----w C:\Program Files\Soulseek
2008-04-14 17:25 --------- d-----w C:\Documents and Settings\Windows\Application Data\uTorrent
2008-04-13 03:55 --------- d-----w C:\Program Files\Warcraft III
2008-04-12 02:20 --------- d-----w C:\Program Files\Diablo II
2008-04-12 01:03 --------- d-----w C:\Program Files\World of Warcraft
2008-04-10 02:09 --------- d-----w C:\Program Files\MySpace
2008-04-06 10:37 --------- d-----w C:\Program Files\City of Heroes
2008-04-02 05:40 --------- d-----w C:\Program Files\SpeedConnect
2008-04-01 03:18 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-30 08:29 --------- d-----w C:\Program Files\Winamp
2008-03-30 08:29 --------- d-----w C:\Documents and Settings\Windows\Application Data\Winamp
2008-03-27 23:37 --------- d-----w C:\Documents and Settings\Windows\Application Data\LimeWire
2008-03-24 23:01 --------- d-----w C:\Documents and Settings\Windows\Application Data\Creative
2008-03-17 19:18 --------- d-----w C:\Program Files\Steam
2008-03-16 04:54 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-16 04:54 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-10 14:37 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-03-10 14:37 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-03-10 14:27 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-09 15:06 --------- d-----w C:\Documents and Settings\Windows\Application Data\FrostWire
2008-03-08 02:52 --------- d--h--w C:\Documents and Settings\Windows\Application Data\ijjigame
2008-03-08 02:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-03-07 22:10 --------- d--h--w C:\Program Files\Zero G Registry
2008-03-07 22:09 --------- d-----w C:\Program Files\Ubisoft
2008-03-06 21:57 --------- d-----w C:\Program Files\Matrix Online
2008-03-06 04:12 --------- d-----w C:\Program Files\THQ
2008-03-05 20:13 --------- d-----w C:\Program Files\Sony
2008-03-04 20:58 --------- d-----w C:\Program Files\MythWar_en
2008-03-04 17:30 --------- d-----w C:\Program Files\Codemasters
2008-03-03 20:28 --------- d-----w C:\Program Files\StarWarsGalaxies
2008-03-02 17:51 --------- d-----w C:\Program Files\Turbine
2008-03-02 17:51 --------- d-----w C:\Documents and Settings\Windows\Application Data\GetRightToGo
2008-03-02 08:09 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-03-02 07:45 5,963 ----a-w C:\Program Files\install.log
2008-03-02 07:45 --------- d-----w C:\Program Files\GameSpot
2008-02-29 18:53 --------- d-----w C:\Documents and Settings\Windows\Application Data\Turbine
2008-02-29 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-29 17:42 --------- d-----w C:\Program Files\GALA-NET
2008-02-29 17:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-29 13:18 --------- d-----w C:\Program Files\NCSoft
2008-02-29 02:41 --------- d-----w C:\Program Files\iPod Access Photo for Windows
2008-02-29 02:36 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-02-28 14:39 --------- d-----w C:\Documents and Settings\Windows\Application Data\Electronic Arts
2008-02-24 08:32 --------- d-----w C:\Program Files\CCP
2008-02-23 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 23:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-23 08:45 --------- d-----w C:\Program Files\Funcom
2008-02-23 02:22 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-05 07:33 22,328 ----a-w C:\Documents and Settings\Windows\Application Data\PnkBstrK.sys
2007-11-10 03:40 21,321,008 ----a-w C:\Program Files\QuickTimeInstaller.exe
2004-07-17 21:44 720 -c--a-w C:\Program Files\3d.lnk
2006-02-23 15:16 34,048 ----a-w C:\Program Files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 15:16 45,056 ----a-w C:\Program Files\mozilla firefox\plugins\upd62int.dll
.

------- Sigcheck -------

2007-07-19 07:00 507904 0985cc7298081f04b8e48616c0dd8df9 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2007-11-01 01:14 507904 df78bd2789e8982433f70e91e6a2e0bf C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{827BCE2B-36E1-4731-85FF-A64E209FEA1C}]
C:\WINDOWS\system32\urqNGwTM.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 07:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [2006-07-13 09:12 729088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 00:35 36352]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"NvCplDaemon"="RUNDLL32.exe" [2007-07-19 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"P17Helper"="P17.dll" [2006-03-17 17:11 81408 C:\WINDOWS\system32\P17.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 10:06 292152]
"NvMediaCenter"="RUNDLL32.exe" [2007-07-19 07:00 33280 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 14:32 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoInstrumentation"= 1 (0x1)
"NoDFSTab"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDesktopCleanupWizard"= 1 (0x1)
"HideRunAsVerb"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"HideRunAsVerb"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\TARDIS95.EXE"=
"C:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Soulseek-Test\\slsk.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\enemy territory quake wars\\etqw.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"C:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
"C:\\Program Files\\MythWar_en\\update.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"F:\\web tech\\utorrent.exe"=
"C:\\Program Files\\Fury\\Binaries\\Fury.exe"=
"C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 01:23]
S3 APAffinity;APAffinity;C:\Program Files\Sunbelt Software\AutoPilot\System\APAffinity.sys []
S3 APConvoy;APConvoy;C:\Program Files\Sunbelt Software\AutoPilot\System\APConvoy.sys []
S3 APFSCache;APFSCache;C:\Program Files\Sunbelt Software\AutoPilot\System\APFSCache.sys []
S3 APPriority;APPriority;C:\Program Files\Sunbelt Software\AutoPilot\System\APPriority.sys []
S3 APStarvation;APStarvation;C:\Program Files\Sunbelt Software\AutoPilot\System\APStarvation.sys []
S3 APSysHooks;APSysHooks;C:\Program Files\Sunbelt Software\AutoPilot\System\APSysHooks.sys []
S3 APWorkingSet;APWorkingSet;C:\Program Files\Sunbelt Software\AutoPilot\System\APWorkingSet.sys []
S3 AutoPilot2;AutoPilot2;C:\Program Files\Sunbelt Software\AutoPilot\System\AutoPilot2.sys []
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 02:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##C98#dvd]
\Shell\AutoRun\command - Z:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##C98#h]
\Shell\AutoRun\command - Z:\setup.exe

*Newly Created Service* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 04:02:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 11:58:38
Windows 5.1.2600 Service Pack 3, v.3180 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-16 12:10:55 - machine was rebooted [Windows]
ComboFix-quarantined-files.txt 2008-04-16 18:09:53

Pre-Run: 43,755,499,520 bytes free
Post-Run: 43,691,798,528 bytes free



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:23 PM, on 4/16/2008
Platform: Windows XP SP3, v.3180 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {827BCE2B-36E1-4731-85FF-A64E209FEA1C} - C:\WINDOWS\system32\urqNGwTM.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe

--
End of file - 5314 bytes
  • 0

#6
kahdah
Posted 20 April 2008 - 07:19 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I will need you to download this anti-virus program and install it.
This is free.
AVG free
===================================================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\233ef63a.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

====================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP