Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rundll32.exe help please


  • Please log in to reply

#1
Venomz

Venomz

    Member

  • Member
  • PipPip
  • 15 posts
This is the first time I am posting on a help web site, usually i can fix what ever malware/spyware/trojan/etc comes my way with a few programs but, i think i need some help now. The other day i was surfing a known safe website (www.iminlikewithyou.com) and i all of a sudden get bombed with spam. A fake spyware remover was instantly installed on my desktop and and the spam kept coming. I ran a few programs and thought i got rid of it, so i did a restart. I come back to my desktop being changed to a bunch of stupid animations, needless to say i rebooted and went into safe mode, i ran every help program i had and even spent the better part of the evening learning what was what on my hijackthis log. I fixed somethings but i still believe that there are a few problems that don't have the knowledge for. Any help would be appreciated. The anti virus programs i have used are: Avg, Spybot search and destroy, regcure, super anti spyware, comodo firewall pro, and cureit.

Here is my log from a few seconds ago. Please let me know if any other detection tools would help assist an admin in here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:46 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\tcntokdm.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4184F242-7714-4D38-B335-C390FBD094AC} - (no file)
O2 - BHO: (no name) - {51A80C08-32EE-4CB8-904B-968408A971AD} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BA87734-948F-4394-9949-ED03A5B10C36} - (no file)
O2 - BHO: (no name) - {5E3B33EB-555E-44B0-B7F9-EC9A4902CBF3} - (no file)
O2 - BHO: (no name) - {689E7D72-D96D-4932-A389-057EE1E618F3} - C:\WINDOWS\system32\wvUnNEtQ.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {76C3C903-EF67-41E1-A3F2-39239803B262} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98D068DC-0905-4C80-8EE4-4A7DD8D46225} - (no file)
O2 - BHO: gooochi browser optimizer - {9bf491f4-c744-5d6e-4afa-66467868ad2d} - C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\cbXNFuvv.dll
O2 - BHO: (no name) - {B667F487-38E2-4FFA-972B-B3417747282F} - C:\WINDOWS\system32\geBuSJdC.dll (file missing)
O2 - BHO: (no name) - {D9BC1719-DD33-4DA6-B0DD-F5CAB855F7A1} - (no file)
O2 - BHO: (no name) - {E9C9F08E-F5C0-4DAA-B5A9-BE1D93DD3DE0} - (no file)
O2 - BHO: (no name) - {FA742160-62BB-4A67-906C-D623978C6EC7} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [3015f654] rundll32.exe "C:\WINDOWS\system32\njhxbkhp.dll",b
O4 - HKLM\..\Run: [BM3326c5c8] Rundll32.exe "C:\WINDOWS\system32\tdxfqfvp.dll",s
O4 - HKLM\..\Run: [{db85face-542b-eb81-ec3a-483801d63000}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll" DllInit
O4 - HKLM\..\Run: [{5F-F6-6F-FB-DW}] C:\WINDOWS\system32\rwwnw64d.exe DWramFF
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntokdm.exe DWramFF
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8372] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9084] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1680] command /c del "C:\WINDOWS\system32\geBuSJdC.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9109] cmd /c del "C:\WINDOWS\system32\geBuSJdC.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2068] command /c del "C:\WINDOWS\system32\lhwswjbp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1434] cmd /c del "C:\WINDOWS\system32\lhwswjbp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2145] command /c del "C:\WINDOWS\system32\wvUnNEtQ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7445] cmd /c del "C:\WINDOWS\system32\wvUnNEtQ.dll_old"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ProxyFirewall] C:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntokdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXNFuvv - C:\WINDOWS\SYSTEM32\cbXNFuvv.dll
O20 - Winlogon Notify: femnbzhk - femnbzhk.dll (file missing)
O20 - Winlogon Notify: iifecbx - iifecbx.dll (file missing)
O20 - Winlogon Notify: nnnlllj - nnnlllj.dll (file missing)
O20 - Winlogon Notify: sstqo - C:\WINDOWS\
O20 - Winlogon Notify: vtuurqr - vtuurqr.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: System Guard(AdwareRemoval) (AdwareRemovalSysGuardService) - Unknown owner - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

--
End of file - 11897 bytes
  • 0

Advertisements


#2
Ness

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello Venomz and welcome to Geeks to Go!

I will be helping you clean your computer.

Please be patient as I review your log. I will be with you shortly.
  • 0

#3
Venomz

Venomz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks, i hope to hear from you soon. I forgot to mention that I suspect that Virtumonde.dll and Vundo are still inside my machine because spybot finds it every time, key word everytime, meaning it isn't getting rid of it. Anyway let me know what you think.
  • 0

#4
Ness

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello again Venomz

I forgot to mention that I suspect that Virtumonde.dll and Vundo are still inside my machine

:)

meaning it isn't getting rid of it

Clearly :)

Anyway let me know what you think.

I'm allowed to think? :)

Before we do anything, I need you to disable the program SpybotSD TeaTimer. Simple open it up and turn it off for the duration of this fix. It is known to interfere with HiJackThis and not allow it to make fixes.

1. ATF Cleaner
------------------------------------------------


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2. HiJackThis Fix
------------------------------------------------


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {4184F242-7714-4D38-B335-C390FBD094AC} - (no file)
O2 - BHO: (no name) - {51A80C08-32EE-4CB8-904B-968408A971AD} - (no file)
O2 - BHO: (no name) - {5BA87734-948F-4394-9949-ED03A5B10C36} - (no file)
O2 - BHO: (no name) - {5E3B33EB-555E-44B0-B7F9-EC9A4902CBF3} - (no file)
O2 - BHO: (no name) - {689E7D72-D96D-4932-A389-057EE1E618F3} - C:\WINDOWS\system32\wvUnNEtQ.dll (file missing)
O2 - BHO: (no name) - {76C3C903-EF67-41E1-A3F2-39239803B262} - (no file)
O2 - BHO: (no name) - {98D068DC-0905-4C80-8EE4-4A7DD8D46225} - (no file)
O2 - BHO: gooochi browser optimizer - {9bf491f4-c744-5d6e-4afa-66467868ad2d} - C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\cbXNFuvv.dll
O2 - BHO: (no name) - {B667F487-38E2-4FFA-972B-B3417747282F} - C:\WINDOWS\system32\geBuSJdC.dll (file missing)
O2 - BHO: (no name) - {D9BC1719-DD33-4DA6-B0DD-F5CAB855F7A1} - (no file)
O2 - BHO: (no name) - {E9C9F08E-F5C0-4DAA-B5A9-BE1D93DD3DE0} - (no file)
O2 - BHO: (no name) - {FA742160-62BB-4A67-906C-D623978C6EC7} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [3015f654] rundll32.exe "C:\WINDOWS\system32\njhxbkhp.dll",b
O4 - HKLM\..\Run: [BM3326c5c8] Rundll32.exe "C:\WINDOWS\system32\tdxfqfvp.dll",s
O4 - HKLM\..\Run: [{db85face-542b-eb81-ec3a-483801d63000}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll" DllInit
O4 - HKLM\..\Run: [{5F-F6-6F-FB-DW}] C:\WINDOWS\system32\rwwnw64d.exe DWramFF
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntokdm.exe DWramFF
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntokdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O20 - Winlogon Notify: cbXNFuvv - C:\WINDOWS\SYSTEM32\cbXNFuvv.dll
O20 - Winlogon Notify: femnbzhk - femnbzhk.dll (file missing)
O20 - Winlogon Notify: iifecbx - iifecbx.dll (file missing)
O20 - Winlogon Notify: nnnlllj - nnnlllj.dll (file missing)
O20 - Winlogon Notify: sstqo - C:\WINDOWS\
O20 - Winlogon Notify: vtuurqr - vtuurqr.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

3. File Deletion
------------------------------------------------


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll
    C:\WINDOWS\system32\cbXNFuvv.dll
    C:\WINDOWS\system32\njhxbkhp.dll
    C:\WINDOWS\system32\tdxfqfvp.dll
    C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll
    C:\WINDOWS\system32\rwwnw64d.exe
    C:\WINDOWS\system32\tcntokdm.exe
    C:\WINDOWS\system32\rwwnw64d.exe
    C:\WINDOWS\SYSTEM32\cbXNFuvv.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

4. Deckard's System Scanner
------------------------------------------------


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next post
------------------------------------------------

  • OTMoveit2 Log
  • DSS Log

  • 0

#5
Venomz

Venomz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
First off, THANK YOU. I really appreciate the time you are taking to help me. Here is the move it log, i will post the Main.txt and Extra.txt in seperate posts in hopes it make it easier to cipher through for you.

File/Folder C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbXNFuvv.dll
C:\WINDOWS\system32\cbXNFuvv.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cbXNFuvv.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\njhxbkhp.dll not found.
File/Folder C:\WINDOWS\system32\tdxfqfvp.dll not found.
File/Folder C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll not found.
C:\WINDOWS\system32\rwwnw64d.exe moved successfully.
C:\WINDOWS\system32\tcntokdm.exe moved successfully.
File/Folder C:\WINDOWS\system32\rwwnw64d.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\cbXNFuvv.dll
C:\WINDOWS\SYSTEM32\cbXNFuvv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\cbXNFuvv.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05152008_000038

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbXNFuvv.dll
C:\WINDOWS\system32\cbXNFuvv.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cbXNFuvv.dll scheduled to be moved on reboot.
  • 0

#6
Venomz

Venomz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is main.txt

Deckard's System Scanner v20071014.68
Run by user on 2008-05-15 00:10:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
112: 2008-05-15 05:10:11 UTC - RP141 - Deckard's System Scanner Restore Point
111: 2008-05-14 12:11:01 UTC - RP140 - Restore Operation
110: 2008-05-14 03:36:13 UTC - RP139 - System Checkpoint
109: 2008-05-13 02:52:01 UTC - RP138 - Move file to quarantine: cbXNFuvv.dll
108: 2008-05-12 23:21:39 UTC - RP137 - System Checkpoint


-- First Restore Point --
1: 2008-02-15 01:34:28 UTC - RP30 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:49 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {80cb8476-6b2b-dbea-7a34-8c76d5588916} - {6198855d-67c8-43a7-aebd-b2b66748bc08} - C:\WINDOWS\system32\tcwgurea.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\cbXNFuvv.dll
O2 - BHO: (no name) - {C6351D14-0F0F-48D4-8DF5-9D886CB80D8A} - C:\WINDOWS\system32\byXPHbAq.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BM3326c5c8] Rundll32.exe "C:\WINDOWS\system32\wmcklyog.dll",s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ProxyFirewall] C:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXNFuvv - C:\WINDOWS\SYSTEM32\cbXNFuvv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: System Guard(AdwareRemoval) (AdwareRemovalSysGuardService) - Unknown owner - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

--
End of file - 8992 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080512-212227-659 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
backup-20080513-191446-288 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntokdm.exe DWramFF
backup-20080513-191446-923 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
backup-20080513-192009-127 O15 - Trusted Zone: *.avsystemcare.com
backup-20080513-192009-133 O15 - Trusted Zone: *.imageservr.com (HKLM)
backup-20080513-192009-154 O15 - Trusted Zone: *.avsystemcare.com (HKLM)
backup-20080513-192009-168 O15 - Trusted Zone: *.virusschlacht.com
backup-20080513-192009-215 O15 - Trusted Zone: *.storageguardsoft.com
backup-20080513-192009-262 O15 - Trusted Zone: *.imagesrvr.com
backup-20080513-192009-377 O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
backup-20080513-192009-394 O15 - Trusted Zone: *.gomyhit.com
backup-20080513-192009-410 O15 - Trusted Zone: *.amaena.com (HKLM)
backup-20080513-192009-478 O15 - Trusted Zone: *.safetydownload.com
backup-20080513-192009-512 O15 - Trusted Zone: *.virusschlacht.com (HKLM)
backup-20080513-192009-586 O15 - Trusted Zone: *.amaena.com
backup-20080513-192009-593 O15 - Trusted Zone: *.imageservr.com
backup-20080513-192009-597 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080513-192009-630 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20080513-192009-679 O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
backup-20080513-192009-680 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20080513-192009-724 O15 - Trusted Zone: *.onerateld.com
backup-20080513-192009-739 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080513-192009-772 O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
backup-20080513-192009-798 O15 - Trusted Zone: *.gomyhit.com (HKLM)
backup-20080513-192009-862 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20080513-192009-865 O23 - Service: System Guard(AdwareRemoval) (AdwareRemovalSysGuardService) - Unknown owner - (no file)
backup-20080513-192009-907 O15 - Trusted Zone: *.safetydownload.com (HKLM)
backup-20080513-192009-940 O15 - Trusted Zone: *.onerateld.com (HKLM)
backup-20080513-192831-540 O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
backup-20080513-192832-371 O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
backup-20080513-192833-360 O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
backup-20080513-192833-365 O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
backup-20080513-192833-566 O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
backup-20080513-192833-812 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
backup-20080513-192833-989 O23 - Service: System Guard(AdwareRemoval) (AdwareRemovalSysGuardService) - Unknown owner - (no file)
backup-20080514-183639-349 O20 - Winlogon Notify: iifecbx - iifecbx.dll (file missing)
backup-20080514-183639-491 O20 - Winlogon Notify: vtuurqr - vtuurqr.dll (file missing)
backup-20080514-183639-527 O20 - Winlogon Notify: femnbzhk - femnbzhk.dll (file missing)
backup-20080514-183639-909 O20 - Winlogon Notify: nnnlllj - nnnlllj.dll (file missing)
backup-20080514-235704-103 O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\cbXNFuvv.dll
backup-20080514-235704-125 O2 - BHO: (no name) - {B667F487-38E2-4FFA-972B-B3417747282F} - C:\WINDOWS\system32\geBuSJdC.dll (file missing)
backup-20080514-235704-215 O4 - HKLM\..\Run: [BM3326c5c8] Rundll32.exe "C:\WINDOWS\system32\tdxfqfvp.dll",s
backup-20080514-235704-239 O2 - BHO: (no name) - {5E3B33EB-555E-44B0-B7F9-EC9A4902CBF3} - (no file)
backup-20080514-235704-249 O2 - BHO: (no name) - {51A80C08-32EE-4CB8-904B-968408A971AD} - (no file)
backup-20080514-235704-328 O2 - BHO: (no name) - {689E7D72-D96D-4932-A389-057EE1E618F3} - C:\WINDOWS\system32\wvUnNEtQ.dll (file missing)
backup-20080514-235704-332 O2 - BHO: (no name) - {4184F242-7714-4D38-B335-C390FBD094AC} - (no file)
backup-20080514-235704-400 O2 - BHO: (no name) - {D9BC1719-DD33-4DA6-B0DD-F5CAB855F7A1} - (no file)
backup-20080514-235704-424 O2 - BHO: (no name) - {5BA87734-948F-4394-9949-ED03A5B10C36} - (no file)
backup-20080514-235704-505 O20 - Winlogon Notify: cbXNFuvv - C:\WINDOWS\SYSTEM32\cbXNFuvv.dll
backup-20080514-235704-574 O2 - BHO: (no name) - {E9C9F08E-F5C0-4DAA-B5A9-BE1D93DD3DE0} - (no file)
backup-20080514-235704-639 O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
backup-20080514-235704-646 O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
backup-20080514-235704-704 O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntokdm.exe
backup-20080514-235704-717 O4 - HKLM\..\Run: [3015f654] rundll32.exe "C:\WINDOWS\system32\njhxbkhp.dll",b
backup-20080514-235704-720 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
backup-20080514-235704-727 O2 - BHO: (no name) - {76C3C903-EF67-41E1-A3F2-39239803B262} - (no file)
backup-20080514-235704-743 O2 - BHO: (no name) - {98D068DC-0905-4C80-8EE4-4A7DD8D46225} - (no file)
backup-20080514-235704-755 O20 - Winlogon Notify: sstqo - C:\WINDOWS\
backup-20080514-235704-797 O2 - BHO: gooochi browser optimizer - {9bf491f4-c744-5d6e-4afa-66467868ad2d} - C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll
backup-20080514-235704-820 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntokdm.exe DWramFF
backup-20080514-235704-910 O2 - BHO: (no name) - {FA742160-62BB-4A67-906C-D623978C6EC7} - (no file)
backup-20080514-235704-938 O4 - HKLM\..\Run: [{5F-F6-6F-FB-DW}] C:\WINDOWS\system32\rwwnw64d.exe DWramFF
backup-20080514-235704-987 O4 - HKLM\..\Run: [{db85face-542b-eb81-ec3a-483801d63000}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll" DllInit
backup-20080514-235821-322 O20 - Winlogon Notify: cbXNFuvv - C:\WINDOWS\SYSTEM32\cbXNFuvv.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 nulll - c:\windows\system32\drivers\nulll.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 HCWBT8XX (Hauppauge WinTV 848/9 WDM Video Driver) - c:\windows\system32\drivers\hcwbt8xx.sys <Not Verified; Hauppauge Computer Works; WinTV WDM Driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 ha10kx2kk - c:\windows\system32\drivers\ha10kx2kk.sys (file missing)
S2 tmevtmgr - c:\windows\system32\drivers\tmevtmgr.sys (file missing)
S3 AdwareRemovalSysGuardDriver - c:\program files\eadwareremoval\sysguard.sys (file missing)
S3 Razerlow (Razer Copperhead Driver) - c:\windows\system32\drivers\razerlow.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S3 SANDRA - c:\program files\sisoftware\sisoftware sandra standard\sandra.sys <Not Verified; SiSoftware; SiSoftware Sandra™ 2003>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S2 AdwareRemovalSysGuardService (System Guard(AdwareRemoval)) -
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 Viewpoint Manager Service -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-15 00:02:40 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-05-14 00:33:00 410 --a------ C:\WINDOWS\Tasks\ParetoLogic Update.job
2008-05-09 03:00:00 446 --a------ C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job
2008-05-08 03:00:00 370 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-15 00:12:34 101440 --a------ C:\WINDOWS\system32\tcwgurea.dll
2008-05-15 00:08:33 3648 --a------ C:\WINDOWS\system32\wdkpovat.dll
2008-05-15 00:08:27 96832 --a------ C:\WINDOWS\system32\wmcklyog.dll
2008-05-15 00:07:47 1203386 --ahs---- C:\WINDOWS\system32\qAbHPXyb.ini2
2008-05-15 00:07:45 276992 --a------ C:\WINDOWS\system32\byXPHbAq.dll
2008-05-14 14:46:03 1205073 --ahs---- C:\WINDOWS\system32\CdJSuBeg.ini2
2008-05-14 08:11:33 2112 --a------ C:\WINDOWS\system32\dgbrskta.exe
2008-05-14 08:10:33 1204985 --ahs---- C:\WINDOWS\system32\QtENnUvw.ini2
2008-05-13 22:00:38 1182153 --ahs---- C:\WINDOWS\system32\ruDMonnn.ini2
2008-05-13 19:35:41 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-13 19:34:40 49174 --a------ C:\WINDOWS\system32\jnwnw64j.exe <Not Verified; ; Browser Driver>
2008-05-13 19:22:48 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-13 19:12:16 8191 --a------ C:\WINDOWS\17PHolmes572.exe
2008-05-13 19:10:57 52736 --a------ C:\WINDOWS\system32\vtUmKARl.dll
2008-05-13 19:07:41 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-13 19:07:10 401972 --a------ C:\WINDOWS\system32\g99.exe
2008-05-13 19:07:00 86144 --a------ C:\WINDOWS\system32\drivers\nulll.sys
2008-05-13 19:06:56 0 d-------- C:\WINDOWS\system32\polX
2008-05-13 19:06:56 0 d-------- C:\WINDOWS\system32\GUI2
2008-05-13 19:06:56 0 d-------- C:\WINDOWS\system32\binR
2008-05-13 19:06:55 0 d-------- C:\WINDOWS\system32\3036a
2008-05-13 19:06:45 0 d-------- C:\WINDOWS\system32\dFrnx01
2008-05-13 19:06:40 52736 --a------ C:\WINDOWS\system32\jkkJcAtU.dll
2008-05-12 21:17:40 2112 --a------ C:\WINDOWS\system32\eheepibd.exe
2008-05-12 20:21:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-12 04:14:51 21504 --a------ C:\WINDOWS\jestertb.dll
2008-05-11 20:51:28 2112 --a------ C:\WINDOWS\system32\mkyhwgqw.exe
2008-05-10 20:51:28 2112 --a------ C:\WINDOWS\system32\jakrmfci.exe
2008-05-09 20:51:28 2112 --a------ C:\WINDOWS\system32\qqxqwikq.exe
2008-05-08 20:52:44 2112 --a------ C:\WINDOWS\system32\wagydjws.exe
2008-05-08 20:43:43 1062118 --ahs---- C:\WINDOWS\system32\rXwyaGgh.ini2
2008-05-08 16:48:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-05-08 15:54:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-08 15:53:29 0 d-------- C:\Program Files\Security Task Manager
2008-05-08 00:08:03 105984 --a------ C:\WINDOWS\system32\gpxuvnhd.dll
2008-05-08 00:02:03 2048 --a------ C:\WINDOWS\system32\ciiaunqa.exe
2008-05-07 21:44:03 1041205 --ahs---- C:\WINDOWS\system32\ycdJlUtv.ini2
2008-05-06 19:06:51 1036383 --ahs---- C:\WINDOWS\system32\NUCLTvut.ini2
2008-05-06 16:01:20 0 d-------- C:\Documents and Settings\user\Application Data\Comodo
2008-05-06 16:01:19 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-06 16:01:18 0 d-------- C:\Program Files\COMODO
2008-05-06 15:52:56 0 d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-05-06 04:43:57 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-05-05 23:07:26 37888 --a------ C:\WINDOWS\system32\khfGxxwx.dll
2008-05-05 23:02:49 439558 --ahs---- C:\WINDOWS\system32\xwxyayxx.ini2
2008-05-05 22:57:23 0 d-------- C:\Documents and Settings\user\Application Data\?ppPatch
2008-05-05 22:57:05 0 d-------- C:\WINDOWS\system32\bkEur01
2008-05-05 22:57:04 37888 --a------ C:\WINDOWS\system32\cbXNFuvv.dll
2008-04-22 06:54:43 57344 --a------ C:\WINDOWS\system32\KWebFarm.dll <Not Verified; Kaplan IT; WebFarm>
2008-04-22 06:54:43 495616 --a------ C:\WINDOWS\system32\KDataService.dll <Not Verified; Kaplan IT; DataService>
2008-04-22 06:54:43 45056 --a------ C:\WINDOWS\system32\KCommon.dll <Not Verified; Kaplan IT; Common>
2008-04-22 06:54:43 172032 --a------ C:\WINDOWS\system32\KBusinessService.dll <Not Verified; Kaplan IT; BusinessService>
2008-04-22 06:54:43 24576 --a------ C:\WINDOWS\system32\IKUserInterface.dll <Not Verified; Kaplan IT; IUserInterface>
2008-04-22 06:54:43 20480 --a------ C:\WINDOWS\system32\IKLiveInterface.dll <Not Verified; Kaplan IT; IKLiveInterface>
2008-04-22 06:54:43 24576 --a------ C:\WINDOWS\system32\IKDataInterface.dll <Not Verified; Kaplan IT; IDataInterface>
2008-04-22 06:54:43 20480 --a------ C:\WINDOWS\system32\IKCryptionInterface.dll <Not Verified; Kaplan IT; ICryptionInterface>
2008-04-22 06:54:43 20480 --a------ C:\WINDOWS\system32\IKBusinessInterface.dll <Not Verified; Kaplan IT; IBusinessInterface>
2008-04-22 06:54:42 659456 --a------ C:\WINDOWS\system32\KUserService.dll <Not Verified; Kaplan IT; UserService>
2008-04-22 06:54:40 56 --a------ C:\WINDOWS\system32\nets12.dll
2008-04-22 06:54:38 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-22 06:54:37 0 d-------- C:\Program Files\SelfTest
2008-04-21 04:02:01 0 d-------- C:\Logs
2008-04-18 10:51:27 0 d-------- C:\Program Files\Tortun
2008-04-16 21:11:22 0 d-------- C:\Documents and Settings\user\Application Data\tor
2008-04-16 21:10:37 0 d-------- C:\Program Files\Vidalia Bundle
2008-04-16 21:10:37 0 d-------- C:\Documents and Settings\user\Application Data\Vidalia
2008-04-16 21:09:16 0 d-------- C:\Program Files\ProxyFirewall


-- Find3M Report ---------------------------------------------------------------

2008-05-14 01:29:54 0 d-------- C:\Documents and Settings\user\Application Data\??sembly
2008-05-13 20:15:29 0 d-------- C:\Program Files\Common Files
2008-05-12 22:36:43 0 d-------- C:\Program Files\Google
2008-05-12 19:54:09 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-05-09 01:37:18 0 d-------- C:\Documents and Settings\user\Application Data\BitTorrent
2008-05-06 04:58:58 0 d-------- C:\Documents and Settings\user\Application Data\?ppPatch
2008-05-06 04:43:57 6216 --a------ C:\WINDOWS\mozver.dat
2008-05-06 01:16:00 0 d-------- C:\Program Files\AIM6
2008-04-22 08:06:52 0 d-------- C:\Program Files\Trillian
2008-04-22 07:50:35 0 d-------- C:\Program Files\MSN Messenger
2008-04-21 04:04:46 0 d-------- C:\Program Files\World of Warcraft
2008-04-16 21:18:33 0 d-------- C:\Documents and Settings\user\Application Data\Ventrilo
2008-04-10 23:57:43 0 d-------- C:\Documents and Settings\user\Application Data\Creative
2008-04-09 00:01:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 23:22:23 0 d-------- C:\Program Files\ActiveX Control Pad
2008-04-08 23:22:22 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2008-04-08 23:22:22 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2008-04-08 23:22:22 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
2008-04-01 03:42:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-18 23:59:02 0 d-------- C:\Program Files\Winamp
2008-03-04 06:42:33 235875 --ahs---- C:\WINDOWS\system32\egjlm.ini2
2008-02-15 09:01:29 76551 --a----c- C:\WINDOWS\War3Unin.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6198855d-67c8-43a7-aebd-b2b66748bc08}]
05/15/2008 12:12 AM 101440 --a------ C:\WINDOWS\system32\tcwgurea.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6C54318-5AC7-477D-B0A7-49AF5189300C}]
05/05/2008 10:57 PM 37888 --a------ C:\WINDOWS\system32\cbXNFuvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6351D14-0F0F-48D4-8DF5-9D886CB80D8A}]
05/15/2008 12:07 AM 276992 --a------ C:\WINDOWS\system32\byXPHbAq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [06/29/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]
"CTHelper"="CTHELPER.EXE" [04/09/2007 12:32 PM C:\WINDOWS\system32\CtHelper.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05/06/2008 04:01 PM]
"BM3326c5c8"="C:\WINDOWS\system32\wmcklyog.dll" [05/15/2008 12:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/04/2008 05:16 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [01/21/2008 05:00 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 08:10 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"@"="" []
"ProxyFirewall"="C:\Program Files\ProxyFirewall\ProxyFirewall.exe" [03/26/2006 02:31 PM]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [11/22/2007 04:49 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [03/29/2007 11:08 AM 98304]
"{A6C54318-5AC7-477D-B0A7-49AF5189300C}"= C:\WINDOWS\system32\cbXNFuvv.dll [05/05/2008 10:57 PM 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 02:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNFuvv]
cbXNFuvv.dll 05/05/2008 10:57 PM 37888 C:\WINDOWS\system32\cbXNFuvv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXPHbAq

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93206688-1d81-11dd-988f-0013d4be1ebc}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8c9bd4e-1d8a-11dd-9890-0013d4be1ebc}]

*Newly Created Service* - GTNDIS5



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8369 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-15 00:13:42 ------------

Edited by Venomz, 14 May 2008 - 11:23 PM.

  • 0

#7
Venomz

Venomz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1023.48 MiB / 597.5 MiB
Pagefile Memory (total/avail): 2461.76 MiB / 2039.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 186.31 GiB total, 116.55 GiB free.
D: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - ST3200826AS - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.31 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v3.0 (COMODO) Disabled
AV: Trend Micro AntiVirus v16.00.1645 () Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\sheenifro\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\sheenifro\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1136520972\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1136520972\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1136520972\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1136520972\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Documents and Settings\\user\\Application Data\\U3\\0A01495090724895\\BBD53C04-8853-4202-B4B5-5194B0BC1696\\Exec\\AV\\AntiVirusApplication.exe"="C:\\Documents and Settings\\user\\Application Data\\U3\\0A01495090724895\\BBD53C04-8853-4202-B4B5-5194B0BC1696\\Exec\\AV\\AntiVirusApplication.exe:*:Enabled:PluginAntivirus DLL"
"C:\\Documents and Settings\\user\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\user\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\sheenifro\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\mirc\\mirc.exe"="C:\\mirc\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\user\\Desktop\\wow-ptr-downloader2.exe"="C:\\Documents and Settings\\user\\Desktop\\wow-ptr-downloader2.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\half-life\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\sheenifro\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\user\\Local Settings\\Temp\\Temporary Directory 1 for Patch-1.11.2.zip\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Documents and Settings\\user\\Local Settings\\Temp\\Temporary Directory 1 for Patch-1.11.2.zip\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\user\\Desktop\\Patch-1.11.2\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Documents and Settings\\user\\Desktop\\Patch-1.11.2\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\user\\Desktop\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe"="C:\\Documents and Settings\\user\\Desktop\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\user\\Desktop\\Flying_Mount_PC_EG-downloader.exe"="C:\\Documents and Settings\\user\\Desktop\\Flying_Mount_PC_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.12.0.5537-to-0.12.0.5561-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.12.0.5537-to-0.12.0.5561-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\user\\Desktop\\WoW-1.12.0.5590-to-2.0.1.6114-enUS-patch-downloader.exe"="C:\\Documents and Settings\\user\\Desktop\\WoW-1.12.0.5590-to-2.0.1.6114-enUS-patch-downloader.exe:*:Disabled:Blizzard Downloader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\\Documents and Settings\\user\\Desktop\\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe"="C:\\Documents and Settings\\user\\Desktop\\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\user\\Desktop\\WOWEx_Blizcon-downloader.exe"="C:\\Documents and Settings\\user\\Desktop\\WOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\user\\Desktop\\WoW\\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe"="C:\\Documents and Settings\\user\\Desktop\\WoW\\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\user\\Desktop\\Desktop 2\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\user\\Desktop\\Desktop 2\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\BitTorrent\\bittorrent .exe"="C:\\Program Files\\BitTorrent\\bittorrent .exe:*:Enabled:bittorrent "
"C:\\Program Files\\BitTorrent\\bittorrent .exe"="C:\\Program Files\\BitTorrent\\bittorrent .exe:*:Enabled:bittorrent "
"C:\\Program Files\\BitTorrent\\bittorrent .exe"="C:\\Program Files\\BitTorrent\\bittorrent .exe:*:Enabled:bittorrent "
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient .exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient .exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Tortun\\gui.exe"="C:\\Program Files\\Tortun\\gui.exe:*:Enabled:gui"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEVIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\DEVIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=DEVIN
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587BE58B-682F-4043-B197-2DF526196FEC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E07ADA35-25E5-4249-A0D3-6EB58BAEE220}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 9 Photo Manager --> MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ashampoo Movie Shrink & Burn 2 --> "C:\Program Files\Ashampoo\Ashampoo Movie Shrink & Burn 2\Uninstall\MSB2_Uninstall.EXE"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitDefender Total Security 2008 --> MsiExec.exe /I{C33A19F0-A3D8-45B4-B067-251D2DBABB1A}
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Compact Wireless-G USB Network Adapter with SpeedBooster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65563451-00B6-458C-9F9A-03A7757355A6}\setup.exe" -l0x9
CopperHead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D5CFB3-7095-4073-B6B7-B7E909838C57}\Setup.exe"
Creative DVD Audio Plugin for Audigy Series --> "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Deewoo Network Manager removal --> C:\WINDOWS\system32\tcntokdm.exe -UPop
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr. DivX 2.0 OSS --> C:\Program Files\DivX\Dr. DivX 2.0 OSS\Remove.exe
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll-uninst.exe
Feature Showcase Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587BE58B-682F-4043-B197-2DF526196FEC}\setup.exe" -l0x9 /remove
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Game Cam v1.4 --> MsiExec.exe /I{EBE7050B-7988-4BC3-BBFD-5C6828859483}
GameComm --> "C:\Program Files\GameComm\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Video Uploader --> "C:\Program Files\Google Video\Uninstall.exe"
Hauppauge WinTV Infrared Remote --> C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
Hauppauge WinTV Radio --> C:\PROGRA~1\WinTV\UNrad32.EXE C:\PROGRA~1\WinTV\RADIO32.LOG
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 5 --> "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.1_04 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACD27BF3-7CDC-11D7-9D4D-00010240CE95}\setup.exe" Anytext
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Logitech G-series Keyboard Software --> MsiExec.exe /X{0AE04A46-AA6D-430F-AE18-ACE1D5E59C0F}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Microsoft ActiveX Control Pad --> C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Rise Of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 8 Trial --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
Nero PhotoShow Express 4 --> "C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\Uninstall.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETg Learning Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Setup\Skillb\Uninstall\setup.exe"
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI DriveBackup! 3 Trial --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8FDD2A92-9F75-4706-B8C2-08499A9863E6} /l1033
NTI DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Privoxy 3.0.6 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
ProxyFirewall 1.0.4 Beta --> "C:\Program Files\ProxyFirewall\unins000.exe"
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Razer Copperhead --> C:\Program Files\InstallShield Installation Information\{28A946E1-E83B-4662-BC7C-23451851489E}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Ricochet Lost Worlds --> "C:\Program Files\Ricochet Lost Worlds\unins000.exe"
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Self Test Practice Test Engine --> C:\PROGRA~1\SelfTest\UNWISE.EXE C:\PROGRA~1\SelfTest\INSTALL.LOG
Self Test Software: Exam 220-601 --> C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\UNWISE.EXE C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\INSTALL.LOG
SiSoftware Sandra Standard MAX3! (The Guru of 3D Edition) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Standard\unins000.exe"
Skype 2.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Sony DVD Architect 4.0 --> MsiExec.exe /X{1AC38EA5-454C-4443-834F-6B34106581E1}
Sony Media Manager 2.2 --> MsiExec.exe /X{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}
Sony Vegas 7.0 --> MsiExec.exe /X{96965E6C-41DB-4E0A-BC65-D92381D51D2A}
Sounds Best On Sound Blaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E07ADA35-25E5-4249-A0D3-6EB58BAEE220}\Setup.exe" -l0x9 /remove
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tor 0.1.2.19 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
Tortun 0.73 --> "C:\Program Files\Tortun\unins000.exe"
Trend Micro AntiVirus --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro AntiVirus --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Vidalia 0.0.16 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=d76ccab02584da8d, processorArchitecture=msil
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove


-- Application Event Log -------------------------------------------------------

Event Record #/Type9017 / Error
Event Submitted/Written: 05/14/2008 04:26:14 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application PowerISO.exe, version 3.7.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type9009 / Error
Event Submitted/Written: 05/14/2008 02:39:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application regcure.exe, version 1.5.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [regcure.exe!ws!]

Event Record #/Type9000 / Error
Event Submitted/Written: 05/14/2008 01:23:58 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application spybotsd.exe, version 1.5.2.20, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [spybotsd.exe!ws!]

Event Record #/Type8985 / Error
Event Submitted/Written: 05/13/2008 07:17:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module hggaywxr.dll, version 0.0.0.0, fault address 0x00062ed3.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type8969 / Error
Event Submitted/Written: 05/12/2008 09:46:50 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 440333503.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13535 / Warning
Event Submitted/Written: 05/15/2008 00:13:32 AM
Event ID/Source: 257 / PlugPlayManager
Event Description:
Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"

Event Record #/Type13512 / Error
Event Submitted/Written: 05/15/2008 00:03:09 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Trend Micro Unauthorized Change Prevention Service service depends on the tmactmon service which failed to start because of the following error:
%%1068

Event Record #/Type13511 / Error
Event Submitted/Written: 05/15/2008 00:03:09 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The tmactmon service depends on the tmevtmgr service which failed to start because of the following error:
%%2

Event Record #/Type13510 / Error
Event Submitted/Written: 05/15/2008 00:03:09 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type13509 / Error
Event Submitted/Written: 05/15/2008 00:03:09 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmevtmgr service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-05-15 00:13:42 ------------

Edited by Venomz, 14 May 2008 - 11:27 PM.

  • 0

#8
Venomz

Venomz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hey, I haven't heard back from you yet so i thought i would try to give you some more information to help you diagnose the problem. One issue I seem to be having is that I am unable to view certain websites, some of the ones i am unable to view in Mozzila firefox i am able to view in Internet Explorer and some wont load on either. If i sit there and try to let it time out it doesn't, it will sit there and *try* to load for hours. The websites i am unable to view (that i know of) are: google search, yahoo, world of warcraft forums, geekstogo, and more. Some websites i am able to view the main page but unable to go to any of the sites features. For example i am able to view www.geekstogo.com but i am unable to access the forums or log in. Needless to say this is very irritating since i have to either go use a different computer in my house that is significantly slower than my own or go to my college to use one. Anyway I hope to hear from you soon, let me know if you would like me to download anything else to further help you. Thanks.
  • 0

#9
Venomz

Venomz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Well I decided to take the initiative and after several hours of browsing i convinced myself that i would run combofix, I decided this because of the numerous praises it has for everyone who has run it, as well as it being recommended quiet frequently on these forums, anyway just in case i will post the combofix log here if you want to take a look. (it did fix my problem of being able to view certain web pages.

ComboFix 08-05-15.3 - user 2008-05-16 14:33:08.1 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\YECMR7H7\www.broadcaster.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\user\Application Data\PPPATC~1
C:\Documents and Settings\user\Application Data\SEMBLY~1
C:\Documents and Settings\user\Application Data\SEMBLY~1\??sembly\
C:\Program Files\Common Files\asks~1
C:\Program Files\WinAble
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aagbpdhk.ini
C:\WINDOWS\system32\afbrhntb.ini
C:\WINDOWS\system32\aspyssdg.ini
C:\WINDOWS\system32\bhgvklky.ini
C:\WINDOWS\system32\bvnjnvax.ini
C:\WINDOWS\system32\caencbxm.ini
C:\WINDOWS\system32\CdJSuBeg.ini
C:\WINDOWS\system32\CdJSuBeg.ini2
C:\WINDOWS\system32\cexdyqfy.ini
C:\WINDOWS\system32\cgeywluk.ini
C:\WINDOWS\system32\ciheqapn.ini
C:\WINDOWS\system32\citaottq.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddopwswi.ini
C:\WINDOWS\system32\dgbrskta.exe
C:\WINDOWS\system32\dnvmvaeh.ini
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drwkgqab.ini
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\eheepibd.exe
C:\WINDOWS\system32\erwngrvr.ini
C:\WINDOWS\system32\evhljchy.ini
C:\WINDOWS\system32\eyccwsuu.ini
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\femnbzhk.dllbox
C:\WINDOWS\system32\fsryjosl.ini
C:\WINDOWS\system32\fublmxin.ini
C:\WINDOWS\system32\fwpwaavv.ini
C:\WINDOWS\system32\gbmjgwlh.ini
C:\WINDOWS\system32\giqnbert.ini
C:\WINDOWS\system32\gsbwocso.ini
C:\WINDOWS\system32\gxsuvesh.dll
C:\WINDOWS\system32\gxwgpsyi.ini
C:\WINDOWS\system32\hcgiedne.ini
C:\WINDOWS\system32\hcudjkyy.ini
C:\WINDOWS\system32\hfxgutwv.ini
C:\WINDOWS\system32\hkngmewj.ini
C:\WINDOWS\system32\hkwdjwby.ini
C:\WINDOWS\system32\hsevusxg.ini
C:\WINDOWS\system32\huinhgwy.ini
C:\WINDOWS\system32\idfktjba.ini
C:\WINDOWS\system32\ifbccfqq.ini
C:\WINDOWS\system32\ifdlyppq.ini
C:\WINDOWS\system32\iplfpjlp.exe
C:\WINDOWS\system32\jakrmfci.exe
C:\WINDOWS\system32\jedrtbxd.ini
C:\WINDOWS\system32\jeurstqs.ini
C:\WINDOWS\system32\jiossuyc.ini
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jtkueplh.ini
C:\WINDOWS\system32\jyrqulvl.ini
C:\WINDOWS\system32\kdnufnwo.ini
C:\WINDOWS\system32\kotcmijp.ini
C:\WINDOWS\system32\kskjovuv.ini
C:\WINDOWS\system32\ksumdcsf.ini
C:\WINDOWS\system32\ldkjgdjs.ini
C:\WINDOWS\system32\liidxapu.ini
C:\WINDOWS\system32\lwmwtlyq.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjmflets.ini
C:\WINDOWS\system32\mkyhwgqw.exe
C:\WINDOWS\system32\mplnjljh.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nets12.dll
C:\WINDOWS\system32\NUCLTvut.ini
C:\WINDOWS\system32\NUCLTvut.ini2
C:\WINDOWS\system32\nvsgfjod.ini
C:\WINDOWS\system32\oitvjvbo.ini
C:\WINDOWS\system32\ojuqjuka.ini
C:\WINDOWS\system32\ojxmnife.ini
C:\WINDOWS\system32\olgvbfuo.ini
C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.bak2
C:\WINDOWS\system32\oqtss.tmp
C:\WINDOWS\system32\oTt08e
C:\WINDOWS\system32\oukkukdl.ini
C:\WINDOWS\system32\ouyqwoxr.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\phkbxhjn.ini
C:\WINDOWS\system32\pingnnqw.ini
C:\WINDOWS\system32\pqbxmjvt.ini
C:\WINDOWS\system32\prgaybod.ini
C:\WINDOWS\system32\qAbHPXyb.ini
C:\WINDOWS\system32\qAbHPXyb.ini2
C:\WINDOWS\system32\qacxxtvl.ini
C:\WINDOWS\system32\qhkymxvy.ini
C:\WINDOWS\system32\qjmlifiu.ini
C:\WINDOWS\system32\qjtdvbwn.ini
C:\WINDOWS\system32\qqxqwikq.exe
C:\WINDOWS\system32\QtENnUvw.ini
C:\WINDOWS\system32\QtENnUvw.ini2
C:\WINDOWS\system32\rfatmsuv.ini
C:\WINDOWS\system32\rgvntyfc.ini
C:\WINDOWS\system32\riqvphvk.ini
C:\WINDOWS\system32\rlwcvcbi.ini
C:\WINDOWS\system32\rqdtnski.ini
C:\WINDOWS\system32\ruDMonnn.ini
C:\WINDOWS\system32\ruDMonnn.ini2
C:\WINDOWS\system32\rvsitvbn.ini
C:\WINDOWS\system32\rwfbbcip.ini
C:\WINDOWS\system32\rXwyaGgh.ini
C:\WINDOWS\system32\rXwyaGgh.ini2
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\sutycpav.ini
C:\WINDOWS\system32\sxioyduw.ini
C:\WINDOWS\system32\thlyinay.ini
C:\WINDOWS\system32\tigmoaqp.ini
C:\WINDOWS\system32\tknupfkg.ini
C:\WINDOWS\system32\tpuwolna.ini
C:\WINDOWS\system32\tqnllomn.ini
C:\WINDOWS\system32\tqypfrya.ini
C:\WINDOWS\system32\tsveyngw.ini
C:\WINDOWS\system32\tvkhwvqt.ini
C:\WINDOWS\system32\ugymmmhd.ini
C:\WINDOWS\system32\ususmsgu.ini
C:\WINDOWS\system32\vehanoxb.ini
C:\WINDOWS\system32\vMW10a
C:\WINDOWS\system32\vvieyvyf.ini
C:\WINDOWS\system32\wagydjws.exe
C:\WINDOWS\system32\wanfwukv.ini
C:\WINDOWS\system32\wfhtmoeq.ini
C:\WINDOWS\system32\wjylqxor.ini
C:\WINDOWS\system32\wkoyxrhq.ini
C:\WINDOWS\system32\wmcklyog.dll
C:\WINDOWS\system32\wntdqauy.ini
C:\WINDOWS\system32\wplupcqo.ini
C:\WINDOWS\system32\wqgcmvkn.ini
C:\WINDOWS\system32\wuslgnma.ini
C:\WINDOWS\system32\wwxuknpf.ini
C:\WINDOWS\system32\xgwlblff.ini
C:\WINDOWS\system32\xibluyej.ini
C:\WINDOWS\system32\xkvbefkg.ini
C:\WINDOWS\system32\xwxyayxx.ini
C:\WINDOWS\system32\xwxyayxx.ini2
C:\WINDOWS\system32\ycdJlUtv.ini
C:\WINDOWS\system32\ycdJlUtv.ini2
C:\WINDOWS\system32\yjmayfyk.ini
C:\WINDOWS\system32\ylixytkw.ini
C:\WINDOWS\system32\yoqyfndm.ini
C:\WINDOWS\system32\yvhjdbbd.ini
C:\WINDOWS\system32\ywvosesd.ini
C:\WINDOWS\system32\yyxjbakl.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-15 00:09 . 2008-05-15 00:09 <DIR> d-------- C:\Deckard
2008-05-15 00:00 . 2008-05-15 00:00 <DIR> d-------- C:\_OTMoveIt
2008-05-13 19:35 . 2008-05-13 19:35 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-13 19:22 . 2008-05-13 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-13 19:07 . 2008-05-13 19:07 401,972 --a------ C:\WINDOWS\system32\g99.exe
2008-05-13 19:07 . 2008-05-13 19:07 63,902 --a------ C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll-uninst.exe
2008-05-13 19:07 . 2008-05-13 19:07 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-13 19:06 . 2008-05-13 19:06 <DIR> d-------- C:\WINDOWS\system32\polX
2008-05-13 19:06 . 2008-05-15 13:29 <DIR> d-------- C:\WINDOWS\system32\GUI2
2008-05-13 19:06 . 2008-05-13 19:06 <DIR> d-------- C:\WINDOWS\system32\dFrnx01
2008-05-13 19:06 . 2008-05-15 13:29 <DIR> d-------- C:\WINDOWS\system32\binR
2008-05-13 19:06 . 2008-05-14 01:29 <DIR> d-------- C:\WINDOWS\system32\3036a
2008-05-12 20:21 . 2008-05-12 20:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-12 20:06 . 2008-05-12 20:06 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-12 20:06 . 2008-05-12 20:06 22,328 --a------ C:\Documents and Settings\user\Application Data\PnkBstrK.sys
2008-05-12 04:14 . 2008-05-12 04:14 21,504 --a------ C:\WINDOWS\jestertb.dll
2008-05-08 16:01 . 2008-05-08 16:48 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-08 15:54 . 2008-05-15 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-06 16:01 . 2008-05-06 16:01 <DIR> d-------- C:\Program Files\COMODO
2008-05-06 16:01 . 2008-05-06 16:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Comodo
2008-05-06 16:01 . 2008-05-06 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-06 16:01 . 2008-05-06 16:01 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-06 16:01 . 2008-05-06 16:01 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-06 16:01 . 2008-05-06 16:01 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-06 15:52 . 2008-05-06 15:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-05-06 04:43 . 2008-05-06 04:43 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-05-06 01:29 . 2008-05-06 01:29 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-05-05 22:57 . 2008-05-05 22:57 <DIR> d-------- C:\WINDOWS\system32\bkEur01
2008-04-22 06:54 . 2008-04-22 06:57 <DIR> d-------- C:\Program Files\SelfTest
2008-04-21 04:02 . 2008-04-21 04:02 <DIR> d-------- C:\Logs
2008-04-18 10:51 . 2008-04-18 10:51 <DIR> d-------- C:\Program Files\Tortun
2008-04-16 21:11 . 2008-05-15 00:04 <DIR> d-------- C:\Documents and Settings\user\Application Data\tor
2008-04-16 21:10 . 2008-05-15 12:53 <DIR> d-------- C:\Program Files\Vidalia Bundle
2008-04-16 21:09 . 2008-05-15 12:52 <DIR> d-------- C:\Program Files\ProxyFirewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 19:37 --------- d-----w C:\Program Files\Trend Micro
2008-05-13 03:36 --------- d-----w C:\Program Files\Google
2008-05-13 02:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 00:54 --------- d-----w C:\Documents and Settings\user\Application Data\U3
2008-05-09 06:37 --------- d-----w C:\Documents and Settings\user\Application Data\BitTorrent
2008-05-06 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 21:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-06 06:16 --------- d-----w C:\Program Files\AIM6
2008-05-01 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-26 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-22 13:06 --------- d-----w C:\Program Files\Trillian
2008-04-22 12:50 --------- d-----w C:\Program Files\MSN Messenger
2008-04-21 09:04 --------- d-----w C:\Program Files\World of Warcraft
2008-04-18 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-17 02:18 --------- d-----w C:\Documents and Settings\user\Application Data\Ventrilo
2008-04-11 04:57 --------- d-----w C:\Documents and Settings\user\Application Data\Creative
2008-04-09 05:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 04:22 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL
2008-04-09 04:22 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL
2008-04-09 04:22 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL
2008-04-09 04:22 --------- d-----w C:\Program Files\ActiveX Control Pad
2008-04-01 08:42 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-01 07:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 04:59 --------- d-----w C:\Program Files\Winamp
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-07-11 23:13 0 ----a-w C:\Documents and Settings\user\WoW-1.11.1.5462-to-1.11.2.5464-enUS-patch.exe
2006-01-25 09:03 1,470 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
<pre>
----a-w		 3,461,120 2008-01-20 17:56:54  C:\Documents and Settings\user\My Documents\Videos\Veoh\AppBackup\VeohClient .exe
----a-w			43,008 2008-01-20 17:56:48  C:\Program Files\BitTorrent\bittorrent	.exe
----a-w			43,008 2008-01-20 17:35:18  C:\Program Files\BitTorrent\bittorrent  .exe
----a-w			43,008 2008-01-21 22:00:50  C:\Program Files\BitTorrent\bittorrent .exe
-c--a-w			50,760 2008-01-23 19:34:28  C:\Program Files\Common Files\AOL\1136520972\ee\AOLSoftware .exe
-c--a-w		   124,520 2008-01-21 21:37:05  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
-c--a-w		   700,416 2008-01-20 17:56:50  C:\Program Files\Creative\Sync Manager Unicode\CTSyncU .exe
-c--a-w			68,856 2008-01-20 17:56:48  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
-c--a-w		   257,088 2008-01-23 19:34:28  C:\Program Files\iTunes\iTunesHelper .exe
-c--a-w		   132,496 2008-01-21 21:37:01  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
-c--a-w		   188,416 2008-01-21 21:37:05  C:\Program Files\Logitech\G-series Software\LCDMon .exe
-c--a-w		 1,110,080 2008-01-21 21:37:06  C:\Program Files\Logitech\G-series Software\LGDCore .exe
----a-w		 5,674,352 2008-01-23 01:18:36  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w		 2,639,472 2008-01-20 17:56:50  C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS .exe
-c--a-w		   200,704 2008-01-21 21:37:03  C:\Program Files\PowerISO\PWRISOVM .EXE
-c--a-w		   286,720 2008-01-21 21:41:56  C:\Program Files\QuickTime\qttask	.exe
-c--a-w		   286,720 2008-01-21 22:17:44  C:\Program Files\QuickTime\qttask   .exe
-c--a-w		   286,720 2008-01-21 22:17:44  C:\Program Files\QuickTime\qttask  .exe
-c--a-w		   286,720 2008-01-20 17:35:21  C:\Program Files\QuickTime\qttask .exe
----a-w		   155,648 2008-01-21 21:37:02  C:\Program Files\Razer\CopperHead\razerhid .exe
-c--a-w		 1,266,936 2008-01-21 21:37:11  C:\Program Files\Steam\Steam .exe
----a-w		 3,461,120 2008-01-20 17:56:54  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
-c--a-w		   158,208 2008-01-21 21:33:08  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2008-01-22 15:10:49  C:\WINDOWS\system32\ctfmon .exe
</pre>


------- Sigcheck -------

2005-11-11 07:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 05:16 1481968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"ProxyFirewall"="C:\Program Files\ProxyFirewall\ProxyFirewall.exe" [2006-03-26 14:31 431104]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-06 16:01 1572608]
"3015f654"="C:\WINDOWS\system32\njhxbkhp.dll" [ ]
"{db85face-542b-eb81-ec3a-483801d63000}"="C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll" [ ]
"BM3326c5c8"="C:\WINDOWS\system32\wmcklyog.dll" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [2007-03-29 11:08 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"MSACM.MSNAUDIO"= msnaudio.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-21 17:17 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136520972\\ee\\aim6.exe"=
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\day of defeat\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\half-life\\hl.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\user\\Desktop\\Desktop 2\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent .exe"=
"C:\\Program Files\\BitTorrent\\bittorrent .exe"=
"C:\\Program Files\\BitTorrent\\bittorrent .exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient .exe"=
"C:\\Program Files\\Tortun\\gui.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:War III host ability
"6113:TCP"= 6113:TCP:War III host ability
"6114:TCP"= 6114:TCP:War III host ability
"6115:TCP"= 6115:TCP:War III host ability
"6116:TCP"= 6116:TCP:War III host ability
"6117:TCP"= 6117:TCP:War III host ability
"6118:TCP"= 6118:TCP:War III host ability
"6119:TCP"= 6119:TCP:War III host ability
"6112:UDP"= 6112:UDP:War III host ability
"6113:UDP"= 6113:UDP:War III host ability
"6114:UDP"= 6114:UDP:War III host ability
"6115:UDP"= 6115:UDP:War III host ability
"6116:UDP"= 6116:UDP:War III host ability
"6117:UDP"= 6117:UDP:War III host ability
"6118:UDP"= 6118:UDP:War III host ability
"6119:UDP"= 6119:UDP:War III host ability
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 08:00:00 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job"
- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
"2008-05-16 05:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\Pareto_Update.exe
"2008-05-16 19:37:38 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-15 08:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 14:38:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-05-16 14:44:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 19:44:44

Pre-Run: 125,085,278,208 bytes free
Post-Run: 124,970,889,216 bytes free

426 --- E O F --- 2008-04-10 10:16:19
  • 0

#10
Ness

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello again Venomz

So we have a WoW player in our midst eh? I play WoW way too much :) 70 shadow priest and 70 rogue ... I'm such a loser :)

1. HiJackThis Fix
------------------------------------------------


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.


O2 - BHO: {80cb8476-6b2b-dbea-7a34-8c76d5588916} - {6198855d-67c8-43a7-aebd-b2b66748bc08} - C:\WINDOWS\system32\tcwgurea.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\cbXNFuvv.dll
O2 - BHO: (no name) - {C6351D14-0F0F-48D4-8DF5-9D886CB80D8A} - C:\WINDOWS\system32\byXPHbAq.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [BM3326c5c8] Rundll32.exe "C:\WINDOWS\system32\wmcklyog.dll",s
O20 - Winlogon Notify: cbXNFuvv - C:\WINDOWS\SYSTEM32\cbXNFuvv.dll
O23 - Service: System Guard(AdwareRemoval) (AdwareRemovalSysGuardService) - Unknown owner - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. ComboFix Script
------------------------------------------------


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\g99.exe
C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll-uninst.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\tcwgurea.dll
C:\WINDOWS\system32\wdkpovat.dll
C:\WINDOWS\system32\byXPHbAq.dll
C:\WINDOWS\system32\jnwnw64j.exe
C:\WINDOWS\system32\vtUmKARl.dll
C:\WINDOWS\system32\drivers\nulll.sys
C:\WINDOWS\system32\jkkJcAtU.dll
C:\WINDOWS\system32\gpxuvnhd.dll
C:\WINDOWS\system32\ciiaunqa.exe
C:\WINDOWS\system32\khfGxxwx.dll
C:\WINDOWS\system32\cbXNFuvv.dll

Folder::
C:\WINDOWS\system32\polX
C:\WINDOWS\system32\GUI2
C:\WINDOWS\system32\dFrnx01
C:\WINDOWS\system32\binR
C:\WINDOWS\system32\3036a
C:\WINDOWS\system32\polX
C:\WINDOWS\system32\GUI2
C:\WINDOWS\system32\binR
C:\WINDOWS\system32\3036a
C:\WINDOWS\system32\dFrnx01
C:\WINDOWS\system32\bkEur01

Driver::
nulll
ha10kx2kk
sysguard



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the new ComboFix log.

Finally, post a new DSS log.

In your next post
------------------------------------------------

  • ComboFix Log
  • New DSS Log

Edited by Nys, 20 May 2008 - 03:59 AM.

  • 0

#11
Venomz

Venomz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Well i kind of quit playing wow around oct last year, i got to BT and Hyjal and decided that a girlfriend, and social life and such were better options. I had a level 70 mage decked with the best gear around that time. I am sure i could PvP and get updated if i really wanted to, le sigh. Anyway here is the combo fix log. One more thing I removed all those entries in hijack this but it didn't remove the sysgaurd one.

ComboFix 08-05-15.3 - user 2008-05-20 17:53:36.2 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll-uninst.exe
C:\WINDOWS\system32\byXPHbAq.dll
C:\WINDOWS\system32\cbXNFuvv.dll
C:\WINDOWS\system32\ciiaunqa.exe
C:\WINDOWS\system32\drivers\nulll.sys
C:\WINDOWS\system32\g99.exe
C:\WINDOWS\system32\gpxuvnhd.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jkkJcAtU.dll
C:\WINDOWS\system32\jnwnw64j.exe
C:\WINDOWS\system32\khfGxxwx.dll
C:\WINDOWS\system32\tcwgurea.dll
C:\WINDOWS\system32\vtUmKARl.dll
C:\WINDOWS\system32\wdkpovat.dll
C:\WINDOWS\system32\winpfz33.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll-uninst.exe
C:\WINDOWS\system32\3036a
C:\WINDOWS\system32\binR
C:\WINDOWS\system32\bkEur01
C:\WINDOWS\system32\bkEur01\bkEur011065.exe
C:\WINDOWS\system32\dFrnx01
C:\WINDOWS\system32\dFrnx01\dFrnx011065.exe
C:\WINDOWS\system32\g99.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\GUI2
C:\WINDOWS\system32\polX
C:\WINDOWS\system32\polX\roEbdll2.exe
C:\WINDOWS\system32\winpfz33.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HA10KX2KK
-------\Legacy_NULLL
-------\Service_ha10kx2kk
-------\Service_nulll


((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-17 11:05 . 2008-05-17 11:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-05-16 19:07 . 2004-08-04 00:56 4,255 --a--c--- C:\WINDOWS\system32\dllcache\adv01nt5.dll
2008-05-16 19:07 . 2004-08-04 00:56 3,967 --a--c--- C:\WINDOWS\system32\dllcache\adv02nt5.dll
2008-05-15 00:09 . 2008-05-15 00:09 <DIR> d-------- C:\Deckard
2008-05-15 00:00 . 2008-05-15 00:00 <DIR> d-------- C:\_OTMoveIt
2008-05-13 19:22 . 2008-05-13 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-12 20:21 . 2008-05-12 20:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-12 20:06 . 2008-05-12 20:06 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-12 20:06 . 2008-05-12 20:06 22,328 --a------ C:\Documents and Settings\user\Application Data\PnkBstrK.sys
2008-05-12 04:14 . 2008-05-12 04:14 21,504 --a------ C:\WINDOWS\jestertb.dll
2008-05-08 16:01 . 2008-05-08 16:48 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-08 15:54 . 2008-05-15 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-06 16:01 . 2008-05-06 16:01 <DIR> d-------- C:\Program Files\COMODO
2008-05-06 16:01 . 2008-05-06 16:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Comodo
2008-05-06 16:01 . 2008-05-06 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-06 16:01 . 2008-05-06 16:01 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-06 16:01 . 2008-05-06 16:01 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-06 16:01 . 2008-05-06 16:01 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-06 15:52 . 2008-05-06 15:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-05-06 04:43 . 2008-05-06 04:43 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-05-06 01:29 . 2008-05-06 01:29 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-22 06:54 . 2008-04-22 06:57 <DIR> d-------- C:\Program Files\SelfTest
2008-04-21 04:02 . 2008-04-21 04:02 <DIR> d-------- C:\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 19:37 --------- d-----w C:\Program Files\Trend Micro
2008-05-15 17:53 --------- d-----w C:\Program Files\Vidalia Bundle
2008-05-15 17:52 --------- d-----w C:\Program Files\ProxyFirewall
2008-05-15 05:04 --------- d-----w C:\Documents and Settings\user\Application Data\tor
2008-05-13 03:36 --------- d-----w C:\Program Files\Google
2008-05-13 02:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 00:54 --------- d-----w C:\Documents and Settings\user\Application Data\U3
2008-05-09 06:37 --------- d-----w C:\Documents and Settings\user\Application Data\BitTorrent
2008-05-06 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 21:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-06 06:16 --------- d-----w C:\Program Files\AIM6
2008-05-01 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-26 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-22 13:06 --------- d-----w C:\Program Files\Trillian
2008-04-22 12:50 --------- d-----w C:\Program Files\MSN Messenger
2008-04-21 09:04 --------- d-----w C:\Program Files\World of Warcraft
2008-04-18 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-18 15:51 --------- d-----w C:\Program Files\Tortun
2008-04-17 02:18 --------- d-----w C:\Documents and Settings\user\Application Data\Ventrilo
2008-04-11 04:57 --------- d-----w C:\Documents and Settings\user\Application Data\Creative
2008-04-09 05:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 04:22 --------- d-----w C:\Program Files\ActiveX Control Pad
2008-04-01 08:42 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-01 07:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2006-07-11 23:13 0 ----a-w C:\Documents and Settings\user\WoW-1.11.1.5462-to-1.11.2.5464-enUS-patch.exe
2006-01-25 09:03 1,470 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
<pre>
----a-w		 3,461,120 2008-01-20 17:56:54  C:\Documents and Settings\user\My Documents\Videos\Veoh\AppBackup\VeohClient .exe
----a-w			43,008 2008-01-20 17:56:48  C:\Program Files\BitTorrent\bittorrent	.exe
----a-w			43,008 2008-01-20 17:35:18  C:\Program Files\BitTorrent\bittorrent  .exe
----a-w			43,008 2008-01-21 22:00:50  C:\Program Files\BitTorrent\bittorrent .exe
-c--a-w			50,760 2008-01-23 19:34:28  C:\Program Files\Common Files\AOL\1136520972\ee\AOLSoftware .exe
-c--a-w		   124,520 2008-01-21 21:37:05  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
-c--a-w		   700,416 2008-01-20 17:56:50  C:\Program Files\Creative\Sync Manager Unicode\CTSyncU .exe
-c--a-w			68,856 2008-01-20 17:56:48  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
-c--a-w		   257,088 2008-01-23 19:34:28  C:\Program Files\iTunes\iTunesHelper .exe
-c--a-w		   132,496 2008-01-21 21:37:01  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
-c--a-w		   188,416 2008-01-21 21:37:05  C:\Program Files\Logitech\G-series Software\LCDMon .exe
-c--a-w		 1,110,080 2008-01-21 21:37:06  C:\Program Files\Logitech\G-series Software\LGDCore .exe
----a-w		 5,674,352 2008-01-23 01:18:36  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w		 2,639,472 2008-01-20 17:56:50  C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS .exe
-c--a-w		   200,704 2008-01-21 21:37:03  C:\Program Files\PowerISO\PWRISOVM .EXE
-c--a-w		   286,720 2008-01-21 21:41:56  C:\Program Files\QuickTime\qttask	.exe
-c--a-w		   286,720 2008-01-21 22:17:44  C:\Program Files\QuickTime\qttask   .exe
-c--a-w		   286,720 2008-01-21 22:17:44  C:\Program Files\QuickTime\qttask  .exe
-c--a-w		   286,720 2008-01-20 17:35:21  C:\Program Files\QuickTime\qttask .exe
----a-w		   155,648 2008-01-21 21:37:02  C:\Program Files\Razer\CopperHead\razerhid .exe
-c--a-w		 1,266,936 2008-01-21 21:37:11  C:\Program Files\Steam\Steam .exe
----a-w		 3,461,120 2008-01-20 17:56:54  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
-c--a-w		   158,208 2008-01-21 21:33:08  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2008-01-22 15:10:49  C:\WINDOWS\system32\ctfmon .exe
</pre>


------- Sigcheck -------

2005-11-11 07:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 05:16 1481968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"ProxyFirewall"="C:\Program Files\ProxyFirewall\ProxyFirewall.exe" [2006-03-26 14:31 431104]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-06 16:01 1572608]
"3015f654"="C:\WINDOWS\system32\njhxbkhp.dll" [ ]
"{db85face-542b-eb81-ec3a-483801d63000}"="C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [2007-03-29 11:08 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"MSACM.MSNAUDIO"= msnaudio.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-21 17:17 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136520972\\ee\\aim6.exe"=
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\day of defeat\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"C:\\Program Files\\Steam\\SteamApps\\sheenifro\\half-life\\hl.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\user\\Desktop\\Desktop 2\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent .exe"=
"C:\\Program Files\\BitTorrent\\bittorrent .exe"=
"C:\\Program Files\\BitTorrent\\bittorrent .exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient .exe"=
"C:\\Program Files\\Tortun\\gui.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:War III host ability
"6113:TCP"= 6113:TCP:War III host ability
"6114:TCP"= 6114:TCP:War III host ability
"6115:TCP"= 6115:TCP:War III host ability
"6116:TCP"= 6116:TCP:War III host ability
"6117:TCP"= 6117:TCP:War III host ability
"6118:TCP"= 6118:TCP:War III host ability
"6119:TCP"= 6119:TCP:War III host ability
"6112:UDP"= 6112:UDP:War III host ability
"6113:UDP"= 6113:UDP:War III host ability
"6114:UDP"= 6114:UDP:War III host ability
"6115:UDP"= 6115:UDP:War III host ability
"6116:UDP"= 6116:UDP:War III host ability
"6117:UDP"= 6117:UDP:War III host ability
"6118:UDP"= 6118:UDP:War III host ability
"6119:UDP"= 6119:UDP:War III host ability
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 08:00:00 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job"
- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
"2008-05-20 05:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\Pareto_Update.exe
"2008-05-20 22:57:54 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-15 08:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 17:58:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-05-20 18:03:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 23:03:41
ComboFix2.txt 2008-05-16 19:44:49

Pre-Run: 125,023,383,552 bytes free
Post-Run: 125,002,461,184 bytes free

283 --- E O F --- 2008-04-10 10:16:19
  • 0

#12
Venomz

Venomz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the Deckard's System Scanner.

Deckard's System Scanner v20071014.68
Run by user on 2008-05-20 18:05:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:24 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [3015f654] rundll32.exe "C:\WINDOWS\system32\njhxbkhp.dll",b
O4 - HKLM\..\Run: [{db85face-542b-eb81-ec3a-483801d63000}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll" DllInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ProxyFirewall] C:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v5.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: System Guard(AdwareRemoval) (AdwareRemovalSysGuardService) - Unknown owner - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

--
End of file - 6659 bytes

-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-17 11:05:30 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-05-16 14:29:34 68096 --a------ C:\WINDOWS\zip.exe
2008-05-16 14:29:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-16 14:29:34 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-16 14:29:34 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-16 14:29:34 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-16 14:29:34 98816 --a------ C:\WINDOWS\sed.exe
2008-05-16 14:29:34 80412 --a------ C:\WINDOWS\grep.exe
2008-05-16 14:29:34 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-13 19:22:48 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-12 20:21:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-12 04:14:51 21504 --a------ C:\WINDOWS\jestertb.dll
2008-05-08 16:48:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-05-08 15:54:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-06 16:01:20 0 d-------- C:\Documents and Settings\user\Application Data\Comodo
2008-05-06 16:01:19 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-06 16:01:18 0 d-------- C:\Program Files\COMODO
2008-05-06 15:52:56 0 d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-05-06 04:43:57 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-04-22 06:54:43 57344 --a------ C:\WINDOWS\system32\KWebFarm.dll <Not Verified; Kaplan IT; WebFarm>
2008-04-22 06:54:43 495616 --a------ C:\WINDOWS\system32\KDataService.dll <Not Verified; Kaplan IT; DataService>
2008-04-22 06:54:43 45056 --a------ C:\WINDOWS\system32\KCommon.dll <Not Verified; Kaplan IT; Common>
2008-04-22 06:54:43 172032 --a------ C:\WINDOWS\system32\KBusinessService.dll <Not Verified; Kaplan IT; BusinessService>
2008-04-22 06:54:43 24576 --a------ C:\WINDOWS\system32\IKUserInterface.dll <Not Verified; Kaplan IT; IUserInterface>
2008-04-22 06:54:43 20480 --a------ C:\WINDOWS\system32\IKLiveInterface.dll <Not Verified; Kaplan IT; IKLiveInterface>
2008-04-22 06:54:43 24576 --a------ C:\WINDOWS\system32\IKDataInterface.dll <Not Verified; Kaplan IT; IDataInterface>
2008-04-22 06:54:43 20480 --a------ C:\WINDOWS\system32\IKCryptionInterface.dll <Not Verified; Kaplan IT; ICryptionInterface>
2008-04-22 06:54:43 20480 --a------ C:\WINDOWS\system32\IKBusinessInterface.dll <Not Verified; Kaplan IT; IBusinessInterface>
2008-04-22 06:54:42 659456 --a------ C:\WINDOWS\system32\KUserService.dll <Not Verified; Kaplan IT; UserService>
2008-04-22 06:54:38 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-22 06:54:37 0 d-------- C:\Program Files\SelfTest
2008-04-21 04:02:01 0 d-------- C:\Logs


-- Find3M Report ---------------------------------------------------------------

2008-05-16 14:37:18 0 d-------- C:\Program Files\Trend Micro
2008-05-16 14:33:18 0 d-------- C:\Program Files\Common Files
2008-05-15 12:53:08 0 d-------- C:\Program Files\Vidalia Bundle
2008-05-15 12:52:36 0 d-------- C:\Program Files\ProxyFirewall
2008-05-15 00:04:36 0 d-------- C:\Documents and Settings\user\Application Data\tor
2008-05-12 22:36:43 0 d-------- C:\Program Files\Google
2008-05-12 19:54:09 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-05-09 01:37:18 0 d-------- C:\Documents and Settings\user\Application Data\BitTorrent
2008-05-06 04:43:57 6216 --a------ C:\WINDOWS\mozver.dat
2008-05-06 01:16:00 0 d-------- C:\Program Files\AIM6
2008-04-22 08:06:52 0 d-------- C:\Program Files\Trillian
2008-04-22 07:50:35 0 d-------- C:\Program Files\MSN Messenger
2008-04-21 04:04:46 0 d-------- C:\Program Files\World of Warcraft
2008-04-18 10:51:30 0 d-------- C:\Program Files\Tortun
2008-04-16 21:18:33 0 d-------- C:\Documents and Settings\user\Application Data\Ventrilo
2008-04-10 23:57:43 0 d-------- C:\Documents and Settings\user\Application Data\Creative
2008-04-09 00:01:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 23:22:23 0 d-------- C:\Program Files\ActiveX Control Pad
2008-04-08 23:22:22 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2008-04-08 23:22:22 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2008-04-08 23:22:22 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
2008-04-01 03:42:02 0 d-------- C:\Program Files\SUPERAntiSpyware


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [06/29/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]
"CTHelper"="CTHELPER.EXE" [04/09/2007 12:32 PM C:\WINDOWS\system32\CtHelper.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05/06/2008 04:01 PM]
"3015f654"="C:\WINDOWS\system32\njhxbkhp.dll" []
"{db85face-542b-eb81-ec3a-483801d63000}"="C:\WINDOWS\system32\{fac000c6-679a-e882-15b7-8e622bf1a332}.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/04/2008 05:16 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 08:10 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"ProxyFirewall"="C:\Program Files\ProxyFirewall\ProxyFirewall.exe" [03/26/2006 02:31 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [03/29/2007 11:08 AM 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan




-- End of Deckard's System Scanner: finished at 2008-05-20 18:05:44 ------------
  • 0

#13
Ness

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello again Venmoz

I've been thinking of quitting WoW lately. However, I need a reason. When I get to college and I meet a nice girl, that game is gone :) ... for now, it's my hobby.

Note: In order for the following fix to work I need you to disable Spybot SD TeaTimer as it is know to interfere with HiJackThis fixes.

1. Update Java
------------------------------------------------


Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    Downloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

2. HiJackThis Fix
------------------------------------------------


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [3015f654] rundll32.exe "C:\WINDOWS\system32\njhxbkhp.dll",b

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

3. Registry Fix
------------------------------------------------


The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Please go to Start > Run and type in notepad.exe. Copy and paste the following code in exactly as shown below beginning with REGEDIT4:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3015f654"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Save the file as regfix1.reg on to your desktop. Now go to your desktop and double click the file.

Confirm that you wish to merge it with registry.

4. Online Scan
------------------------------------------------


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Finally post a fresh DSS log.

In your next post
------------------------------------------------

  • Kaspersky Log
  • Fresh DSS Log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP