Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help me please im desperate!

Started by adamj2008 , May 16 2008 09:13 PM

  • Please log in to reply

#1
adamj2008
Posted 16 May 2008 - 09:13 PM

adamj2008

    New Member

  • Member
  • Pip
  • 8 posts
hi guys im on windows xp and i turned onmy computer tonight and every so often my taskbar and desktop items keep disapearing for no reason!! ive done a full system scan and found no errors i have looked around the net and seems alot have this problem! im not very technically minded so i would really appreciate help as i have so much work to do as im currently doing my gcse's and need the computer but it wont let me do anything or see anything with this problem!! ive posted a log from micro trends hijak

PLEASE HELP ME I NEED THIS COMPUTER SO BADLY THIS WEEKEND!!!
thanks guys heres the log!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:08:43, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\oem.ADAM\Local Settings\Temporary Internet Files\Content.IE5\7D7FMGXK\hijackthis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...v...nt&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\tuvWnoOG.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CEAC2265-CFB4-4DB3-A742-4DE5E81C2BA4} - C:\WINDOWS\system32\qoMeBtQJ.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\OEM~1.ADA\Desktop\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161349_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161345_mcinfo.exe /insfin
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206477721343
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O20 - Winlogon Notify: tuvWnoOG - C:\WINDOWS\SYSTEM32\tuvWnoOG.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: countdown2 - http://gtahq.multipl...tdown21024.html

--
End of file - 8264 bytes
  • 0

Advertisements

#2
adamj2008
Posted 17 May 2008 - 04:21 AM

adamj2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
anybody please???
  • 0

#3
Tal
Posted 17 May 2008 - 04:35 AM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi adamj2008,

Please be patient. Our helpers are very busy and remember that there are timezone differences.

My name is Tal, and I will be helping you in the process of removing malware from your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • Please don't be afraid to ask questions! :) No question is considered dumb here. It's better to be safe than sorry!
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! :)

You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed.

You have quite a collection there, as I know this infection from other logs. I hope that you are familiar with running tasks from the Task Manager? If not, let me explain. If and when your desktop crashes, and we'll need to do a fix, press CTRL+ALT+DELETE to bring up the Task Manager, then click on New Task, browse to the location of the program and click OK to run it.

First, let's try an automated removal program, and fetch a log that will help us get a better idea on what's going on inside.

Step1 : VundoFix

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it (if you can't see the desktop, use the above procedure to run VundoFix)
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step2 : DSS

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts (if you don't have a desktop, locate dss.exe through the New Task feature of the Task Manager and click OK)
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post.

Summary

In your next reply, please include the following:
  • VundoFix log;
  • DSS logs.

Regards,

Tal :)
  • 0

#4
adamj2008
Posted 17 May 2008 - 06:39 AM

adamj2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hi mate sorry if i was sounding impatient. ive done as you have said and these were the results

vundofix log -


VundoFix V7.0.3

Scan started at 13:20:46 17/05/2008

Listing files found while scanning....

C:\Program Files\PowerISO\PWRISOSH.DLL

Beginning removal...

Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!

Performing Repairs to the registry.
Done!

---------------------------------------------------------------------------------------------

main dss log -

Deckard's System Scanner v20071014.68
Run by oem on 2008-05-17 13:35:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2008-05-17 12:35:42 UTC - RP1013 - Deckard's System Scanner Restore Point
93: 2008-05-16 23:18:38 UTC - RP1012 - Removed Alcohol 120%
92: 2008-05-16 23:10:12 UTC - RP1011 - Last known good configuration
91: 2008-05-15 08:08:42 UTC - RP1010 - System Checkpoint
90: 2008-05-13 17:22:11 UTC - RP1009 - System Checkpoint


-- First Restore Point --
1: 2008-05-16 23:09:39 UTC - RP920 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as oem.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:52, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\oem.ADAM\Local Settings\Temporary Internet Files\Content.IE5\7D7FMGXK\dss[1].exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\OEM~1.ADA\LOCALS~1\TEMPOR~1\Content.IE5\7D7FMGXK\oem.exe
C:\WINDOWS\system32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...v...nt&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29217EFD-8754-46D1-A3B1-B6E3C3DF0ED2} - C:\WINDOWS\system32\qoMeBtQJ.dll
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\tuvWnoOG.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\OEM~1.ADA\Desktop\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161349_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161345_mcinfo.exe /insfin
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206477721343
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O20 - Winlogon Notify: tuvWnoOG - C:\WINDOWS\SYSTEM32\tuvWnoOG.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: countdown2 - http://gtahq.multipl...tdown21024.html

--
End of file - 8774 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 MMRTKRNL - c:\windows\system32\drivers\mmrtkrnl.sys <Not Verified; ALCATech; ALCATech Realtime Audio Kernel>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 actser - c:\windows\system32\drivers\actser.sys <Not Verified; Siemens AG; Actser Filter Driver>
S3 cpuz128 - c:\docume~1\oem~1.ada\locals~1\temp\cpuz_x32.sys (file missing)
S3 FXDRV - d:\fxdrv.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SANDRA - c:\program files\sisoftware\sisoftware sandra professional business xii.sp2\wnt500x86\sandra.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 01:02:44 0 d-------- C:\VundoFix Backups
2008-05-17 00:09:28 89992 --ahs---- C:\WINDOWS\system32\JQtBeMoq.ini2
2008-05-17 00:09:23 370688 --a------ C:\WINDOWS\system32\qoMeBtQJ.dll
2008-05-17 00:04:17 59392 --a------ C:\WINDOWS\system32\tuvWnoOG.dll
2008-05-16 15:58:05 0 d-------- C:\Program Files\WinAVI Video Converter
2008-05-05 22:12:35 0 d-------- C:\Program Files\CubedLabs YouTube Download Convert
2008-05-05 04:21:48 188416 --a------ C:\WINDOWS\system32\macdll.dll <Not Verified; Matthew T. Ashland; Monkey's Audio>
2008-05-05 04:21:47 0 d-------- C:\Program Files\KC Softwares
2008-04-25 18:02:58 0 d-------- C:\movies
2008-04-20 17:23:33 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\GEAR Video 9.00
2008-04-20 17:20:35 28672 --a------ C:\WINDOWS\system32\Test.dll <Not Verified; Extentia Information Technology; setupEncryptDecrypt>
2008-04-20 17:20:34 40448 --a------ C:\WINDOWS\system32\regobj.dll
2008-04-20 17:20:32 32768 --a------ C:\WINDOWS\system32\LWXLLDFRequest3.dll <Not Verified; KMT Software, Inc.; LLDataRequest>
2008-04-20 17:20:32 36864 --a------ C:\WINDOWS\system32\LWLLInstances3.dll <Not Verified; KMT Software, Inc.; LLInstances>
2008-04-20 17:20:32 77824 --a------ C:\WINDOWS\system32\LWLLClientMiddleWare3.dll <Not Verified; KMT Software, Inc.; LLClientMiddleWare>
2008-04-20 17:20:32 32768 --a------ C:\WINDOWS\system32\LWLLClasses3.dll <Not Verified; KMT Software, Inc.; LWLLClasses>
2008-04-20 17:20:32 24576 --a------ C:\WINDOWS\system32\GUID.dll <Not Verified; Extentia Information Technology; GUID>
2008-04-20 17:20:32 40960 --a------ C:\WINDOWS\system32\coreEncryptDecrypt.dll <Not Verified; Extentia Information Technology; Project1>
2008-04-20 17:20:31 151552 --a------ C:\WINDOWS\system32\LWLLHttpsUpload2.dll <Not Verified; ; LLHttpsUpload2 Module>
2008-04-20 17:20:31 36864 --a------ C:\WINDOWS\system32\AdvMetrics.dll <Not Verified; extentia; AdvMetrics>
2008-04-20 08:33:26 0 d-------- C:\Program Files\TVersity
2008-04-20 08:12:21 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-20 08:09:27 0 d-------- C:\b436b8e677a1f9f4a3380b2339
2008-04-20 08:09:23 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-20 07:50:22 0 d-------- C:\Program Files\Sky Broadband


-- Find3M Report ---------------------------------------------------------------

2008-05-17 13:32:06 0 d-------- C:\Program Files\PowerISO
2008-05-17 11:20:07 0 d-------- C:\Program Files\Spyware Doctor
2008-05-17 00:18:00 0 d-------- C:\Program Files\LimeWire
2008-05-14 20:28:56 0 d-------- C:\Program Files\Soulseek
2008-05-10 16:44:36 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\uTorrent
2008-05-05 09:40:12 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Publish Providers
2008-05-05 02:14:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 22:43:47 0 d-------- C:\Program Files\Kontiki
2008-05-04 22:39:16 0 d-------- C:\Program Files\VstPlugins
2008-05-04 22:38:21 0 d-------- C:\Program Files\mIRC
2008-05-04 22:37:48 0 d-------- C:\Program Files\Image-Line
2008-05-04 22:36:59 0 d-------- C:\Program Files\Common Files
2008-04-25 19:05:13 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Adobe
2008-04-20 17:22:07 0 d-------- C:\Program Files\DivX
2008-04-15 03:52:03 0 d-------- C:\Program Files\utorrent
2008-04-13 12:12:36 13343 --a------ C:\WINDOWS\system32\winupsvc.exe
2008-04-13 12:12:33 13343 --a------ C:\WINDOWS\system32\winsvcup.exe
2008-04-13 12:12:33 13343 --a------ C:\WINDOWS\system32\mswinup.exe
2008-04-13 06:11:08 0 d-------- C:\Program Files\MagicISO
2008-03-31 03:09:13 0 d-------- C:\Program Files\DAP
2008-03-30 13:32:24 0 d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2008-03-29 03:26:12 0 d-------- C:\Program Files\ASIO4ALL v2
2008-03-29 03:23:34 0 d-------- C:\Program Files\Outsim
2008-03-28 04:09:55 0 d-------- C:\Program Files\Audacity
2008-03-25 19:08:27 0 d-------- C:\Program Files\MSN Messenger
2008-03-25 19:06:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-25 19:03:50 0 d-------- C:\Program Files\Windows Live
2008-03-25 18:54:39 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-17 00:22:20 0 d-------- C:\Program Files\WAV to MP3 Encoder
2008-03-17 00:21:59 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Eltima Software
2008-03-17 00:21:03 0 d-------- C:\Program Files\Sony
2008-03-17 00:19:15 0 d-------- C:\Program Files\Mobile Phone Manager
2008-03-17 00:10:44 0 d-------- C:\Program Files\Flash Favorite
2008-03-17 00:10:18 0 d-------- C:\Program Files\Apollo DivX to DVD Creator


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29217EFD-8754-46D1-A3B1-B6E3C3DF0ED2}]
17/05/2008 00:09 370688 --a------ C:\WINDOWS\system32\qoMeBtQJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}]
17/05/2008 00:04 59392 --a------ C:\WINDOWS\system32\tuvWnoOG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 11:15]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [25/06/2004 20:50]
"SoundMan"="SOUNDMAN.EXE" [01/07/2004 11:23 C:\WINDOWS\SOUNDMAN.EXE]
"EssSpkPhone"="essspk.exe" [19/10/2001 03:49 C:\WINDOWS\essspk.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/06/2005 11:58]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [04/09/2003 18:45]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 19:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [27/08/2005 03:14]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [11/05/2005 10:46]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/08/2005 02:22]
"Realtime Audio Engine"="mmrtkrnl.exe" [20/01/2005 20:02 C:\WINDOWS\system32\MMRTKRNL.EXE]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [29/07/2006 12:07]
"Cleanup"="C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161349_mcappins.exe" []
"msci"="C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161345_mcinfo.exe" []
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 20:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [15/04/2005 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/07/2007 07:49]

C:\Documents and Settings\oem.ADAM\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [17/03/2005 03:16:50]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [01/10/2004 23:12:18]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [03/06/2005 23:05:06]
VTAgentReboot.exe [07/10/2001 13:11:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\WINDOWS\system32\tuvWnoOG.dll [17/05/2008 00:04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWnoOG]
tuvWnoOG.dll 17/05/2008 00:04 59392 C:\WINDOWS\system32\tuvWnoOG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 21/12/2001 07:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMeBtQJ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-05-17 13:37:57 ------------
  • 0

#5
adamj2008
Posted 17 May 2008 - 06:40 AM

adamj2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
dss extra log -

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2015.48 MiB / 1584.07 MiB
Pagefile Memory (total/avail): 2200.48 MiB / 1823.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 38.52 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00JHA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: McAfee VirusScan v (McAfee) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\oem.ADAM\\Desktop\\FlashFXP\\flashfxp.exe"="C:\\Documents and Settings\\oem.ADAM\\Desktop\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Desktop\\FlashFXP\\flashfxp.exe"="C:\\Desktop\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\oem.ADAM\\Desktop\\FlashFXP\\flashfxp.exe"="C:\\Documents and Settings\\oem.ADAM\\Desktop\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Desktop\\FlashFXP\\flashfxp.exe"="C:\\Desktop\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Kazaa Lite K++\\klrun.exe"="C:\\Program Files\\Kazaa Lite K++\\klrun.exe:*:Enabled:Kazaa Lite K++"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire PRO 4.10.3"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Documents and Settings\\oem.ADAM\\Desktop\\Use This\\ADAMMM~1\\virtualdj_trial.exe"="C:\\Documents and Settings\\oem.ADAM\\Desktop\\Use This\\ADAMMM~1\\virtualdj_trial.exe:*:Enabled:VirtualDJ"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Kontiki\\KHost.exe"="C:\\Program Files\\Kontiki\\KHost.exe:*:Enabled:Delivery Manager"
"C:\\Documents and Settings\\oem.ADAM\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\oem.ADAM\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\oem.ADAM\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADAM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\oem.ADAM
LOGONSERVER=\\ADAM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp
TMP=C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp
USERDOMAIN=ADAM
USERNAME=oem
USERPROFILE=C:\Documents and Settings\oem.ADAM
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

oem.ADAM (admin)
Julie


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3 Decoder --> C:\Program Files\Mediatwins software\AC3 Decoder\uninstall.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Allok AVI to DVD SVCD VCD Converter 3.0.0524 --> "C:\Program Files\Allok AVI to DVD SVCD VCD Converter\unins000.exe"
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Bluetooth Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Easy Avi/Divx/Xvid to DVD Burner 2.4.3 --> "C:\Program Files\Easy Avi Divx Xvid to DVD Burner\unins000.exe"
Elecard Codec Pack --> "C:\Program Files\Elecard\Elecard Codec Pack\Uninstall.exe" "C:\Program Files\Elecard\Elecard Codec Pack\install.log" -u
FirstClass® Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -l0x9 -uninst
FlashFXP v3 --> "C:\Documents and Settings\oem.ADAM\Desktop\FlashFXP\unins000.exe"
FlashFXP v3.2.0 (Build 1080) Scene Edition --> C:\WINDOWS\unvise32.exe C:\Desktop\FlashFXP\uninstal.log
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\oem.ADAM\Local Settings\Temporary Internet Files\Content.IE5\7D7FMGXK\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IsoBuster 1.8 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
KC Softwares AudioGrail --> "C:\Program Files\KC Softwares\AudioGrail\unins000.exe"
Labtec WebCam --> MsiExec.exe /I{0463B519-E4C8-4C16-84AA-4743D1ED91B5}
Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft J# Browser Controls v1.1 --> MsiExec.exe /X{0A191950-D5D2-492B-80CD-D50890D46AB5}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nokia Multimedia Converter 2.0 --> "C:\Nokia\Tools\Nokia_Multimedia_Converter_2_0\Uninstall\Uninstaller.exe"
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PPStream --> "C:\Program Files\PPStream\unins000.exe"
QuickChange --> C:\PROGRA~1\QUICKC~1\UNWISE.EXE C:\PROGRA~1\QUICKC~1\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SHOUTcast Source DSP 1.8.2 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R
Sky Broadband --> C:\Program Files\Sky Broadband\Bin\uninstall.exe
Sony ACID 4.0f --> MsiExec.exe /I{36235A3F-92C7-4F90-84E7-3697C59AD369}
Sony Media Manager 2.0 --> MsiExec.exe /X{D60D2B02-125F-4DDB-9674-41DD538C457A}
Sony Sound Forge 7.0b --> MsiExec.exe /I{6B629F70-BE1D-456E-AA97-73619020E7A1}
SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
StuffPlug-NG (Messenger Plus! Plugins) --> C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe
Synacast Plug-in 1.1.0.7 --> C:\Program Files\Common Files\Synacast\SynaLive\uninst.exe
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
TimeFactory --> C:\WINDOWS\uninst.exe -f"C:\Program Files\PROSONIQ\TimeFactory\DeIsL1.isu" -c"C:\Program Files\PROSONIQ\TimeFactory\_ISREG32.DLL"
UltraISO V7.56 ME --> "C:\Program Files\UltraISO\unins000.exe"
Uninstall ESS Modem --> C:\WINDOWS\remvess
Virtual DJ - Atomix Productions --> C:\DOCUME~1\OEM~1.ADA\Desktop\VIRTUA~2\UNWISE.EXE C:\DOCUME~1\OEM~1.ADA\Desktop\VIRTUA~2\INSTALL.LOG
VoipStunt 2.08 build 277 --> "C:\Program Files\VoipStunt.com\VoipStunt\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Address AutoComplete --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
YouTube Download & Convert 1.1.4 --> C:\Program Files\CubedLabs YouTube Download Convert\Uninstal.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2654 / Error
Event Submitted/Written: 05/17/2008 11:20:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sistray.exe, version 0.0.0.3581, faulting module sistray.exe, version 0.0.0.3581, fault address 0x000016dd.
Processing media-specific event for [sistray.exe!ws!]

Event Record #/Type2594 / Error
Event Submitted/Written: 05/17/2008 05:04:29 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sistray.exe, version 0.0.0.3581, faulting module sistray.exe, version 0.0.0.3581, fault address 0x000016dd.
Processing media-specific event for [sistray.exe!ws!]

Event Record #/Type2563 / Error
Event Submitted/Written: 05/17/2008 04:48:21 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sistray.exe, version 0.0.0.3581, faulting module sistray.exe, version 0.0.0.3581, fault address 0x000016dd.
Processing media-specific event for [sistray.exe!ws!]

Event Record #/Type2465 / Error
Event Submitted/Written: 05/17/2008 00:45:12 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sistray.exe, version 0.0.0.3581, faulting module sistray.exe, version 0.0.0.3581, fault address 0x000016dd.
Processing media-specific event for [sistray.exe!ws!]

Event Record #/Type2381 / Success
Event Submitted/Written: 05/16/2008 06:59:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9389 / Error
Event Submitted/Written: 05/17/2008 01:32:24 PM
Event ID/Source: 15 / Cdrom
Event Description:
The device, \Device\CdRom1, is not ready for access yet.

Event Record #/Type8938 / Warning
Event Submitted/Written: 05/17/2008 10:34:41 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8937 / Warning
Event Submitted/Written: 05/17/2008 08:33:37 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8905 / Warning
Event Submitted/Written: 05/17/2008 05:13:12 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8857 / Error
Event Submitted/Written: 05/17/2008 04:45:12 AM
Event ID/Source: 14322 / WMPNetworkSvc
Event Description:
Service 'WMPNetworkSvc' did not start correctly because MFStartup encountered error '0xc00d36ef'. If possible, reinstall Windows Media Player.



-- End of Deckard's System Scanner: finished at 2008-05-17 13:37:57 ------------
  • 0

#6
Tal
Posted 17 May 2008 - 11:14 AM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Edited.

Attached Files

  • Attached File  fix.txt   700bytes   171 downloads

Edited by Tal, 17 May 2008 - 12:09 PM.

  • 0

#7
Tal
Posted 17 May 2008 - 11:34 AM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi,

Please ignore the above. I will edit this post with new instructions.
  • 0

#8
adamj2008
Posted 17 May 2008 - 12:18 PM

adamj2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ok mate let me no when correct instrusctions are posted!
  • 0

#9
Tal
Posted 17 May 2008 - 12:28 PM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi adamj2008,

I got some additional opinions on this and have revised my fix accordingly. Let's do something else instead.

Please save these instructions in a notepad file. You will NOT be able to access them in Safe Mode, where our fix will take place.

Please download The Avenger by Swandog46 to your Desktop. Do not do anything with it yet.

Next, please download the attached file. Open it up. Click File > Save As... > Name the file fix.reg > Change the Filetype to All Files. Save the file on your desktop.

After The Avenger has finished downloading, please reboot your computer. As soon as it boots up, continuously tap the F8 key. This will show up a menu: using the arrow keys, choose Safe Mode (not Safe Mode with Networking) and click the Enter key. This will load up Safe Mode; please allow it to load, even if it appears to have been stuck.

Launch fix.reg using the new task feature of the task manager. Click Yes to merge the information with the registry. This should only take a moment.

Now, navigate to the directory where you placed The Avenger.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\qoMeBtQJ.dll
C:\WINDOWS\system32\tuvWnoOG.dll
C:\WINDOWS\system32\JQtBeMoq.ini2

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log (it will only produce main.txt this time) .

Note that when The Avenger reboots, you will be logged in to normal mode. Please include the DSS main.txt log and The Avenger's log.

Let me know if this gets your desktop back up.

Tal.

Attached Files

  • Attached File  fix.txt   700bytes   138 downloads

Edited by Tal, 17 May 2008 - 12:30 PM.

  • 0

#10
Tal
Posted 17 May 2008 - 12:30 PM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
I edited my post, PLEASE RE READ.
  • 0

Advertisements

#11
adamj2008
Posted 17 May 2008 - 01:00 PM

adamj2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hi mate ive done as you asked and it all seems to be working again! these are the logs you have asked for are these correct and fixed?

Avenger -

//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\qoMeBtQJ.dll" deleted successfully.
File "C:\WINDOWS\system32\tuvWnoOG.dll" deleted successfully.
File "C:\WINDOWS\system32\JQtBeMoq.ini2" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


DSS Main -

Deckard's System Scanner v20071014.68
Run by oem on 2008-05-17 19:58:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as oem.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:03, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\oem.ADAM\Local Settings\Temporary Internet Files\Content.IE5\7D7FMGXK\dss[1].exe
C:\DOCUME~1\OEM~1.ADA\LOCALS~1\TEMPOR~1\Content.IE5\7D7FMGXK\oem.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...v...nt&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\tuvWnoOG.dll (file missing)
O2 - BHO: (no name) - {415C0EF3-8047-427E-A52F-C74203F377BC} - C:\WINDOWS\system32\qoMeBtQJ.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\OEM~1.ADA\Desktop\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161349_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161345_mcinfo.exe /insfin
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206477721343
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O20 - Winlogon Notify: tuvWnoOG - tuvWnoOG.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: countdown2 - http://gtahq.multipl...tdown21024.html

--
End of file - 8949 bytes

-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 01:02:44 0 d-------- C:\VundoFix Backups
2008-05-16 15:58:05 0 d-------- C:\Program Files\WinAVI Video Converter
2008-05-05 22:12:35 0 d-------- C:\Program Files\CubedLabs YouTube Download Convert
2008-05-05 04:21:48 188416 --a------ C:\WINDOWS\system32\macdll.dll <Not Verified; Matthew T. Ashland; Monkey's Audio>
2008-05-05 04:21:47 0 d-------- C:\Program Files\KC Softwares
2008-04-25 18:02:58 0 d-------- C:\movies
2008-04-20 17:23:33 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\GEAR Video 9.00
2008-04-20 17:20:35 28672 --a------ C:\WINDOWS\system32\Test.dll <Not Verified; Extentia Information Technology; setupEncryptDecrypt>
2008-04-20 17:20:34 40448 --a------ C:\WINDOWS\system32\regobj.dll
2008-04-20 17:20:32 32768 --a------ C:\WINDOWS\system32\LWXLLDFRequest3.dll <Not Verified; KMT Software, Inc.; LLDataRequest>
2008-04-20 17:20:32 36864 --a------ C:\WINDOWS\system32\LWLLInstances3.dll <Not Verified; KMT Software, Inc.; LLInstances>
2008-04-20 17:20:32 77824 --a------ C:\WINDOWS\system32\LWLLClientMiddleWare3.dll <Not Verified; KMT Software, Inc.; LLClientMiddleWare>
2008-04-20 17:20:32 32768 --a------ C:\WINDOWS\system32\LWLLClasses3.dll <Not Verified; KMT Software, Inc.; LWLLClasses>
2008-04-20 17:20:32 24576 --a------ C:\WINDOWS\system32\GUID.dll <Not Verified; Extentia Information Technology; GUID>
2008-04-20 17:20:32 40960 --a------ C:\WINDOWS\system32\coreEncryptDecrypt.dll <Not Verified; Extentia Information Technology; Project1>
2008-04-20 17:20:31 151552 --a------ C:\WINDOWS\system32\LWLLHttpsUpload2.dll <Not Verified; ; LLHttpsUpload2 Module>
2008-04-20 17:20:31 36864 --a------ C:\WINDOWS\system32\AdvMetrics.dll <Not Verified; extentia; AdvMetrics>
2008-04-20 08:33:26 0 d-------- C:\Program Files\TVersity
2008-04-20 08:12:21 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-20 08:09:27 0 d-------- C:\b436b8e677a1f9f4a3380b2339
2008-04-20 08:09:23 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-20 07:50:22 0 d-------- C:\Program Files\Sky Broadband


-- Find3M Report ---------------------------------------------------------------

2008-05-17 13:32:06 0 d-------- C:\Program Files\PowerISO
2008-05-17 11:20:07 0 d-------- C:\Program Files\Spyware Doctor
2008-05-17 00:18:00 0 d-------- C:\Program Files\LimeWire
2008-05-14 20:28:56 0 d-------- C:\Program Files\Soulseek
2008-05-10 16:44:36 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\uTorrent
2008-05-05 09:40:12 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Publish Providers
2008-05-05 02:14:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 22:43:47 0 d-------- C:\Program Files\Kontiki
2008-05-04 22:39:16 0 d-------- C:\Program Files\VstPlugins
2008-05-04 22:38:21 0 d-------- C:\Program Files\mIRC
2008-05-04 22:37:48 0 d-------- C:\Program Files\Image-Line
2008-05-04 22:36:59 0 d-------- C:\Program Files\Common Files
2008-04-25 19:05:13 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Adobe
2008-04-20 17:22:07 0 d-------- C:\Program Files\DivX
2008-04-15 03:52:03 0 d-------- C:\Program Files\utorrent
2008-04-13 12:12:36 13343 --a------ C:\WINDOWS\system32\winupsvc.exe
2008-04-13 12:12:33 13343 --a------ C:\WINDOWS\system32\winsvcup.exe
2008-04-13 12:12:33 13343 --a------ C:\WINDOWS\system32\mswinup.exe
2008-04-13 06:11:08 0 d-------- C:\Program Files\MagicISO
2008-03-31 03:09:13 0 d-------- C:\Program Files\DAP
2008-03-30 13:32:24 0 d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2008-03-29 03:26:12 0 d-------- C:\Program Files\ASIO4ALL v2
2008-03-29 03:23:34 0 d-------- C:\Program Files\Outsim
2008-03-28 04:09:55 0 d-------- C:\Program Files\Audacity
2008-03-25 19:08:27 0 d-------- C:\Program Files\MSN Messenger
2008-03-25 19:06:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-25 19:03:50 0 d-------- C:\Program Files\Windows Live
2008-03-25 18:54:39 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-17 00:22:20 0 d-------- C:\Program Files\WAV to MP3 Encoder
2008-03-17 00:21:59 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Eltima Software
2008-03-17 00:21:03 0 d-------- C:\Program Files\Sony
2008-03-17 00:19:15 0 d-------- C:\Program Files\Mobile Phone Manager
2008-03-17 00:10:44 0 d-------- C:\Program Files\Flash Favorite
2008-03-17 00:10:18 0 d-------- C:\Program Files\Apollo DivX to DVD Creator


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}]
C:\WINDOWS\system32\tuvWnoOG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{415C0EF3-8047-427E-A52F-C74203F377BC}]
C:\WINDOWS\system32\qoMeBtQJ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 11:15]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [25/06/2004 20:50]
"SoundMan"="SOUNDMAN.EXE" [01/07/2004 11:23 C:\WINDOWS\SOUNDMAN.EXE]
"EssSpkPhone"="essspk.exe" [19/10/2001 03:49 C:\WINDOWS\essspk.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/06/2005 11:58]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [04/09/2003 18:45]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 19:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [27/08/2005 03:14]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [11/05/2005 10:46]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/08/2005 02:22]
"Realtime Audio Engine"="mmrtkrnl.exe" [20/01/2005 20:02 C:\WINDOWS\system32\MMRTKRNL.EXE]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [29/07/2006 12:07]
"Cleanup"="C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161349_mcappins.exe" []
"msci"="C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161345_mcinfo.exe" []
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 20:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [15/04/2005 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/07/2007 07:49]

C:\Documents and Settings\oem.ADAM\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [17/03/2005 03:16:50]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [01/10/2004 23:12:18]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [03/06/2005 23:05:06]
VTAgentReboot.exe [07/10/2001 13:11:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\WINDOWS\system32\tuvWnoOG.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWnoOG]
tuvWnoOG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 21/12/2001 07:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMeBtQJ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-05-17 19:59:59 ------------

Edited by adamj2008, 17 May 2008 - 01:01 PM.

  • 0

#12
Tal
Posted 17 May 2008 - 01:04 PM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Yes, that did the trick :) That infection went away, you just have a trace of it, nothing serious.

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\tuvWnoOG.dll (file missing)
O2 - BHO: (no name) - {415C0EF3-8047-427E-A52F-C74203F377BC} - C:\WINDOWS\system32\qoMeBtQJ.dll (file missing)
O20 - Winlogon Notify: tuvWnoOG - tuvWnoOG.dll (file missing)


Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Next:

Before we start the registry fix, we need to backup the registry in case anything goes wrong. This is a very simple and quick process :)


  • Please go to Start > Run
  • Paste in the following line: regedit /e c:\registrybackup.reg
  • Click OK. It won't appear to be doing anything, that's normal.
  • Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass.

Please open a new Notepad document (Note: Other text editors will not work) and paste the following code into it, starting from REGEDIT4:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Now, click File > Save As... > Change the File Type to All Files > Name the file RegFix1.reg > Save it on your desktop.

Once you've saved it, please double click it. A window should pop up - Click Yes to merge the information with the registry.

Restart your computer. How is it doing now? :)

Edited by Tal, 17 May 2008 - 01:08 PM.
Post edited

  • 0

#13
adamj2008
Posted 17 May 2008 - 01:15 PM

adamj2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ive just done everything you said and restarted and....

ITS FINE AGAIN!!!

thank you so much i really really appreciate your help your a godsend!!!
  • 0

#14
Tal
Posted 17 May 2008 - 01:20 PM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
You're welcome :) Below are some steps to help you prevent re-infection. I will leave this topic open for a few days, in case (I hope not! :)) you'll need additional assistance.

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Tal
  • 0

#15
adamj2008
Posted 17 May 2008 - 01:34 PM

adamj2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ive updated my computer with all the points you have made there thanks again :) :) :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP