Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virtumonde/Vundo problem [RESOLVED]


  • This topic is locked This topic is locked

#1
AeonsDead

AeonsDead

    New Member

  • Member
  • Pip
  • 7 posts
Hey everyone, today i was the recipient of a virtumonde sucker punch. I have used both vundofix and virtumundobegone from your important topics, neither seemed to work. Spybot found some of the files and removed them, but it was trying to recreate itself, and i'd sometimes get constant alerts from teatimer. I then ran malwarebytes and it found a bunch more vundo entries, and said it would restart to fully clean it, only thing is i had also previously ran another spybot search which found some entries, and spybot then ran on startup instead of malware bytes. I ran malware bytes again and it found more, but didnt ask to restart. I've run hijackthis to get a log to confirm with you guys if i am free of this. Thanks a lot in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:38:55, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Kevin\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B0D747B-FCB2-4F39-B048-81206E6D9D3B} - C:\WINDOWS\system32\hgGwurrr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DEDCA8EB-72F2-46F7-B08B-DD8BE3088EF5} - C:\WINDOWS\system32\awtspNeD.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Kevin\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6193] command /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2452] cmd /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3256] cmd /c del "C:\WINDOWS\system32\awtspNeD.dll_old"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [SpybotDeletingB2126] command /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7807] cmd /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185315191937
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11870 bytes
  • 0

Advertisements


#2
AeonsDead

AeonsDead

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I figure i should probably post this as a precaution to save some time should any problems arise.



Deckard's System Scanner v20071014.68
Run by Kevin on 2008-06-08 04:14:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
85: 2008-06-08 03:12:25 UTC - RP341 - Deckard's System Scanner Restore Point
84: 2008-06-08 01:49:26 UTC - RP340 - Removed Ad-Aware
83: 2008-06-07 23:52:36 UTC - RP339 - Installed Ad-Aware
82: 2008-06-07 23:39:12 UTC - RP338 - Last known good configuration
81: 2008-06-07 23:39:07 UTC - RP337 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-07 23:38:54 UTC - RP257 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kevin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:17:04, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kevin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B0D747B-FCB2-4F39-B048-81206E6D9D3B} - C:\WINDOWS\system32\hgGwurrr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DEDCA8EB-72F2-46F7-B08B-DD8BE3088EF5} - C:\WINDOWS\system32\awtspNeD.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Kevin\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6193] command /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2452] cmd /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3256] cmd /c del "C:\WINDOWS\system32\awtspNeD.dll_old"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [SpybotDeletingB2126] command /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7807] cmd /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185315191937
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11715 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ST330 - c:\windows\system32\drivers\st330.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch 330>
S3 STBUS - c:\windows\system32\drivers\stbus.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch vbus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-08 03:11:25 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-07 23:53:39 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-06-07 23:53:38 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 03:38:48 0 d-------- C:\Program Files\Trend Micro
2008-06-08 02:55:02 0 d-------- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2008-06-08 02:54:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 02:54:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 02:29:15 0 d-------- C:\VundoFix Backups
2008-06-08 00:53:05 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-08 00:52:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-08 00:38:44 7095 --ahs---- C:\WINDOWS\system32\rrruwGgh.ini2
2008-06-07 23:53:40 0 d-------- C:\Documents and Settings\Kevin\Application Data\Uniblue
2008-06-02 22:05:02 0 d-------- C:\Documents and Settings\Kevin\WINDOWS
2008-06-01 04:10:19 0 d-------- C:\Program Files\Veoh Networks
2008-06-01 04:09:55 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-30 14:54:04 0 d-------- C:\Program Files\Virtual Earth 3D
2008-05-23 19:10:47 0 d-------- C:\Documents and Settings\Kevin\Application Data\FinalBurner .ISO
2008-05-08 20:31:17 0 d-------- C:\Documents and Settings\Kevin\Application Data\vlc
2008-05-08 20:31:16 0 d-------- C:\Documents and Settings\Kevin\Application Data\dvdcss
2008-05-08 20:30:48 0 d-------- C:\Program Files\VideoLAN


-- Find3M Report ---------------------------------------------------------------

2008-06-08 02:49:49 0 d-------- C:\Program Files\Common Files
2008-06-02 23:45:05 0 d-------- C:\Documents and Settings\Kevin\Application Data\Skype
2008-06-02 23:01:32 0 d-------- C:\Documents and Settings\Kevin\Application Data\skypePM
2008-06-02 01:29:57 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-01 04:11:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 20:05:32 0 d-------- C:\Documents and Settings\Kevin\Application Data\FinalBurner DATA
2008-05-21 00:15:21 0 d-------- C:\Program Files\LimeWire
2008-04-30 03:16:53 0 d-------- C:\Program Files\Red Kawa
2008-04-26 21:00:32 0 d-------- C:\Program Files\Kontiki
2008-04-20 19:16:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-14 19:46:58 27160 --a------ C:\Documents and Settings\Kevin\Application Data\GDIPFONTCACHEV1.DAT
2008-04-03 21:45:22 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-03-14 00:16:40 4078 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B0D747B-FCB2-4F39-B048-81206E6D9D3B}]
C:\WINDOWS\system32\hgGwurrr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEDCA8EB-72F2-46F7-B08B-DD8BE3088EF5}]
C:\WINDOWS\system32\awtspNeD.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [03/05/2005 12:38 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11/05/2000 01:00]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [23/04/2007 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 02:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [24/09/2001 09:39]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [24/07/2007 23:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [11/09/2002 18:01]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [05/09/2003 06:59]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [21/04/2006 14:42]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [13/08/2007 01:34]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [28/02/2006 13:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 20:20]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/04/2007 17:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 13:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2007 11:56]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04/04/2007 14:20]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"Steam"="c:\program files\valve\steam\steam.exe" [28/03/2008 11:48]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [15/05/2008 16:11]
"@"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB2126"=command /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
"SpybotDeletingD7807"=cmd /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"wextract_cleanup0"=rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Kevin\LOCALS~1\Temp\IXP000.TMP\"
"SpybotDeletingA6193"=command /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
"SpybotDeletingC2452"=cmd /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
"SpybotDeletingC3256"=cmd /c del "C:\WINDOWS\system32\awtspNeD.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinxDiagUpdate"=WinxDiagUpdate

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [11/08/2004 02:22:40]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [13/02/2004 14:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kevin^Start Menu^Programs^Startup^Hush Messenger.lnk]
path=C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\Hush Messenger.lnk
backup=C:\WINDOWS\pss\Hush Messenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
"C:\Program Files\Kontiki\KHost.exe" -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyman.exe]
C:\Program Files\Tavultesoft\Keyman\keyman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinxDiagUpdate]
WinxDiagUpdate




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8713 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-08 04:17:40 ------------































Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 6000+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 2047.23 MiB / 1344.3 MiB
Pagefile Memory (total/avail): 3939.54 MiB / 3418.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.17 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 372.6 GiB total, 132.29 GiB free.
D: is CDROM (CDFS)
E: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - Hitachi HDT725040VLA360 - 372.61 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 372.6 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) Disabled
AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\WinxDiagUpdate"="C:\\WINDOWS\\system32\\WinxDiagUpdate:*:Disabled:WinxDiagUpdate"
"C:\\Program Files\\Thomson SpeedTouch\\ST330\\WebInstaller\\STHIW\\stInstall.exe"="C:\\Program Files\\Thomson SpeedTouch\\ST330\\WebInstaller\\STHIW\\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"C:\\Program Files\\Thomson SpeedTouch\\ST330\\service\\st330service.exe"="C:\\Program Files\\Thomson SpeedTouch\\ST330\\service\\st330service.exe:*:Enabled:ST330 service"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\day of defeat source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\team fortress classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\team fortress 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Kevin\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Kevin\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\[email protected]\\team fortress 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\[email protected]\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\quake\\qwcl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\quake\\qwcl.exe:*:Disabled:qwcl"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\half-life\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\aeonsblack\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\[email protected]\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\[email protected]\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kevin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KEVIN-89C6D2467
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kevin
LOGONSERVER=\\KEVIN-89C6D2467
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kevin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kevin\LOCALS~1\Temp
USERDOMAIN=KEVIN-89C6D2467
USERNAME=Kevin
USERPROFILE=C:\Documents and Settings\Kevin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Kevin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
42 Bit Scanner --> C:\PROGRA~1\42BITS~1\UNWISE.EXE C:\PROGRA~1\42BITS~1\INSTALL.LOG
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Any Video Converter 2.0.8 --> "C:\Program Files\Any Video Converter\unins000.exe"
AP Tuner 3.06 --> "C:\Program Files\AP Tuner\AP Tuner 3.06\uninstall.exe"
Audiosurf --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/12900
AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
BitComet 0.60 --> C:\Program Files\BitComet\uninst.exe
CA eTrust PestPatrol Anti-Spyware --> "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Canon MP470 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series /L0x0009
Canon MP470 series User Registration --> C:\Program Files\Canon\IJEREG\MP470 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon PIXMA iP1500 --> C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Cossacks II --> C:\Program Files\GSC Game World\Cossacks II\uninstall.exe
Counter-Strike --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/10
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Day of Defeat: Source --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/300
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP WMA V9 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
Deathmatch Classic --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/40
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FinalBurner Free v1.14.0.87 --> "C:\Program Files\FinalBurner\Uninstall.exe" "C:\Program Files\FinalBurner\install.log" -u
FreeRIP v3.04 --> "C:\Program Files\FreeRIP3\unins000.exe"
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Pro 4.0 --> C:\PROGRA~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\GUITAR~1\INSTALL.LOG
Half-Life 2 --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/340
Half-Life 2: Lost Coast --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/340
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Half-Life: Blue Shift --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/130
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hush Messenger (remove only) --> "C:\Program Files\Hush Communications\Hush Messenger\uninstall.exe"
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.2.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kazaa Lite K++ v2.4.1 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_5c1ef2\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire PRO 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam --> MsiExec.exe /I{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Natural Selection 3.2 --> "c:\program files\valve\steam\steamapps\aeonsblack\half-life\unins000.exe"
Nero - Burning Rom (Web installer) --> C:\WINDOWS\UNNERO.exe /UNINSTALL
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v1.9 --> "C:\Program Files\Eset\unins000.exe"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Peggle Extreme --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/3483
Portal --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/400
Power Tab Editor 1.7 --> C:\PROGRA~1\PTSOFT~1\PTEDIT~1\UNWISE.EXE C:\PROGRA~1\PTSOFT~1\PTEDIT~1\INSTALL.LOG
PS3 Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Race Driver 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A137D52E-FA96-4815-85F5-E7B8F66837DB}\setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Serious Sam: The First Encounter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{815050E5-F545-11D4-9569-004095812ACC}\Setup.exe" -l0x9
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2 --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/440
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /un
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {6B0D747B-FCB2-4F39-B048-81206E6D9D3B} - C:\WINDOWS\system32\hgGwurrr.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DEDCA8EB-72F2-46F7-B08B-DD8BE3088EF5} - C:\WINDOWS\system32\awtspNeD.dll (file missing)
O4 - HKLM\..\RunServices: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Kevin\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6193] command /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2452] cmd /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3256] cmd /c del "C:\WINDOWS\system32\awtspNeD.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2126] command /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7807] cmd /c del "C:\WINDOWS\system32\hgGwurrr.dll_old"


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\rrruwGgh.ini2
    C:\WINDOWS\system32\hgGwurrr.dll_old
    C:\WINDOWS\system32\awtspNeD.dll_old
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinxDiagUpdate
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Reboot and post a new DSS log
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the logs
  • 0

#6
AeonsDead

AeonsDead

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTMoveIt2 log:

Explorer killed successfully
C:\WINDOWS\system32\rrruwGgh.ini2 moved successfully.
File/Folder C:\WINDOWS\system32\hgGwurrr.dll_old not found.
File/Folder C:\WINDOWS\system32\awtspNeD.dll_old not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinxDiagUpdate >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinxDiagUpdate\\ deleted successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_231709


The kaspersky scan generated a html file, the following is the text from that html

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 01, 2008 21:46:32
Records in database: 903012
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 144970
Threat name 5
Infected objects 7
Suspicious objects 0
Duration of the scan 02:17:33

File name Threat name Threats count
C:\Deckard\System Scanner\backup\DOCUME~1\Kevin\LOCALS~1\Temp\Rar$EX03.125\Uniblue Speed Up My Pc 3.5 with serial\speedupmypc3.exe Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Incomplete\T-3545425-your not alone olive.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Old Kevs Stuff\Stuff\Buddy Kill.zip Infected: DoS.Win32.BKill.a 1
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\Core\Limewire Pro + Crack.zip Infected: Backdoor.Win32.Rbot.bwq 1
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\freeripmp3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.br 1
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\Limewire Pro + Crack.zip Infected: Backdoor.Win32.Rbot.bwq 1
C:\Program Files\ESET\infected\SBIYTXDA.NQF Infected: Backdoor.Win32.Rbot.bwq 1
The selected area was scanned.


After rebooting and running DSS it would only produce a main text file, and not an extra

Deckard's System Scanner v20071014.68
Run by Kevin on 2008-07-02 02:44:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:44:18, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kevin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185315191937
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10292 bytes

-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-01 23:45:09 0 d-------- C:\WINDOWS\nvidia icons
2008-07-01 22:58:17 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-21 17:54:33 0 d-------- C:\Program Files\Dope Wars 2000
2008-06-21 17:54:27 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-19 17:12:14 0 d-------- C:\Documents and Settings\Kevin\Application Data\SPORE Creature Creator
2008-06-08 03:38:48 0 d-------- C:\Program Files\Trend Micro
2008-06-08 02:55:02 0 d-------- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2008-06-08 02:54:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 02:54:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 02:29:15 0 d-------- C:\VundoFix Backups
2008-06-08 00:53:05 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-08 00:52:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-07 23:53:40 0 d-------- C:\Documents and Settings\Kevin\Application Data\Uniblue
2008-06-02 22:05:02 0 d-------- C:\Documents and Settings\Kevin\WINDOWS


-- Find3M Report ---------------------------------------------------------------

2008-07-02 02:25:13 0 d-------- C:\Program Files\FreeRIP3
2008-07-02 00:18:21 0 d-------- C:\Documents and Settings\Kevin\Application Data\FinalBurner DATA
2008-07-01 23:40:00 0 d-------- C:\Documents and Settings\Kevin\Application Data\SystemRequirementsLab
2008-07-01 23:06:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-29 01:48:01 23 --a------ C:\WINDOWS\popcinfot.dat
2008-06-27 19:57:33 0 d-------- C:\Documents and Settings\Kevin\Application Data\Bioshock
2008-06-19 17:11:16 0 d-------- C:\Program Files\Electronic Arts
2008-06-08 02:49:49 0 d-------- C:\Program Files\Common Files
2008-06-02 23:45:05 0 d-------- C:\Documents and Settings\Kevin\Application Data\Skype
2008-06-02 23:01:32 0 d-------- C:\Documents and Settings\Kevin\Application Data\skypePM
2008-06-02 01:29:57 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-01 04:10:19 0 d-------- C:\Program Files\Veoh Networks
2008-05-30 14:54:05 0 d-------- C:\Program Files\Virtual Earth 3D
2008-05-23 19:10:47 0 d-------- C:\Documents and Settings\Kevin\Application Data\FinalBurner .ISO
2008-05-21 00:15:21 0 d-------- C:\Program Files\LimeWire
2008-05-11 16:39:45 0 d-------- C:\Documents and Settings\Kevin\Application Data\dvdcss
2008-05-08 20:31:17 0 d-------- C:\Documents and Settings\Kevin\Application Data\vlc
2008-05-08 20:30:48 0 d-------- C:\Program Files\VideoLAN
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-14 19:46:58 27160 --a------ C:\Documents and Settings\Kevin\Application Data\GDIPFONTCACHEV1.DAT
2008-04-03 21:45:22 669184 --a------ C:\WINDOWS\system32\pbsvc.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [03/05/2005 12:38 C:\WINDOWS\system32\P17.dll]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [23/04/2007 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/05/2008 22:46]
"nwiz"="nwiz.exe" [02/05/2008 22:46 C:\WINDOWS\system32\nwiz.exe]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [24/09/2001 09:39]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [24/07/2007 23:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [11/09/2002 18:01]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [05/09/2003 06:59]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [21/04/2006 14:42]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [13/08/2007 01:34]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [28/02/2006 13:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 20:20]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/04/2007 17:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 13:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2007 11:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/05/2008 22:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04/04/2007 14:20]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"Steam"="c:\program files\valve\steam\steam.exe" [28/03/2008 11:48]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [15/05/2008 16:11]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [11/08/2004 02:22:40]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kevin^Start Menu^Programs^Startup^Hush Messenger.lnk]
path=C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\Hush Messenger.lnk
backup=C:\WINDOWS\pss\Hush Messenger.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
"C:\Program Files\Kontiki\KHost.exe" -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyman.exe]
C:\Program Files\Tavultesoft\Keyman\keyman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE




-- End of Deckard's System Scanner: finished at 2008-07-02 02:45:07 ------------


Many thanks
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
This is what happens when you download cracks


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Incomplete\T-3545425-your not alone olive.mp3
    C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Old Kevs Stuff\Stuff\Buddy Kill.zip
    C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\Core\Limewire Pro + Crack.zip
    C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\freeripmp3.exe
    C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\Limewire Pro + Crack.zip
    C:\Program Files\ESET\infected\SBIYTXDA.NQF
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears
  • 0

#8
AeonsDead

AeonsDead

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Explorer killed successfully
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Incomplete\T-3545425-your not alone olive.mp3 moved successfully.
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Old Kevs Stuff\Stuff\Buddy Kill.zip moved successfully.
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\Core\Limewire Pro + Crack.zip moved successfully.
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\freeripmp3.exe moved successfully.
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\Limewire Pro + Crack.zip moved successfully.
C:\Program Files\ESET\infected\SBIYTXDA.NQF moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Kevin\LOCALS~1\Temp\Perflib_Perfdata_174.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Kevin\LOCALS~1\Temp\~DF1130.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Kevin\LOCALS~1\Temp\~DF78C7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_538.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP00000044121803395918CAFB scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_160221

Files moved on Reboot...
File C:\DOCUME~1\Kevin\LOCALS~1\Temp\Perflib_Perfdata_174.dat not found!
C:\DOCUME~1\Kevin\LOCALS~1\Temp\~DF1130.tmp moved successfully.
C:\DOCUME~1\Kevin\LOCALS~1\Temp\~DF78C7.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_538.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat not found!
File C:\WINDOWS\temp\TMP00000044121803395918CAFB not found!









Volume in drive C has no label.
Volume Serial Number is 189D-20CC

Directory of C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files

02/07/2008 16:18 <DIR> .
02/07/2008 16:18 <DIR> ..
13/04/2008 16:18 217,732 07miRMPSAH.pdf
09/03/2008 01:13 45,942,912 169.21_forceware_winxp_32bit_english_whql.exe
01/07/2008 23:42 39,793,128 175.16_geforce_winxp_32bit_english_whql.exe
30/12/2004 17:44 18,219,878 66.93_win2kxp_english.exe
24/06/2007 20:57 60,732 82801DB_DBM_DA_AC97.zip
08/06/2008 00:49 19,153,264 aaw2008.exe
13/04/2006 04:50 2,855,080 aawsepersonal.exe
18/03/2006 01:34 302,680 ac3filter_0_70b.exe
01/08/2007 23:43 23,402,288 AdbeRdr810_en_US.exe
20/04/2008 19:15 23,454,528 AdbeRdr812_en_US.exe
13/02/2007 21:10 1,073,672 advisor.exe
19/12/2004 15:50 418,894 adwiper.exe
16/12/2004 01:09 3,597,968 aimUK55.exe
20/04/2005 01:02 9,648,404 Anti-Spyware Kit - (SpyBot - PeerGuardian - SpyBlaster - SpySweeper - WindowsWasher).zip
02/10/2007 22:08 13,751,063 any-video-converter-free.exe
01/01/2005 02:31 1,312,607 APTunerInstall.exe
14/04/2008 16:12 22,292 AR_RMPS_AH02.pdf
31/10/2005 00:23 307,354,445 AutoCAD 2004(1).zip
30/10/2004 18:52 357,780 AVIcodec_1.1.0.4.exe
18/04/2005 16:26 744,529 bazookasetup.exe
09/02/2008 17:58 385,524,406 BF2142_Update_1.40.exe
09/02/2008 17:47 0 BF2142_Update_140-BETA3.exe
08/08/2007 20:54 66,569,089 BF2_Highway_Tampa_Update.zip
27/07/2007 00:43 4,862,464 BitComet_0.91_setup.exe
18/11/2005 00:47 2,951,156 bitcomet_setup.exe
03/10/2004 19:49 2,278,771 BitTorrent-3.4.2.exe
21/01/2005 02:09 3,133,760 BSPROINSTALL.exe
05/04/2008 16:31 2,751,368 ccsetup206.exe
24/07/2007 21:12 <DIR> Cheetah DVD Burner 2.01
04/02/2008 20:47 11,167,560 CoD4MW-1.4-1.5MP-PatchSetup.exe
01/07/2008 22:22 39,968,152 CoD4MW-1.6-1.7-PatchSetup.exe
01/07/2008 22:24 296,330,688 CoD4MW-1.6-PatchSetupuk.exe
01/08/2007 23:17 10,050,902 Codecs6030_allin1.exe
02/07/2008 16:18 <DIR> Core
09/08/2004 02:28 45,103,844 csuv3.exe
08/08/2004 18:45 3,007,628 dap72.exe
15/09/2004 01:49 3,965,328 db-wmfdist-wma9.exe
15/09/2004 01:33 269,784 dBpowerAMP-codec-wmav9.exe
21/03/2006 21:49 5,856,839 dBpowerAMP-codec-wmav91.exe
08/03/2005 20:50 166,144 DECCHECKSetup.EXE
06/06/2007 19:18 2,863,832 DeepBurner1.exe
06/11/2006 01:47 620,154 Devhook 0[1].46 plus SDK.rar
05/11/2006 13:59 318,671 devhook044.zip
27/09/2004 23:29 7,680,064 DivX521XP2K.exe
15/09/2004 01:31 1,519,800 dMC-r10.exe
20/03/2007 23:04 58,848,348 dpb_gold.exe
08/06/2008 04:11 686,630 dss.exe
31/07/2007 23:57 12,763,888 ead-installer.exe
21/01/2005 01:51 4,155,032 eMule0.44d-Installer.exe
20/12/2004 02:20 4,915,119 en-GB.exe
24/06/2007 20:49 4,402,436 everesthome220.zip
13/04/2006 22:40 7,984,736 ewido-setup.exe
03/04/2007 22:13 5,479,830 fb_free.exe
16/01/2006 20:27 3,231,695 ffdshow-20051221-gcc4[1].0.2-sse-x264.nl.exe
22/01/2003 05:27 334 file_id.diz
10/01/2005 04:14 183,118,923 firearms29[1].exe
10/04/2006 18:12 166,064 FixVundo.exe
08/06/2008 02:28 233 FixVundo.log
27/12/2007 01:05 487,330 GameSpot_Download_Manager.exe
16/12/2004 04:48 218,632 gdidettool.exe
12/01/2008 20:50 1,469,992 GenuineCheck.exe
02/02/2005 14:49 1,097,131 Goodmans G-Shot 2025 TFT.zip
02/02/2005 14:51 1,098,683 Goodmans_2025_WinXP.zip
21/12/2005 20:46 11,817,800 GoogleEarth.exe
15/12/2004 23:30 476,304 GoogleToolbarInstaller.exe
07/10/2007 03:08 13,411,824 Google_Earth_BZXV.exe
16/01/2006 20:28 186,567 GSpot252b01.rar
19/04/2005 22:57 1,055,509 highgr20.zip
16/04/2006 21:38 212,849 hijackthis.zip
08/06/2008 03:24 251,392 hijackthis_sfx.exe
08/06/2008 03:38 0 HJTInstall new.exe
08/06/2008 03:38 0 HJTInstall.exe
08/06/2008 03:38 812,344 HJTInstall1.exe
04/12/2004 21:12 386,813 hlmv125.zip
23/03/2005 19:11 50,398,415 hlrb10.exe
25/08/2007 20:15 3,294,686 HushMessenger-1.2.0310-patch1-JVM-installer.exe
29/10/2005 22:06 4,610,480 icqpro2003b.exe
22/12/2005 13:56 2,622,616 ie_zhc.exe
22/12/2005 13:50 23,491,904 imechs.exe
12/06/2008 01:27 1,495,112 install_flash_player.exe
13/02/2007 00:32 9,409,224 Install_MSN_Messenger.exe
09/01/2005 20:23 4,256,750 Intellimouseopticalv4.01winXP.zip
23/03/2005 18:58 106,649,672 ios4.exe
21/08/2004 17:42 2,068,266 iv5setup.exe
17/01/2005 02:37 1,418,296 j2re-1_4_2_06-windows-i586-p-iftw.exe
06/12/2005 00:46 16,426,200 JAD6_BASIC.exe
13/04/2006 19:42 13,726 kill2me.zip
28/06/2007 00:49 12,819,266 klcodec325f.exe
13/12/2003 16:53 3,035,363 klitekpp241e.exe
13/04/2006 19:53 448,487 L2MRemover.zip
19/08/2005 23:27 3,653,917 Lime Wire LimeWire Pro 4.9.23.zip
02/03/2005 19:14 3,396,609 LimeWire 4.6.0 Pro.zip
17/03/2005 01:37 3,397,127 LimeWire 4.8.1 Pro (NEW).zip
17/01/2005 01:16 6,035,992 LimeWire Pro 4.2.6.exe
04/10/2004 18:12 6,194,467 livebilliards.exe
04/10/2004 18:50 7,313,062 LiveBilliards13eDemo.exe
16/04/2006 21:58 40,960 Look2Me-Destroyer.exe
08/06/2008 01:09 329 Look2Me-Destroyer.txt
16/01/2006 20:35 442,061 MatroskaSplitter.exe
08/06/2008 02:54 1,658,102 mbam-setup.exe
30/10/2005 22:26 244,700 messpatch-g3-75311(www.mess.be).zip
21/01/2006 01:36 243,062 messpatch-g3-75322(www.mess.be).zip
13/02/2007 00:41 243,332 messpatch-g3-75324(www.mess.be).zip
13/09/2007 01:34 258,944 messpatch-g5-81178(www.mess.be).zip
15/05/2005 16:13 543,125 messpatch332(www.mess.be).zip
23/09/2005 20:46 234,634 messpatch75299(www.mess.be).zip
28/09/2005 15:57 235,039 messpatch75303(www.mess.be).zip
09/07/2004 22:32 3,497,984 MsgPlus-301.exe
15/12/2004 22:56 3,593,352 MsgPlus-325.exe
19/04/2006 16:54 4,752,968 MsgPlus-363.exe
13/09/2007 14:18 3,949,904 MsgPlusLive-423.exe
20/12/2004 00:44 487,544 msgr6suite.exe
15/05/2005 16:46 45,180 msn7antiadbarpatch(www.mess.be).zip
01/08/2005 16:50 70,095 MSN_Messenger7_Current_Playing_Song.exe
04/05/2007 16:48 2,898,790 New WinZip File.zip
20/04/2005 00:42 876,492 noadware.exe
29/03/2008 21:23 156,265,464 ns_install_v32.exe
01/07/2008 23:16 291,840 OTMoveIt2.exe
16/07/2004 12:18 89,230,200 Paintshop.Pro.8.Retail.exe
14/04/2008 16:12 52,964 PAReportReligiousMoralandPhilosophicalStudiesAdvancedHigher2007.pdf
29/09/2004 00:29 2,855,552 PPView97.exe
23/10/2006 17:33 1,271,125 pro_evolution_soccer_5_eu_a.zip
25/02/2008 01:14 4,034,709 PS3 PES2008 Optionfile V1.5 Update by DeeJay&WEmerica.rar
20/03/2008 21:11 8,759,197 PS3.rar
30/04/2008 03:15 9,528,790 ps3video9_Installer.exe
20/10/2006 22:37 4,762,918 pspVideo9_Install.exe
16/12/2004 20:37 3,055,906 ptabe1_7.zip
28/05/2005 03:06 6,726,434 QuickTimeInstallCache.qdat
03/10/2004 04:31 569,344 QuickTimeInstaller(1).exe
21/07/2007 18:44 569,344 QuickTimeInstaller(2).exe
18/04/2008 18:10 23,700,784 QuickTimeInstaller.exe
25/02/2008 00:48 4,749,774 Rammstone's PES2008 PS3 Option File 1.1.rar
14/06/2008 12:17 200,166,752 SCCTrialSetup.exe
22/01/2003 05:21 6,526,428 setup.exe
26/11/2004 22:55 861,022 SetupPPUpdater.exe
17/01/2005 01:31 3,304,944 Shareaza_2.1.0.0.exe
21/03/2008 19:07 1,454,656 Silverlight.exe
30/01/2008 01:01 22,595,368 SkypeSetup.exe
31/07/2007 00:01 27,007,357 Speedtouch_330_v3.00.zip
27/11/2004 14:51 4,354,084 spybotsd13.exe
13/08/2007 01:54 5,037,072 spybotsd14.exe
03/06/2008 20:32 9,722,720 spybotsd152.exe
15/12/2004 22:11 4,099,927 st330_3012_windows.zip
10/12/2004 18:58 720,200 SteamInstall.exe
05/03/2005 21:44 1,006,087 stinger.exe
05/03/2005 22:45 17 stinger.opt
21/10/2004 22:04 12,235,987 sviewer500.exe
13/08/2007 01:32 4,669,406 Trojan_Remover_6.5.5.rar
18/12/2004 01:48 1,459,079 TrustyFiles.exe
06/11/2006 01:58 21,686,692 UI v1.1.1.exe
05/11/2006 13:49 187,976 UMDGen_v2.00.zip
19/12/2004 15:50 107,008 uncook.exe
22/01/2003 05:26 8,012 underpl.nfo
04/11/2004 21:50 457,254 unphuck10beta.zip
01/06/2008 04:09 21,320,456 VeohSetup-3.9.5.1039.exe
02/10/2007 22:06 8,085,001 VFCCsetup.exe
22/09/2006 16:22 6,440,983 VideoraiPodConverter_Install.exe
08/06/2008 02:46 96,978 VirtumundoBeGone.exe
18/08/2007 16:50 4,099,076 vis4400-xp.exe
08/05/2008 20:30 9,730,075 vlc-0.8.6f-win32.exe
29/01/2006 15:48 1,495,184 VodeiSetup200.exe
01/08/2007 23:23 656,745 vox.zip
08/06/2008 02:28 115,200 VundoFix.exe
13/04/2006 04:52 857,915 vx2cleaner_inst.exe
24/06/2007 21:04 18,346,191 WDM_A400.exe
10/11/2005 20:12 6,082,136 winamp5111_full_emusic-7plus.exe
25/07/2006 19:29 6,206,440 winamp524_full_emusic-7plus.exe
06/03/2006 16:41 5,640,784 winamp52_full_emusic-7plus.exe
24/11/2006 02:10 6,653,000 winamp532_full_emusic-7plus.exe
13/03/2007 14:35 6,718,976 winamp533_full_emusic-7plus.exe
24/06/2007 20:08 6,221,304 winamp535_full_emusic-7plus.exe
14/02/2008 18:40 8,705,840 winamp552_full_emusic-7plus_en-us.exe
18/10/2007 17:41 8,454,584 winamp55_full_emusic-7plus_en-us.exe
06/12/2005 00:57 2,887,559 WinAVI Video Converter (ALL FORMAT TO AVI, DVD, RM, WMV).zip
12/01/2008 20:51 5,154,304 WindowsDefender.msi
23/03/2003 15:04 770,048 winmx331.exe
21/12/2004 16:16 823,296 winmx353.exe
28/06/2007 23:10 25,755,448 wmp11-windowsxp-x86-enu.exe
18/05/2008 18:41 318,904 wmpfirefoxplugin.exe
01/12/2003 22:00 988,398 wrar320.exe
14/08/2007 00:08 1,036,714 WRCSetup.exe
21/10/2004 18:13 3,905,464 xlViewer.exe
01/08/2007 23:13 6,645,955 XP_Codec-Pack_2.0.8.exe
181 File(s) 2,842,452,303 bytes
4 Dir(s) 144,305,897,472 bytes free
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\Lime Wire LimeWire Pro 4.9.23.zip
    C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\LimeWire 4.6.0 Pro.zip
    C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\LimeWire 4.8.1 Pro (NEW).zip
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#10
AeonsDead

AeonsDead

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Explorer killed successfully
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\Lime Wire LimeWire Pro 4.9.23.zip moved successfully.
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\LimeWire 4.6.0 Pro.zip moved successfully.
C:\Documents and Settings\Kevin\Desktop\Kev's Stuff\Setup Files\LimeWire 4.8.1 Pro (NEW).zip moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Kevin\LOCALS~1\Temp\IH59C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_748.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7dc.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07042008_181500

Files moved on Reboot...
C:\DOCUME~1\Kevin\LOCALS~1\Temp\IH59C.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_748.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7dc.dat not found!
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#12
AeonsDead

AeonsDead

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for all your help and time Rorschach, i followed all your instructions on the last post and my computer seems to be running very smoothly. So i guess this topic has been resolved and can be closed.
Again thank you for all your support

Regards, Kevin
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP