Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is really bad, cant do anything, popups, no internet. [RESOLV


  • This topic is locked This topic is locked

#16
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello mewsick75, sorry about the delay; the logs show quite a few nasties. Why did you run DSS in Safe Mode? Could you get it to run in Normal Mode?

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Fix Entries with HijackThis
------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {23433E63-E648-4383-A09B-D4527E8E6D55} - C:\WINDOWS\system32\vtUlLBsq.dll
O2 - BHO: (no name) - {521BEBD7-2DF8-449B-BAE9-1EF6D05F4AF6} - C:\WINDOWS\system32\efcYOfGy.dll
O2 - BHO: (no name) - {995CB5A5-6176-4AE5-A3A7-4FA8DA83E123} - C:\WINDOWS\system32\ddcbCVNd.dll (file missing)
O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\wvUlmlMg.dll
O2 - BHO: (no name) - {FE49E039-06DA-2902-FF49-7BA2979E4CB5} - C:\WINDOWS\system32\uzleuyhj.dll
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\1028u.exe
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\1028u.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O4 - HKCU\..\Run: [Xrxncau] "C:\Program Files\?dobe\?hkntfs.exe"
O4 - HKCU\..\Run: [A00F99AEC.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F99AEC.exe
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\1028u.exeO4 - HKCU\..\Run: [A00F89478.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F89478.exe
O4 - HKCU\..\Run: [A00FBD50D.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00FBD50D.exe
O4 - HKCU\..\Run: [A00F79519.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F79519.exe
O4 - HKCU\..\Run: [A00F2755D3.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F2755D3.exe
O4 - HKCU\..\Run: [A00FAF972.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00FAF972.exe
O4 - HKCU\..\Run: [A00F536D1BE.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F536D1BE.exe
O4 - HKCU\..\Run: [Gilwqib] C:\WINDOWS\?ymantec\?explore.exe
O4 - HKCU\..\Run: [A00F194F7.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F194F7.exe
O4 - HKCU\..\Run: [A00FE609A.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00FE609A.exe
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\1028u.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O20 - Winlogon Notify: wvUlmlMg - C:\WINDOWS\SYSTEM32\wvUlmlMg.dll
O20 - Winlogon Notify: __c00D446 - C:\WINDOWS\system32\__c00D446.dat

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Run VundoFix
------------------------------------------------

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

3. Run OTMoveIt2
------------------------------------------------

Just so it won't take forever one one run, freeze up, or possibly crash the program, let's do this step in two parts:

If you haven't already, please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
    C:\WINDOWS\system32\__c0095E44.dat
    C:\WINDOWS\system32\ttnbilri.exe
    C:\WINDOWS\system32\wsaptsnf.dll
    C:\WINDOWS\system32\xgnxydsw.dll
    C:\WINDOWS\system32\uidhleib.dll
    C:\WINDOWS\system32\lpgwhlmq.dll
    C:\WINDOWS\system32\yGfOYcfe.ini2
    C:\WINDOWS\system32\efcYOfGy.dll
    C:\WINDOWS\system32\d3d9caps.dat
    C:\WINDOWS\system32\euhbrxfk.dll
    C:\WINDOWS\system32\blldixpv.dll
    C:\WINDOWS\system32\__c00724A6.dat
    C:\WINDOWS\system32\ptwfdsdk.exe
    C:\WINDOWS\system32\libwvhih.dll
    C:\WINDOWS\system32\yaotnydd.dll
    C:\WINDOWS\system32\uzleuyhj.dll
    C:\WINDOWS\system32\__c002CAFA.dat
    C:\WINDOWS\system32\idmdknsn.exe
    C:\WINDOWS\system32\ybftqrxi.dll
    C:\WINDOWS\system32\xamdeqpq.dll
    C:\WINDOWS\system32\qehqoqsd.dll
    C:\WINDOWS\system32\nhjqbkxv.dll
    C:\WINDOWS\system32\__c007D68E.dat
    C:\WINDOWS\system32\aypjnjlg.exe
    C:\WINDOWS\system32\ksacrldu.dll
    C:\WINDOWS\system32\__c0046310.dat
    C:\WINDOWS\system32\nkslxptb.exe
    C:\WINDOWS\system32\ltwdsxfq.dll
    C:\WINDOWS\system32\mdkwgyjy.dll
    C:\WINDOWS\system32\alhcdxli.dll
    C:\xcrashdump.dat
    C:\WINDOWS\system32\iuoilcsp.dll
    C:\WINDOWS\system32\__c0068D44.dat
    C:\WINDOWS\system32\hnqqnggo.exe
    C:\WINDOWS\system32\vicnrljv.dll
    C:\WINDOWS\system32\kvuwonbl.dll
    C:\Program Files\Outerinfo
    C:\WINDOWS\system32\kquwpaal.dll
    C:\WINDOWS\system32\xxcxaxiu.dll
    C:\WINDOWS\system32\__c005F675.dat
    C:\WINDOWS\system32\wbwkhrqq.dll
    C:\WINDOWS\system32\lshdhtdk.exe
    C:\WINDOWS\system32\__c00A7C46.dat
    C:\WINDOWS\system32\naplmvrx.exe
    C:\WINDOWS\system32\mmtjrhpl.dll
    C:\WINDOWS\system32\npvrfgjf.dll
    C:\WINDOWS\system32\xsbskvwg.dll
    C:\WINDOWS\system32\__c00D446.dat
    C:\WINDOWS\system32\kmwcybdw.exe
    C:\WINDOWS\system32\yvmfxsnm.dll
    C:\WINDOWS\system32\vbcofhjh.dll
    C:\WINDOWS\system32\cqhrlxxk.dll
    C:\WINDOWS\system32\qsBLlUtv.ini2
    C:\WINDOWS\system32\FiRqqXyb.ini2
    C:\WINDOWS\system32\FhQpWvut.ini2

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Once done with the previous steps, repeat the above instructions, but with the following input:


C:\WINDOWS\system32\vuowsbwn.dll
C:\WINDOWS\system32\ndmofcru.dll
C:\WINDOWS\system32\dpykvvru.exe
C:\WINDOWS\system32\lxwyublv.dll
C:\WINDOWS\system32\vgrghgnj.dll
C:\WINDOWS\popcreg.dat
C:\WINDOWS\popcinfot.dat
C:\WINDOWS\system32\faeaftyl.dll
C:\WINDOWS\system32\kapqfujx.exe
C:\WINDOWS\system32\ucaorern.dll
C:\WINDOWS\system32\ctnjgfyj.dll
C:\WINDOWS\system32\byXqqRiF.dll
C:\WINDOWS\system32\mluevktp.dll
C:\WINDOWS\system32\hqbflmfq.exe
C:\WINDOWS\system32\dklaistf.dll
C:\WINDOWS\system32\vtUlLBsq.dll
C:\Program Files\QdrModule
C:\WINDOWS\system32\fqqdohnq.dll
C:\WINDOWS\system32\kyfqjckn.exe
C:\WINDOWS\system32\uhuckchs.dll
C:\WINDOWS\system32\tuvWpQhF.dll
C:\WINDOWS\system32\dNVCbcdd.ini2
C:\WINDOWS\system32\dchqqigf.exe
C:\WINDOWS\system32\myjymavu.dll
C:\WINDOWS\system32\yhnragoq.dll
C:\WINDOWS\system32\bpvkeimc.dll
C:\WINDOWS\system32\vtUomMEU.dll
C:\WINDOWS\system32\qtavgini.dll
C:\WINDOWS\system32\gnerhaio.dll
C:\WINDOWS\system32\ndxtgcys.exe
C:\WINDOWS\system32\xwfotivf.dll
C:\WINDOWS\system32\aiubhfon.exe
C:\WINDOWS\system32\htpkntau.dll
C:\WINDOWS\system32\pabjnrfq.dll
C:\WINDOWS\system32\pmnoOIby.dll
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\EF22042C3C.sys
C:\WINDOWS\system32\dvmurdgl.exe
C:\WINDOWS\system32\eckeieqr.dll
C:\WINDOWS\system32\kthywbre.dll
C:\WINDOWS\system32\wbvagtdl.dll
C:\WINDOWS\system32\tojtsnch.dll
C:\WINDOWS\system32\kxmuaisk.dll
C:\WINDOWS\system32\sdmekwyd.dll
C:\WINDOWS\system32\qtslvqtp.dll
C:\WINDOWS\system32\fbyewvck.dll
C:\WINDOWS\system32\ubgmpnfg.exe
C:\WINDOWS\system32\dtydfwem.dll
C:\WINDOWS\system32\VCfLkUvw.ini2
C:\WINDOWS\system32\ffPWDfii.ini2
C:\WINDOWS\system32\mlmpqBeg.ini2
C:\WINDOWS\system32\geBqpmlm.dll
C:\WINDOWS\system32\1028u.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\000090.exe
C:\WINDOWS\system32\000060.exe

Post the OTMoveIt log generated by this as well.

In your next post
------------------------------------------------

The logs probably won't fit into one post, so if they are too big, just split them up like you did with DSS :) Great job with that by the way :)
  • Fresh HijackThis log
  • VundoFix's log
  • OTMoveIt2 logs

Edited by Fredil, 02 July 2008 - 01:46 PM.
grammar fix

  • 0

Advertisements


#17
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
The computer is now just a desktop with nothing on it, the only way to do anything on the computer is if i run it in SAFE MODE WITH COMMAND PROMPT. When I do that, if the computer restarts as part of a program, it doesnt run the program. I'm running these programs off a disk I put in the CD drive because there is no way to access the desktop. Any ideas??? I couldnt run MMOVE IT because I cant copy the script to it.

HELP!!!
  • 0

#18
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Okay... try this.

Try to boot to normal mode. If you can actually get to your desktop, hit CTRL-ALT-DEL, which will bring up the Task Manager. Click on the "Applications" tab and then "New Task". In the box that appears, type explorer.exe and press Enter. Your taskbar/icons should reappear.

Try that and [bleep]tell me how it goes :)

Edited by Fredil, 02 July 2008 - 07:51 PM.
"and [bleep] me"? typo, I think.

  • 0

#19
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
MOveIT would not run at all!!!!

But here are the other logs.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:12 PM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\?ymantec\?explore.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\alan\LOCALS~1\Temp\!update.exe
C:\WINDOWS\system32\DOBE~1\dvdplay.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\alan\Desktop\Norwich\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\alan\Application Data\Microsoft\dtsc\7716.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\DOBE~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [A00F660FE.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F660FE.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\alan\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\alan\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/...on.cab64162.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL iuoilcsp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8424 bytes




VundoFix V7.0.6

Scan started at 7:57:48 PM 7/2/2008

Listing files found while scanning....

C:\Windows\system32\cqhrlxxk.dll
C:\Windows\system32\gwvksbsx.ini
C:\Windows\system32\kquwpaal.dll
C:\Windows\system32\mmtjrhpl.dll
C:\Windows\system32\npvrfgjf.dll
C:\Windows\system32\vbcofhjh.dll
C:\Windows\system32\vuowsbwn.dll
C:\Windows\system32\wbwkhrqq.dll
C:\WINDOWS\system32\wvUlmlMg.dll
C:\Windows\system32\xsbskvwg.dll
C:\Windows\system32\xxcxaxiu.dll
C:\Windows\system32\yvmfxsnm.dll

Beginning removal...

Attempting to delete C:\Windows\system32\cqhrlxxk.dll
C:\Windows\system32\cqhrlxxk.dll Has been deleted!

Attempting to delete C:\Windows\system32\gwvksbsx.ini
C:\Windows\system32\gwvksbsx.ini Has been deleted!

Attempting to delete C:\Windows\system32\kquwpaal.dll
C:\Windows\system32\kquwpaal.dll Has been deleted!

Attempting to delete C:\Windows\system32\mmtjrhpl.dll
C:\Windows\system32\mmtjrhpl.dll Has been deleted!

Attempting to delete C:\Windows\system32\npvrfgjf.dll
C:\Windows\system32\npvrfgjf.dll Has been deleted!

Attempting to delete C:\Windows\system32\vbcofhjh.dll
C:\Windows\system32\vbcofhjh.dll Has been deleted!

Attempting to delete C:\Windows\system32\vuowsbwn.dll
C:\Windows\system32\vuowsbwn.dll Has been deleted!

Attempting to delete C:\Windows\system32\wbwkhrqq.dll
C:\Windows\system32\wbwkhrqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvUlmlMg.dll
C:\WINDOWS\system32\wvUlmlMg.dll Could not be deleted.

Attempting to delete C:\Windows\system32\xsbskvwg.dll
C:\Windows\system32\xsbskvwg.dll Has been deleted!

Attempting to delete C:\Windows\system32\xxcxaxiu.dll
C:\Windows\system32\xxcxaxiu.dll Has been deleted!

Attempting to delete C:\Windows\system32\yvmfxsnm.dll
C:\Windows\system32\yvmfxsnm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V7.0.6

Scan started at 10:06:53 PM 7/2/2008

Listing files found while scanning....

C:\WINDOWS\system32\wvUlmlMg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\wvUlmlMg.dll
C:\WINDOWS\system32\wvUlmlMg.dll Could not be deleted.

Performing Repairs to the registry.
Done!
  • 0

#20
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
What happens when you try to run OTMoveIt? Does it just flash on and close?
  • 0

#21
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
It doesnt even flash it just doesnt open.
  • 0

#22
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello mewsick75, I think that malware is stopping the programs from running. It's odd though, because that kind of malware usually stops HijackThis as well, but you can get a HJT log with no problem :)

Let's try something else. Going right through the weapon shack right now :)

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\vuowsbwn.dll
    C:\WINDOWS\system32\ndmofcru.dll
    C:\WINDOWS\system32\dpykvvru.exe
    C:\WINDOWS\system32\lxwyublv.dll
    C:\WINDOWS\system32\vgrghgnj.dll
    C:\WINDOWS\popcreg.dat
    C:\WINDOWS\popcinfot.dat
    C:\WINDOWS\system32\faeaftyl.dll
    C:\WINDOWS\system32\kapqfujx.exe
    C:\WINDOWS\system32\ucaorern.dll
    C:\WINDOWS\system32\ctnjgfyj.dll
    C:\WINDOWS\system32\byXqqRiF.dll
    C:\WINDOWS\system32\mluevktp.dll
    C:\WINDOWS\system32\hqbflmfq.exe
    C:\WINDOWS\system32\dklaistf.dll
    C:\WINDOWS\system32\vtUlLBsq.dll
    C:\Program Files\QdrModule
    C:\WINDOWS\system32\fqqdohnq.dll
    C:\WINDOWS\system32\kyfqjckn.exe
    C:\WINDOWS\system32\uhuckchs.dll
    C:\WINDOWS\system32\tuvWpQhF.dll
    C:\WINDOWS\system32\dNVCbcdd.ini2
    C:\WINDOWS\system32\dchqqigf.exe
    C:\WINDOWS\system32\myjymavu.dll
    C:\WINDOWS\system32\yhnragoq.dll
    C:\WINDOWS\system32\bpvkeimc.dll
    C:\WINDOWS\system32\vtUomMEU.dll
    C:\WINDOWS\system32\qtavgini.dll
    C:\WINDOWS\system32\gnerhaio.dll
    C:\WINDOWS\system32\ndxtgcys.exe
    C:\WINDOWS\system32\xwfotivf.dll
    C:\WINDOWS\system32\aiubhfon.exe
    C:\WINDOWS\system32\htpkntau.dll
    C:\WINDOWS\system32\pabjnrfq.dll
    C:\WINDOWS\system32\pmnoOIby.dll
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\WINDOWS\system32\EF22042C3C.sys
    C:\WINDOWS\system32\dvmurdgl.exe
    C:\WINDOWS\system32\eckeieqr.dll
    C:\WINDOWS\system32\kthywbre.dll
    C:\WINDOWS\system32\wbvagtdl.dll
    C:\WINDOWS\system32\tojtsnch.dll
    C:\WINDOWS\system32\kxmuaisk.dll
    C:\WINDOWS\system32\sdmekwyd.dll
    C:\WINDOWS\system32\qtslvqtp.dll
    C:\WINDOWS\system32\fbyewvck.dll
    C:\WINDOWS\system32\ubgmpnfg.exe
    C:\WINDOWS\system32\dtydfwem.dll
    C:\WINDOWS\system32\VCfLkUvw.ini2
    C:\WINDOWS\system32\ffPWDfii.ini2
    C:\WINDOWS\system32\mlmpqBeg.ini2
    C:\WINDOWS\system32\geBqpmlm.dll
    C:\WINDOWS\system32\1028u.exe
    C:\WINDOWS\system32\000080.exe
    C:\WINDOWS\system32\000090.exe
    C:\WINDOWS\system32\000060.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
  • 0

#23
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
OK, I did the above steps with Killbox. What next????
  • 0

#24
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Did you encounter any problems? If not, repeat the above steps with Killbox, except with this code:

C:\WINDOWS\system32\__c0095E44.dat
C:\WINDOWS\system32\ttnbilri.exe
C:\WINDOWS\system32\wsaptsnf.dll
C:\WINDOWS\system32\xgnxydsw.dll
C:\WINDOWS\system32\uidhleib.dll
C:\WINDOWS\system32\lpgwhlmq.dll
C:\WINDOWS\system32\yGfOYcfe.ini2
C:\WINDOWS\system32\efcYOfGy.dll
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\euhbrxfk.dll
C:\WINDOWS\system32\blldixpv.dll
C:\WINDOWS\system32\__c00724A6.dat
C:\WINDOWS\system32\ptwfdsdk.exe
C:\WINDOWS\system32\libwvhih.dll
C:\WINDOWS\system32\yaotnydd.dll
C:\WINDOWS\system32\uzleuyhj.dll
C:\WINDOWS\system32\__c002CAFA.dat
C:\WINDOWS\system32\idmdknsn.exe
C:\WINDOWS\system32\ybftqrxi.dll
C:\WINDOWS\system32\xamdeqpq.dll
C:\WINDOWS\system32\qehqoqsd.dll
C:\WINDOWS\system32\nhjqbkxv.dll
C:\WINDOWS\system32\__c007D68E.dat
C:\WINDOWS\system32\aypjnjlg.exe
C:\WINDOWS\system32\ksacrldu.dll
C:\WINDOWS\system32\__c0046310.dat
C:\WINDOWS\system32\nkslxptb.exe
C:\WINDOWS\system32\ltwdsxfq.dll
C:\WINDOWS\system32\mdkwgyjy.dll
C:\WINDOWS\system32\alhcdxli.dll
C:\xcrashdump.dat
C:\WINDOWS\system32\iuoilcsp.dll
C:\WINDOWS\system32\__c0068D44.dat
C:\WINDOWS\system32\hnqqnggo.exe
C:\WINDOWS\system32\vicnrljv.dll
C:\WINDOWS\system32\kvuwonbl.dll
C:\Program Files\Outerinfo
C:\WINDOWS\system32\kquwpaal.dll
C:\WINDOWS\system32\xxcxaxiu.dll
C:\WINDOWS\system32\__c005F675.dat
C:\WINDOWS\system32\wbwkhrqq.dll
C:\WINDOWS\system32\lshdhtdk.exe
C:\WINDOWS\system32\__c00A7C46.dat
C:\WINDOWS\system32\naplmvrx.exe
C:\WINDOWS\system32\mmtjrhpl.dll
C:\WINDOWS\system32\npvrfgjf.dll
C:\WINDOWS\system32\xsbskvwg.dll
C:\WINDOWS\system32\__c00D446.dat
C:\WINDOWS\system32\kmwcybdw.exe
C:\WINDOWS\system32\yvmfxsnm.dll
C:\WINDOWS\system32\vbcofhjh.dll
C:\WINDOWS\system32\cqhrlxxk.dll
C:\WINDOWS\system32\qsBLlUtv.ini2
C:\WINDOWS\system32\FiRqqXyb.ini2
C:\WINDOWS\system32\FhQpWvut.ini2


Let me know how that goes :)
  • 0

#25
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
I was able to do that. Whats next?
  • 0

Advertisements


#26
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
We check if it worked :) There shouldn't be too much left to do if it did.

1. Re-scan with DSS
------------------------------------------------

Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%userprofile%\Desktop\dss.exe" /config

Hit "Check All" and click "Scan!" DSS will produce main.txt and extra.txt, please post them back :)
  • 0

#27
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Deckard's System Scanner v20071014.68
Run by alan on 2008-07-05 20:10:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2008-07-06 00:10:23 UTC - RP560 - Deckard's System Scanner Restore Point
78: 2008-07-06 00:02:16 UTC - RP559 - Removed SUPERAntiSpyware Free Edition
77: 2008-07-05 12:40:57 UTC - RP558 - System Checkpoint
76: 2008-07-04 11:54:28 UTC - RP557 - System Checkpoint
75: 2008-07-03 11:35:52 UTC - RP556 - System Checkpoint


-- First Restore Point --
1: 2008-05-24 18:49:37 UTC - RP482 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as alan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:23 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Documents and Settings\alan\Application Data\Microsoft\dtsc\7716.exe
C:\WINDOWS\system32\DOBE~1\dvdplay.exe
C:\Program Files\uTorrent\uTorrent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\S?mantec\w?auclt.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\alan\Desktop\dss.exe
C:\DOCUME~1\alan\Desktop\Norwich\alan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {995CB5A5-6176-4AE5-A3A7-4FA8DA83E123} - C:\WINDOWS\system32\ddcbCVNd.dll (file missing)
O2 - BHO: (no name) - {B157538C-1F8C-469D-8A8D-F6F46860F404} - C:\WINDOWS\system32\vtUlLBsq.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: {0cb71574-2956-df7b-a804-0da0328b4bbc} - {cbb4b823-0ad0-408a-b7fd-659247517bc0} - C:\WINDOWS\system32\wgneig.dll
O2 - BHO: (no name) - {F910E133-54D9-2E07-F949-7BA2979E1FB6} - C:\WINDOWS\system32\tnoh.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\alan\Application Data\Microsoft\dtsc\7716.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\DOBE~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [A00F660FE.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F660FE.exe
O4 - HKCU\..\Run: [A00F218BF3.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F218BF3.exe
O4 - HKCU\..\Run: [Njssrbvc] "C:\Program Files\Common Files\S?mantec\w?auclt.exe"
O4 - HKCU\..\Run: [A00F4964B2.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F4964B2.exe
O4 - HKCU\..\Run: [A00F32C51.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F32C51.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\alan\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\alan\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/...on.cab64162.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL iuoilcsp.dll
O20 - Winlogon Notify: __c00C2416 - C:\WINDOWS\system32\__c00C2416.dat
O20 - Winlogon Notify: __c00D446 - C:\WINDOWS\system32\__c00D446.dat (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10923 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\alan\Desktop\Norwich\backups\) --------

backup-20080702-193213-163 O4 - HKCU\..\Run: [A00FAF972.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00FAF972.exe
backup-20080702-193213-166 O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
backup-20080702-193213-170 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
backup-20080702-193213-227 O4 - HKCU\..\Run: [Gilwqib] C:\WINDOWS\?ymantec\?explore.exe
backup-20080702-193213-244 O4 - HKCU\..\Run: [A00F79519.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F79519.exe
backup-20080702-193213-262 O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\1028u.exe
backup-20080702-193213-306 O4 - HKCU\..\Run: [A00F194F7.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F194F7.exe
backup-20080702-193213-313 O4 - HKCU\..\Run: [A00F89478.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F89478.exe
backup-20080702-193213-498 O4 - HKCU\..\Run: [A00F536D1BE.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F536D1BE.exe
backup-20080702-193213-520 O4 - HKCU\..\Run: [A00F2755D3.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F2755D3.exe
backup-20080702-193213-558 O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\1028u.exe
backup-20080702-193213-565 O4 - HKCU\..\Run: [A00F99AEC.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F99AEC.exe
backup-20080702-193213-573 O4 - HKCU\..\Run: [A00FBD50D.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00FBD50D.exe
backup-20080702-193213-576 O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\1028u.exe
backup-20080702-193213-804 O4 - HKCU\..\Run: [A00FE609A.exe] C:\DOCUME~1\alan\LOCALS~1\Temp\_A00FE609A.exe
backup-20080702-193213-808 O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
backup-20080702-193213-867 R3 - URLSearchHook: (no name) - - (no file)
backup-20080702-193213-896 O4 - HKCU\..\Run: [Xrxncau] "C:\Program Files\?dobe\?hkntfs.exe"
backup-20080702-193213-899 O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\1028u.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 drmkk - c:\windows\system32\drivers\drmkk.sys
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ScsiAccess - c:\windows\system32\scsiaccess.exe

S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 644)
-- :: 0 --------- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

C:\WINDOWS\system32\rundll32.exe (pid 2920)
2008-05-25 17:56:25 315136 -----n--- C:\WINDOWS\system32\vtUlLBsq.dll
2005-08-17 10:38:00 143360 --a------ C:\Program Files\McAfee\SpamKiller\MSKOEPlg.dll <Not Verified; McAfee Inc.; McAfee SpamKiller>
2008-07-05 00:37:28 24576 --a------ C:\WINDOWS\system32\__c00C2416.dat
2005-09-26 18:12:52 98304 --a------ C:\Program Files\McAfee.com\VSO\McVSSkt.Dll <Not Verified; McAfee, Inc.; McAfee VirusScan>

C:\WINDOWS\explorer.exe (pid 1832)
2005-08-17 10:38:00 143360 --a------ C:\Program Files\McAfee\SpamKiller\MSKOEPlg.dll <Not Verified; McAfee Inc.; McAfee SpamKiller>
2008-05-25 17:56:25 315136 -----n--- C:\WINDOWS\system32\vtUlLBsq.dll
2005-09-26 18:12:52 98304 --a------ C:\Program Files\McAfee.com\VSO\McVSSkt.Dll <Not Verified; McAfee, Inc.; McAfee VirusScan>
2008-07-05 00:37:28 24576 --a------ C:\WINDOWS\system32\__c00C2416.dat
2008-07-05 00:31:11 106240 --a------ C:\WINDOWS\system32\wgneig.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 00:37:04 348 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ALSPC64-alan).job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 00:37:58 644979 --ahs---- C:\WINDOWS\system32\qsBLlUtv.ini2
2008-07-05 00:37:25 24576 --a------ C:\WINDOWS\system32\__c00C2416.dat
2008-07-05 00:31:16 82240 --a------ C:\WINDOWS\system32\cvwyjlrv.dll
2008-07-05 00:31:16 24576 --a------ C:\WINDOWS\system32\__c00192A4.dat
2008-07-05 00:31:15 37888 --a------ C:\WINDOWS\system32\rrgvownm.exe
2008-07-05 00:31:11 106240 --a------ C:\WINDOWS\system32\wgneig.dll
2008-07-05 00:31:11 106240 --a------ C:\WINDOWS\system32\kbdqoqrb.dll
2008-07-03 23:13:09 106192 --a------ C:\WINDOWS\system32\wpiaxbvh.dll
2008-07-03 23:13:09 106192 --a------ C:\WINDOWS\system32\dokuct.dll
2008-07-03 23:10:10 24576 --a------ C:\WINDOWS\system32\__c00B9173.dat
2008-07-03 23:10:08 37888 --a------ C:\WINDOWS\system32\sxeawfcl.exe
2008-07-03 23:07:08 85376 --a------ C:\WINDOWS\system32\wprnsgfw.dll
2008-07-03 21:51:58 0 d-------- C:\Program Files\Common Files\S?mantec
2008-07-03 21:51:57 60928 --a------ C:\WINDOWS\system32\tnoh.dll
2008-07-03 21:47:20 0 d-------- C:\!KillBox
2008-07-02 23:13:50 85248 --a------ C:\WINDOWS\system32\rqisjqsm.dll
2008-07-02 23:10:51 106272 --a------ C:\WINDOWS\system32\ysxwst.dll
2008-07-02 23:10:50 106272 --a------ C:\WINDOWS\system32\cekgtxpq.dll
2008-07-02 23:07:51 24576 --a------ C:\WINDOWS\system32\__c0039D92.dat
2008-07-02 23:07:50 37888 --a------ C:\WINDOWS\system32\tymauxqv.exe
2008-07-02 19:57:48 0 d-------- C:\VundoFix Backups
2008-07-02 19:02:09 1718700 ---hs---- C:\WINDOWS\system32\qravhsie.ini2
2008-06-27 22:29:01 85024 --a------ C:\WINDOWS\system32\eishvarq.dll
2008-06-27 22:28:57 105904 --a------ C:\WINDOWS\system32\steevx.dll
2008-06-27 22:28:57 105904 --a------ C:\WINDOWS\system32\nxwjhmyl.dll
2008-06-27 22:28:55 24576 --a------ C:\WINDOWS\system32\__c002FF84.dat
2008-06-27 22:28:54 37888 --a------ C:\WINDOWS\system32\pmcuqhif.exe
2008-06-27 22:28:51 90528 --a------ C:\WINDOWS\system32\ivgkpmco.dll
2008-06-26 23:00:56 0 d-------- C:\Documents and Settings\alan\Application Data\Grisoft
2008-06-26 23:00:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-26 00:10:47 0 d-------- C:\WINDOWS\?ymantec
2008-06-25 00:05:58 0 d-------- C:\Program Files\Common Files\W?nSxS
2008-06-24 22:43:49 0 d-------- C:\Program Files\Common Files\Java
2008-06-24 20:43:17 0 d-------- C:\Documents and Settings\alan\Application Data\uTorrent
2008-06-23 23:10:46 0 d-------- C:\WINDOWS\system32\?ecurity
2008-06-23 23:10:46 0 d-------- C:\Program Files\Outerinfo
2008-06-18 20:15:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-18 20:14:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-18 20:14:57 0 d-------- C:\Documents and Settings\alan\Application Data\SUPERAntiSpyware.com
2008-06-18 19:35:12 0 d-------- C:\WINDOWS\pss
2008-06-18 19:21:58 0 d-------- C:\WINDOWS\system32\LogFiles


-- Find3M Report ---------------------------------------------------------------

2008-07-05 20:02:23 0 d-------- C:\Program Files\Common Files
2008-07-03 21:51:58 0 d-------- C:\Program Files\Common Files\S?mantec
2008-06-26 22:54:34 0 d-------- C:\Program Files\?dobe
2008-06-25 00:05:58 0 d-------- C:\Program Files\Common Files\W?nSxS
2008-06-24 22:44:35 0 d-------- C:\Program Files\Java
2008-06-24 20:38:02 0 d-------- C:\Program Files\Common Files\AOL
2008-06-24 20:36:00 0 d-------- C:\Program Files\PopCap Games
2008-06-18 21:48:03 0 d-------- C:\Program Files\Spyware Doctor
2008-06-18 19:25:35 0 d-------- C:\Program Files\Google
2008-06-18 19:21:55 0 d-------- C:\Program Files\Dl_cats
2008-05-26 12:34:54 83216 -----n--- C:\WINDOWS\system32\ndmofcru.dll
2008-05-26 12:34:27 2560 -----n--- C:\WINDOWS\system32\dpykvvru.exe
2008-05-26 12:32:31 100672 -----n--- C:\WINDOWS\system32\lxwyublv.dll
2008-05-26 12:32:19 90896 -----n--- C:\WINDOWS\system32\vgrghgnj.dll
2008-05-26 09:50:27 166 -----n--- C:\WINDOWS\popcreg.dat
2008-05-26 09:50:27 34 -----n--- C:\WINDOWS\popcinfot.dat
2008-05-26 08:14:12 83216 -----n--- C:\WINDOWS\system32\faeaftyl.dll
2008-05-26 08:14:11 2560 -----n--- C:\WINDOWS\system32\kapqfujx.exe
2008-05-26 08:11:12 100672 -----n--- C:\WINDOWS\system32\ucaorern.dll
2008-05-26 08:08:52 90896 -----n--- C:\WINDOWS\system32\ctnjgfyj.dll
2008-05-26 08:08:09 315168 -----n--- C:\WINDOWS\system32\byXqqRiF.dll
2008-05-25 18:43:09 0 d-------- C:\Documents and Settings\alan\Application Data\Help
2008-05-25 18:05:27 100608 -----n--- C:\WINDOWS\system32\mluevktp.dll
2008-05-25 18:02:26 2560 -----n--- C:\WINDOWS\system32\hqbflmfq.exe
2008-05-25 17:57:07 90896 -----n--- C:\WINDOWS\system32\dklaistf.dll
2008-05-25 17:56:25 315136 -----n--- C:\WINDOWS\system32\vtUlLBsq.dll
2008-05-25 15:00:52 0 d-------- C:\Documents and Settings\alan\Application Data\PC Tools
2008-05-25 14:50:00 0 d-------- C:\Program Files\SpywareIsolator
2008-05-25 13:49:06 0 d-------- C:\Program Files\Activision Value
2008-05-24 14:41:36 0 d-------- C:\Program Files\Microsoft Games
2008-05-24 11:26:26 0 d-------- C:\Documents and Settings\alan\Application Data\Microsoft Games
2008-05-24 11:25:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 11:05:55 0 d-------- C:\Program Files\uTorrent
2008-05-24 11:05:48 26384 -----n--- C:\WINDOWS\system32\wvUlmlMg.dll
2008-05-24 11:05:46 0 d-------- C:\Program Files\ISM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{995CB5A5-6176-4AE5-A3A7-4FA8DA83E123}]
C:\WINDOWS\system32\ddcbCVNd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B157538C-1F8C-469D-8A8D-F6F46860F404}]
05/25/2008 05:56 PM 315136 --------- C:\WINDOWS\system32\vtUlLBsq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cbb4b823-0ad0-408a-b7fd-659247517bc0}]
07/05/2008 12:31 AM 106240 --a------ C:\WINDOWS\system32\wgneig.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F910E133-54D9-2E07-F949-7BA2979E1FB6}]
05/29/2008 02:34 PM 60928 --a------ C:\WINDOWS\system32\tnoh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 11:20 PM C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 09:05 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 10:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 04:16 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 10:26 AM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 12:49 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 05:00 PM]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [09/14/2005 12:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Microsoft Windows Installer"="C:\Documents and Settings\alan\Application Data\Microsoft\dtsc\7716.exe" [05/24/2008 11:05 AM]
"Uaol"="C:\WINDOWS\system32\DOBE~1\dvdplay.exe" [05/24/2008 11:06 AM]
"A00F660FE.exe"="C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F660FE.exe" []
"A00F218BF3.exe"="C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F218BF3.exe" []
"Njssrbvc"="C:\Program Files\Common Files\S?mantec\w?auclt.exe" [05/29/2008 02:35 PM]
"A00F4964B2.exe"="C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F4964B2.exe" []
"A00F32C51.exe"="C:\DOCUME~1\alan\LOCALS~1\Temp\_A00F32C51.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/12/2006 6:13:57 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00C2416]
C:\WINDOWS\system32\__c00C2416.dat 07/05/2008 12:37 AM 24576 C:\WINDOWS\system32\__c00C2416.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00D446]
C:\WINDOWS\system32\__c00D446.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL iuoilcsp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUlLBsq
"IEUpdate"= C:\WINDOWS\system32\1028u.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
"C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEUpdate]
C:\WINDOWS\system32\1028u.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareisolator]
C:\Program Files\SpywareIsolator\spywareisolator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8520 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-05 20:14:22 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.66GHz
CPU 1: Intel® Pentium® D CPU 2.66GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1022.07 MiB / 500.32 MiB
Pagefile Memory (total/avail): 2458.98 MiB / 2066.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1879.93 MiB

C: is Fixed (NTFS) - 69.79 GiB total, 56.27 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3808110AS - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 69.79 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: McAfee VirusScan v (McAfee) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\alan\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALSPC64
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\alan
LOGONSERVER=\\ALSPC64
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\alan\LOCALS~1\Temp
TMP=C:\DOCUME~1\alan\LOCALS~1\Temp
USERDOMAIN=ALSPC64
USERNAME=alan
USERPROFILE=C:\Documents and Settings\alan
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

alan (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
924PLC32 --> MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Absolute Poker --> C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bookworm Adventures --> "C:\Program Files\Dell Games\Bookworm Adventures\Uninstall.exe"
Bookworm Adventures Deluxe 1.0 --> C:\Program Files\PopCap Games\Bookworm Adventures Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bookworm Adventures Deluxe\Install.log"
Bookworm Deluxe 1.13 --> C:\Program Files\PopCap Games\Bookworm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bookworm Deluxe\Install.log"
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Photo AIO Printer 924 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNST.EXE -NOLICENSE
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\alan\Desktop\Norwich\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hoyle Casino 4 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\CASINO4\Uninst.isu
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_0_280d3903\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
Outerinfo --> C:\Program Files\Outerinfo\OiUninstaller.exe
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spin Palace Casino --> C:\MicroGaming\Casino\SpinPalace\install.exe -uninstall
Spin Palace Casino --> C:\PROGRA~1\SPINPA~1\UNWISE.EXE C:\PROGRA~1\SPINPA~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Venture Africa (remove only) --> "C:\Program Files\MumboJumbo\VentureAfrica\Uninstall.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 -->
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Zoo Tycoon 2 - Dino Danger Pack --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F568B133-170C-4818-B06A-712C6D91B9F7}
Zoo Tycoon2 - Marine Mania Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{FDBE4583-26AB-4DBE-8263-07836871002D}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1362 / Warning
Event Submitted/Written: 07/05/2008 00:37:22 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}', feature 'PaintShopProStudio' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type1361 / Warning
Event Submitted/Written: 07/05/2008 00:37:22 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}', feature 'PaintShopProStudio', component '{9756BC4D-C647-4986-915E-0127D0A9A7AB}' failed. The resource 'HKEY_CURRENT_USER\Software\Jasc\Paint Shop Pro Studio 1\Installer\CacheFolder' does not exist.

Event Record #/Type1360 / Warning
Event Submitted/Written: 07/05/2008 00:37:19 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}', feature 'PaintShopProStudio' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type1359 / Warning
Event Submitted/Written: 07/05/2008 00:37:18 AM / 07/05/2008 00:37:19 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}', feature 'PaintShopProStudio', component '{9756BC4D-C647-4986-915E-0127D0A9A7AB}' failed. The resource 'HKEY_CURRENT_USER\Software\Jasc\Paint Shop Pro Studio 1\Installer\CacheFolder' does not exist.

Event Record #/Type1356 / Error
Event Submitted/Written: 07/05/2008 00:30:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x1000b1db.
Processing media-specific event for [!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9033 / Error
Event Submitted/Written: 07/05/2008 08:01:40 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type9032 / Warning
Event Submitted/Written: 07/05/2008 02:16:35 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type9031 / Error
Event Submitted/Written: 07/05/2008 00:41:15 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee SpamKiller Server service failed to start due to the following error:
%%1053

Event Record #/Type9030 / Error
Event Submitted/Written: 07/05/2008 00:41:15 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.

Event Record #/Type9029 / Error
Event Submitted/Written: 07/05/2008 00:41:15 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service MskService with arguments ""
in order to run the server:
{5109B8D8-73AF-4C41-A70E-73707E1F908A}



-- End of Deckard's System Scanner: finished at 2008-07-05 20:14:22 ------------
  • 0

#28
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello mewsick75, not bad but could definitely be better. How's your computer?

Let's try ComboFix again, hopefully the malware that we got rid of was blocking it. If not, we'll resort to the big guns.

1. Run ComboFix
------------------------------------------------

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open internet browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#29
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
It still is not running!!!!
  • 0

#30
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Bleh! Let's see if this will work:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP