Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

qketweuy.dll and swokrwcv.dll error messages [CLOSED]


  • This topic is locked This topic is locked

#1
darkboyz68

darkboyz68

    Member

  • Member
  • PipPip
  • 33 posts
Hello.
I had some crazy pop ups when ever I opened IE.
So I got Ad-Aware and AVG anti-virus and ran them on safemode.
After that when I boot my PC I got RUNDLLs errors.
I attached a screenshot of the pop up errors.

So I followed the instructions on this site and ran the tools.
Service pack is on auto-update ever since i got the pc.
Can you please take a look if theres anything else?

Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:22 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\svchost.exe
K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
K:\WINDOWS\Explorer.EXE
K:\WINDOWS\ehome\ehtray.exe
K:\WINDOWS\system32\RUNDLL32.EXE
K:\WINDOWS\System32\DLA\DLACTRLW.EXE
K:\PROGRA~1\AVG\AVG8\avgtray.exe
K:\WINDOWS\stsystra.exe
K:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
K:\WINDOWS\system32\ctfmon.exe
K:\Program Files\Messenger\msmsgs.exe
K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
K:\WINDOWS\system32\spoolsv.exe
K:\Program Files\PrintKey2000\Printkey2000.exe
K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
K:\WINDOWS\eHome\ehRecvr.exe
K:\WINDOWS\eHome\ehSched.exe
K:\WINDOWS\system32\nvsvc32.exe
K:\Program Files\Viewpoint\Common\ViewpointService.exe
K:\PROGRA~1\AVG\AVG8\avgam.exe
K:\PROGRA~1\AVG\AVG8\avgrsx.exe
K:\PROGRA~1\AVG\AVG8\avgnsx.exe
K:\PROGRA~1\AVG\AVG8\avgemc.exe
K:\WINDOWS\system32\dllhost.exe
K:\WINDOWS\eHome\ehmsas.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\wuauclt.exe
K:\Documents and Settings\Admin\Desktop\cleaner\new\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: {f93f9d2d-ed8c-33a8-c884-8f14bdfcea7a} - {a7aecfdb-41f8-488c-8a33-c8ded2d9f39f} - K:\WINDOWS\system32\osigrcmw.dll (file missing)
O2 - BHO: (no name) - {D13FA558-9DED-4504-96D0-2250287E64F3} - K:\WINDOWS\system32\iiffFvuv.dll (file missing)
O4 - HKLM\..\Run: [ehTray] K:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLA] K:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] K:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "K:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] K:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "K:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "K:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Printkey2000.lnk = K:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Add to WebSite-Watcher - K:\Documents and Settings\Admin\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - K:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: khfGywUK - khfGywUK.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - K:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5851 bytes

uninstall_list

Ad-Aware
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.1
AIM 6
ATI - Software Uninstall Utility
AVG 8.0
BitTornado 0.3.17
Conexant D850 56K V.9x DFVc Modem
Dell Resource CD
DivX Content Uploader
DivX Web Player
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® PRO Network Connections Drivers
K-Lite Mega Codec Pack 3.5.7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
NVIDIA Drivers
Otto
Panda ActiveScan 2.0
PrintKey2000
Roxio DLA
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
SigmaTel Audio
Sonic Encoders
SUPERAntiSpyware Free Edition
TestOut Navigator (Stand-Alone Version)
TextPad 5
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Rollup 2 for Windows XP Media Center Edition 2005
UpdatePatrol 3.1.3
Viewpoint Media Player
WebSite-Watcher 4.31
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
WM Converter 2.0
Xilisoft Video Converter
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

Please let me know if there is anything else.

Attached Thumbnails

  • missing_dlls.gif

  • 0

Advertisements


#2
darkboyz68

darkboyz68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi. Just a quick update.
AVG found a Trojan, its been happening quite a bit now.

I attached a screenshot.

Attached Thumbnails

  • AVG_found_this1.gif

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, if I could have a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
darkboyz68

darkboyz68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
hi Essexboy, dont worry about the delay, i just want to find out whats wrong with my PC.

main.txt


Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-24 20:16:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-06-25 03:16:55 UTC - RP189 - Deckard's System Scanner Restore Point
80: 2008-06-24 15:58:39 UTC - RP188 - System Checkpoint
79: 2008-06-23 15:49:32 UTC - RP187 - Avg8 Update
78: 2008-06-23 08:39:50 UTC - RP186 - System Checkpoint
77: 2008-06-21 16:52:46 UTC - RP185 - Avg8 Update


-- First Restore Point --
1: 2008-06-17 04:57:23 UTC - RP109 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:38 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\svchost.exe
K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
K:\WINDOWS\Explorer.EXE
K:\WINDOWS\ehome\ehtray.exe
K:\WINDOWS\system32\RUNDLL32.EXE
K:\WINDOWS\System32\DLA\DLACTRLW.EXE
K:\PROGRA~1\AVG\AVG8\avgtray.exe
K:\WINDOWS\stsystra.exe
K:\WINDOWS\system32\ctfmon.exe
K:\Program Files\Messenger\msmsgs.exe
K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
K:\WINDOWS\system32\spoolsv.exe
K:\Program Files\PrintKey2000\Printkey2000.exe
K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
K:\WINDOWS\eHome\ehRecvr.exe
K:\WINDOWS\eHome\ehSched.exe
K:\WINDOWS\system32\nvsvc32.exe
K:\Program Files\Viewpoint\Common\ViewpointService.exe
K:\PROGRA~1\AVG\AVG8\avgam.exe
K:\PROGRA~1\AVG\AVG8\avgrsx.exe
K:\PROGRA~1\AVG\AVG8\avgemc.exe
K:\WINDOWS\system32\dllhost.exe
K:\WINDOWS\eHome\ehmsas.exe
K:\WINDOWS\System32\svchost.exe
K:\PROGRA~1\AVG\AVG8\avgnsx.exe
K:\Documents and Settings\Admin\Desktop\cleaner\new\dss.exe
K:\DOCUME~1\Admin\Desktop\cleaner\new\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: {f93f9d2d-ed8c-33a8-c884-8f14bdfcea7a} - {a7aecfdb-41f8-488c-8a33-c8ded2d9f39f} - K:\WINDOWS\system32\osigrcmw.dll (file missing)
O2 - BHO: (no name) - {D13FA558-9DED-4504-96D0-2250287E64F3} - K:\WINDOWS\system32\iiffFvuv.dll (file missing)
O4 - HKLM\..\Run: [ehTray] K:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLA] K:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] K:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "K:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] K:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "K:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "K:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Printkey2000.lnk = K:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Add to WebSite-Watcher - K:\Documents and Settings\Admin\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - K:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: khfGywUK - khfGywUK.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - K:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5803 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SASENUM - k:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 cercsr6 - k:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S1 OMCI - k:\windows\system32\drivers\omci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "k:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-18 21:57:16 0 d-------- K:\Program Files\Panda Security
2008-06-18 19:00:43 0 d-------- K:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-18 18:59:49 0 d-------- K:\Program Files\SUPERAntiSpyware
2008-06-18 18:59:49 0 d-------- K:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-06-18 18:58:55 0 d-------- K:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-18 18:58:53 0 d-------- K:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 18:58:53 0 d-------- K:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 18:58:36 0 d-------- K:\Program Files\Common Files\Download Manager
2008-06-18 00:41:14 0 d-------- K:\Program Files\Lavasoft
2008-06-18 00:41:13 0 d-------- K:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-18 00:40:36 0 d-------- K:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 17:39:05 0 d--h----- K:\$AVG8.VAULT$
2008-06-17 17:01:24 0 d-------- K:\WINDOWS\system32\drivers\Avg
2008-06-17 17:01:09 0 d-------- K:\Program Files\AVG
2008-06-17 17:01:08 0 d-------- K:\Documents and Settings\All Users\Application Data\avg8
2008-06-17 09:06:40 0 d-------- K:\Program Files\Xilisoft
2008-06-16 21:57:13 689647 --ahs---- K:\WINDOWS\system32\vuvFffii.ini2
2008-06-16 21:54:37 0 d-------- K:\Documents and Settings\Admin\Application Data\aignes
2008-06-16 21:52:41 0 d-------- K:\Program Files\WebSite-Watcher
2008-06-15 16:24:53 0 d-------- K:\Program Files\UpdatePatrol
2008-06-15 15:57:46 0 d-------- K:\Documents and Settings\Admin\Application Data\UpdatePatrol
2008-06-15 14:51:09 110592 --a------ K:\WINDOWS\system32\duninstall.exe
2008-06-08 18:29:51 49152 --a------ K:\WINDOWS\system32\TSCCVID.DLL <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2008-06-08 18:27:00 0 d-------- K:\Program Files\TESTOUT


-- Find3M Report ---------------------------------------------------------------

2008-06-18 18:58:36 0 d-------- K:\Program Files\Common Files
2008-06-17 16:17:14 0 d-------- K:\Documents and Settings\Admin\Application Data\Lavasoft
2008-05-05 21:09:23 0 d-------- K:\Program Files\BitTornado
2008-05-02 00:21:22 0 d-------- K:\Program Files\PrintKey2000
2008-04-08 09:22:59 21504 --a------ K:\WINDOWS\jestertb.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7aecfdb-41f8-488c-8a33-c8ded2d9f39f}]
K:\WINDOWS\system32\osigrcmw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D13FA558-9DED-4504-96D0-2250287E64F3}]
K:\WINDOWS\system32\iiffFvuv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="K:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"NvCplDaemon"="K:\WINDOWS\system32\NvCpl.dll" [06/29/2007 01:43 AM]
"nwiz"="nwiz.exe" [06/29/2007 01:43 AM K:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="K:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 01:43 AM]
"DLA"="K:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 06:20 AM]
"AVG8_TRAY"="K:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/21/2008 09:52 AM]
"Zune Launcher"="K:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 10:51 PM]
"SigmatelSysTrayApp"="stsystra.exe" [07/27/2006 02:19 PM K:\WINDOWS\stsystra.exe]
"KernelFaultCheck"="K:\WINDOWS\system32\dumprep 0 -k" []
"AVG7_CC"="K:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"Adobe Reader Speed Launcher"="K:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"!AVG Anti-Spyware"="K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="K:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 AM]
"MSMSGS"="K:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"Aim6"="" []
"SUPERAntiSpyware"="K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/18/2008 08:19 PM]

K:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Printkey2000.lnk - K:\Program Files\PrintKey2000\Printkey2000.exe [5/2/2008 12:19:32 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=K:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=K:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= K:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/18/2008 08:19 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/18/2008 08:19 PM 294912 K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGywUK]
khfGywUK.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 K:\WINDOWS\system32\iiffFvuv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-24 20:18:08 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 15%
Physical Memory (total/avail): 3326.07 MiB / 2826.91 MiB
Pagefile Memory (total/avail): 5209.65 MiB / 4766.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.98 MiB

D: is Fixed (NTFS) - 465.76 GiB total, 57.02 GiB free.
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is Fixed (NTFS) - 149 GiB total, 114.53 GiB free.
L: is CDROM (No Media)
M: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-75NCB1 - 149.01 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149 GiB - K:

\\.\PHYSICALDRIVE1 - WDC WD5000AAKS-00YGA0 - 465.76 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 465.76 GiB - D:

\\.\PHYSICALDRIVE2 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE5 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"K:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"="K:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe:*:Disabled:TestOut Navigator"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"K:\\Program Files\\Messenger\\msmsgs.exe"="K:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"K:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="K:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"K:\\Program Files\\BitTornado\\btdownloadgui.exe"="K:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"K:\\Program Files\\AIM6\\aim6.exe"="K:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"K:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"="K:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe:*:Disabled:TestOut Navigator"
"K:\\Program Files\\AVG\\AVG8\\avgupd.exe"="K:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"K:\\Program Files\\AVG\\AVG8\\avgemc.exe"="K:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"K:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="K:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=K:\Documents and Settings\All Users
APPDATA=K:\Documents and Settings\Admin\Application Data
CLIENTNAME=Console
CommonProgramFiles=K:\Program Files\Common Files
COMPUTERNAME=PAYAMA
ComSpec=K:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=K:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\PAYAMA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=K:\WINDOWS\system32;K:\WINDOWS;K:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=K:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=K:
SystemRoot=K:\WINDOWS
TEMP=K:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=K:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=PAYAMA
USERNAME=Admin
USERPROFILE=K:\Documents and Settings\Admin
windir=K:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

Admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> K:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 K:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> K:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AIM 6 --> K:\Program Files\AIM6\uninst.exe
ATI - Software Uninstall Utility --> K:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
AVG 8.0 --> K:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitTornado 0.3.17 --> K:\Program Files\BitTornado\uninst.exe
Conexant D850 56K V.9x DFVc Modem --> K:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Resource CD --> MsiExec.exe /X{2764CA82-DFB9-4498-AF85-719340BF5305}
DivX Content Uploader --> K:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> K:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GemMaster Mystic --> "K:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB835221 --> K:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "K:\Documents and Settings\Admin\Desktop\cleaner\new\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "K:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
K-Lite Mega Codec Pack 3.5.7 --> "K:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware --> "K:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "K:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "K:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "K:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "K:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection K:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Move Networks Media Player for Internet Explorer --> K:\Documents and Settings\Admin\Application Data\Move Networks\ie_bin\Uninst.exe
NVIDIA Drivers --> K:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Otto --> "K:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan 2.0 --> K:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PrintKey2000 --> K:\PROGRA~1\PRINTK~1\UNWISE.EXE K:\PROGRA~1\PRINTK~1\INSTALL.LOG
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
SigmaTel Audio --> RunDll32 K:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TestOut Navigator (Stand-Alone Version) --> K:\Program Files\TESTOUT\UNWISE32.EXE
TextPad 5 --> MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> K:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
UpdatePatrol 3.1.3 --> "K:\Program Files\UpdatePatrol\unins000.exe"
Viewpoint Media Player --> K:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebSite-Watcher 4.31 --> "K:\Program Files\WebSite-Watcher\unins000.exe"
Windows Media Format 11 runtime --> "K:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "K:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> K:\Program Files\WinRAR\uninstall.exe
WM Converter 2.0 --> K:\Program Files\WM Converter\Uninstal.exe
Xilisoft Video Converter --> K:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}
Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1158 / Error
Event Submitted/Written: 06/24/2008 08:35:25 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 284671649.

Event Record #/Type1157 / Error
Event Submitted/Written: 06/24/2008 08:35:23 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mplayerc.exe, version 6.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1156 / Error
Event Submitted/Written: 06/24/2008 08:34:57 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 127211195.

Event Record #/Type1155 / Error
Event Submitted/Written: 06/24/2008 08:34:56 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1112 / Error
Event Submitted/Written: 06/18/2008 06:39:35 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 796309597.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2971 / Warning
Event Submitted/Written: 06/24/2008 08:02:32 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2970 / Warning
Event Submitted/Written: 06/23/2008 08:02:34 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2969 / Warning
Event Submitted/Written: 06/22/2008 08:02:32 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2944 / Warning
Event Submitted/Written: 06/21/2008 08:02:32 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2942 / Warning
Event Submitted/Written: 06/20/2008 08:21:51 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-06-24 20:18:08 ------------
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then lets start cleaning you up. This will be a long fix so I would recommend copying to a text file for reference

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: {f93f9d2d-ed8c-33a8-c884-8f14bdfcea7a} - {a7aecfdb-41f8-488c-8a33-c8ded2d9f39f} - K:\WINDOWS\system32\osigrcmw.dll (file missing)
O2 - BHO: (no name) - {D13FA558-9DED-4504-96D0-2250287E64F3} - K:\WINDOWS\system32\iiffFvuv.dll (file missing)
O20 - Winlogon Notify: khfGywUK - khfGywUK.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

NEXT

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    K:\WINDOWS\system32\vuvFffii.ini2
    K:\WINDOWS\jestertb.dll
    K:\WINDOWS\system32\osigrcmw.dll
    K:\WINDOWS\system32\iiffFvuv.dll
    K:\WINDOWS\system32\khfGywUK.dll 
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log and the OTMoveit report.
  • 0

#6
darkboyz68

darkboyz68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Sorry for the delay Essexboy, i was out of town, will get this done soon.
  • 0

#7
darkboyz68

darkboyz68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hello Essexboy, heres the logs you requested.
Please note, i ran Combofix before installing the Recover Console.
I did install Recover Console afterwards.
My PC booted fine though.

ComboFix HERE:

ComboFix 08-06-20.4 - Admin 2008-06-30 22:23:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2846 [GMT -7:00]
Running from: K:\Documents and Settings\Admin\Desktop\cleaner\new\06252008 fix\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

K:\setup.exe
K:\WINDOWS\BMe3a46a0c.xml
K:\WINDOWS\pskt.ini
K:\WINDOWS\system32\obibunko.ini
K:\WINDOWS\system32\vcwrkows.ini
K:\WINDOWS\system32\vuvFffii.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 22:17 . 2008-06-30 22:17 <DIR> d-------- K:\_OTMoveIt
2008-06-30 21:41 . 2008-06-30 21:41 <DIR> d-------- K:\Program Files\ERUNT
2008-06-24 20:16 . 2008-06-24 20:16 <DIR> d-------- K:\Deckard
2008-06-18 21:57 . 2008-06-18 21:57 <DIR> d-------- K:\Program Files\Panda Security
2008-06-18 19:00 . 2008-06-18 19:00 <DIR> d-------- K:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-18 18:59 . 2008-06-18 20:19 <DIR> d-------- K:\Program Files\SUPERAntiSpyware
2008-06-18 18:59 . 2008-06-18 18:59 <DIR> d-------- K:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-06-18 18:58 . 2008-06-18 18:58 <DIR> d-------- K:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 18:58 . 2008-06-18 18:58 <DIR> d-------- K:\Program Files\Common Files\Download Manager
2008-06-18 18:58 . 2008-06-18 18:58 <DIR> d-------- K:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 18:58 . 2008-06-18 18:58 <DIR> d-------- K:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-18 18:58 . 2008-06-10 19:02 34,296 --a------ K:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 18:58 . 2008-06-10 19:02 15,864 --a------ K:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 00:41 . 2008-06-18 00:41 <DIR> d-------- K:\Program Files\Lavasoft
2008-06-18 00:41 . 2008-06-18 00:46 <DIR> d-------- K:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-18 00:40 . 2008-06-18 18:59 <DIR> d-------- K:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 17:39 . 2008-06-17 23:32 <DIR> d--h----- K:\$AVG8.VAULT$
2008-06-17 17:01 . 2008-06-30 09:39 <DIR> d-------- K:\WINDOWS\system32\drivers\Avg
2008-06-17 17:01 . 2008-06-17 17:01 <DIR> d-------- K:\Program Files\AVG
2008-06-17 17:01 . 2008-06-17 17:01 <DIR> d-------- K:\Documents and Settings\All Users\Application Data\avg8
2008-06-17 17:01 . 2008-06-21 09:52 96,520 --a------ K:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-17 17:01 . 2008-06-21 09:52 76,040 --a------ K:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-17 17:01 . 2008-06-21 09:52 12,936 --a------ K:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-17 17:01 . 2008-06-21 09:52 10,520 --a------ K:\WINDOWS\system32\avgrsstx.dll
2008-06-17 09:06 . 2008-06-17 09:06 <DIR> d-------- K:\Program Files\Xilisoft
2008-06-16 21:54 . 2008-06-16 21:54 <DIR> d-------- K:\Documents and Settings\Admin\Application Data\aignes
2008-06-16 21:52 . 2008-06-16 21:59 <DIR> d-------- K:\Program Files\WebSite-Watcher
2008-06-15 16:24 . 2008-06-15 16:24 <DIR> d-------- K:\Program Files\UpdatePatrol
2008-06-15 15:57 . 2008-06-24 20:15 <DIR> d-------- K:\Documents and Settings\Admin\Application Data\UpdatePatrol
2008-06-15 14:51 . 2008-06-15 14:51 110,592 --a------ K:\WINDOWS\system32\duninstall.exe
2008-06-15 14:51 . 2008-06-15 14:51 56 --a------ K:\WINDOWS\1.31
2008-06-11 19:35 . 2008-06-11 19:35 102,400 --a------ K:\WINDOWS\system32\SampleGrabber.ax
2008-06-10 17:49 . 2008-06-13 06:10 272,128 --------- K:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 17:49 . 2008-06-13 06:10 272,128 -----c--- K:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 18:29 . 1999-12-16 00:01 49,152 --a------ K:\WINDOWS\system32\TSCCVID.DLL
2008-06-08 18:27 . 2008-06-10 01:31 <DIR> d-------- K:\Program Files\TESTOUT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 23:17 --------- d-----w K:\Documents and Settings\Admin\Application Data\Lavasoft
2008-06-17 23:15 --------- d-----w K:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-15 19:44 --------- d-----w K:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 18:58 12,632 ----a-w K:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w K:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w K:\WINDOWS\system32\quartz.dll
2008-05-06 04:09 --------- d-----w K:\Program Files\BitTornado
2008-05-02 07:21 --------- d-----w K:\Program Files\PrintKey2000
2008-05-01 04:14 45,456 ----a-w K:\befw11s4v3.2_SetupWiz.exe
2008-05-01 04:13 757,760 ----a-w K:\befw11s4v3.2_v1.45.10_fw.bin
2008-04-23 04:16 826,368 ----a-w K:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="K:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"Aim6"="" []
"SUPERAntiSpyware"="K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-18 20:19 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="K:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"NvCplDaemon"="K:\WINDOWS\system32\NvCpl.dll" [2007-06-29 01:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 01:43 1626112 K:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="K:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 01:43 81920]
"DLA"="K:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 06:20 122940]
"AVG8_TRAY"="K:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-21 09:52 1231128]
"Zune Launcher"="K:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 22:51 166304]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 14:19 282624 K:\WINDOWS\stsystra.exe]
"AVG7_CC"="K:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [ ]
"Adobe Reader Speed Launcher"="K:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"!AVG Anti-Spyware"="K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

K:\Documents and Settings\Admin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - K:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]

K:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Printkey2000.lnk - K:\Program Files\PrintKey2000\Printkey2000.exe [2008-05-02 00:19:32 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= K:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= K:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= K:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-18 20:19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-18 20:19 294912 K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"vidc.tscc"= tsccvid.dll 0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"K:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"K:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"K:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"K:\\Program Files\\AIM6\\aim6.exe"=
"K:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"K:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"K:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"K:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;K:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-21 09:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;K:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 09:52]
R2 avg8emc;AVG8 E-mail Scanner;K:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-21 09:52]
R2 avg8wd;AVG8 WatchDog;K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 09:52]
R2 AvgTdiX;AVG8 Network Redirector;K:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 09:52]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"K:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R2 zumbus;Zune Bus Enumerator Driver;K:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
S4 ZuneBusEnum;Zune Bus Enumerator;K:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 22:51]
S4 ZuneWlanCfgSvc;Zune Wireless Configuration Service;K:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 22:26:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 22:26:56
ComboFix-quarantined-files.txt 2008-07-01 05:26:47

Pre-Run: 122,666,483,712 bytes free
Post-Run: 122,916,290,560 bytes free

156 --- E O F --- 2008-06-20 01:40:50



OTMoveIt2 Results:

K:\WINDOWS\system32\vuvFffii.ini2 moved successfully.
DllUnregisterServer procedure not found in K:\WINDOWS\jestertb.dll
K:\WINDOWS\jestertb.dll NOT unregistered.
K:\WINDOWS\jestertb.dll moved successfully.
File/Folder K:\WINDOWS\system32\osigrcmw.dll not found.
File/Folder K:\WINDOWS\system32\iiffFvuv.dll not found.
File/Folder K:\WINDOWS\system32\khfGywUK.dll not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06302008_221700



Hijackthis HERE:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:06 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\svchost.exe
K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
K:\WINDOWS\Explorer.EXE
K:\WINDOWS\system32\spoolsv.exe
K:\WINDOWS\ehome\ehtray.exe
K:\WINDOWS\system32\RUNDLL32.EXE
K:\WINDOWS\System32\DLA\DLACTRLW.EXE
K:\WINDOWS\stsystra.exe
K:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
K:\WINDOWS\system32\ctfmon.exe
K:\Program Files\PrintKey2000\Printkey2000.exe
K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
K:\WINDOWS\eHome\ehRecvr.exe
K:\WINDOWS\eHome\ehSched.exe
K:\WINDOWS\system32\nvsvc32.exe
K:\Program Files\Viewpoint\Common\ViewpointService.exe
K:\PROGRA~1\AVG\AVG8\avgam.exe
K:\PROGRA~1\AVG\AVG8\avgrsx.exe
K:\PROGRA~1\AVG\AVG8\avgnsx.exe
K:\PROGRA~1\AVG\AVG8\avgemc.exe
K:\WINDOWS\system32\dllhost.exe
K:\WINDOWS\eHome\ehmsas.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\wuauclt.exe
K:\Documents and Settings\Admin\Desktop\cleaner\new\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [ehTray] K:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLA] K:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] K:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "K:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] K:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "K:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = K:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Printkey2000.lnk = K:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Add to WebSite-Watcher - K:\Documents and Settings\Admin\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - K:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - K:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5327 bytes
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That does not look to bad I will do a deep scan now

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - Disabled MS Config Items
    • File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP