Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo i think [RESOLVED]

Started by iamallama , Jun 30 2008 08:22 PM

  • This topic is locked This topic is locked

#1
iamallama
Posted 30 June 2008 - 08:22 PM

iamallama

    Member

  • Member
  • PipPip
  • 17 posts
I think i have the Vundo trojan, my have all the symptoms of it and i cant seem to get rid of it. I have done some deleting of files myself but it still seems to be here (the symptoms at least)

I did a VundoFix scan and it found nothing, same with VirtumundoBeGone

Heres my hijackthis log, Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:11 PM, on 6/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {97546F19-85BC-457B-B708-996DBB2F887A} - C:\WINDOWS\system32\geBuSKDT.dll
O2 - BHO: (no name) - {D647FEE2-A29C-4E06-8EEF-CC087029B431} - (no file)
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\tknepbmf.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to KEYHOLD.lnk = C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe
O4 - Startup: Shortcut to StealthBot v2.6R3.lnk = C:\Program Files\StealthBot\StealthBot v2.6R3.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211919850811
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: xxywVoLe - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8969 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 01 July 2008 - 12:56 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.
  • 0

#3
iamallama
Posted 02 July 2008 - 12:51 AM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I have zipped the .run file

thank you

Attached Files


  • 0

#4
Rorschach112
Posted 02 July 2008 - 06:09 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • Click on the "Item Fixer" tab
  • You will notice several entries with a tick in red, click Fix checked.
  • Accept the warning then repeat until they are all gone.




Reboot and do this


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
iamallama
Posted 02 July 2008 - 02:50 PM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Deckard's System Scanner v20071014.68
Run by Jay on 2008-07-02 16:33:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-02 20:33:42 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jay.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:07 PM, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jay\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jay.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {78E42A3F-B9A2-47A4-89DB-D63FD4CDD14D} - (no file)
O2 - BHO: (no name) - {EAECE85D-1DC7-4ED9-ACB7-D30DE973EAA7} - C:\WINDOWS\system32\geBuSKDT.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\tknepbmf.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to KEYHOLD.lnk = C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe
O4 - Startup: Shortcut to StealthBot v2.6R3.lnk = C:\Program Files\StealthBot\StealthBot v2.6R3.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211919850811
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8784 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080627-203628-782 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080627-203629-299 O20 - Winlogon Notify: xxywVoLe - C:\WINDOWS\SYSTEM32\xxywVoLe.dll
backup-20080627-203629-529 O2 - BHO: {c149ec7e-d997-2868-6334-d38d6b1cf93c} - {c39fc1b6-d83d-4336-8682-799de7ce941c} - C:\WINDOWS\system32\baqcyw.dll
backup-20080627-203629-545 O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\tbukrcbu.dll",s
backup-20080627-203629-551 O4 - HKLM\..\Run: [cc4ef04b] rundll32.exe "C:\WINDOWS\system32\gqdtcyfx.dll",b
backup-20080627-203629-574 O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\xxywVoLe.dll
backup-20080627-203629-750 O2 - BHO: (no name) - {53F27B08-B1B7-42CE-A6BC-3988D91E9B11} - C:\WINDOWS\system32\wvUmMEur.dll
backup-20080627-203629-751 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080627-203629-882 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080627-203741-411 O20 - Winlogon Notify: xxywVoLe - C:\WINDOWS\SYSTEM32\xxywVoLe.dll
backup-20080627-205012-352 O2 - BHO: (no name) - {53F27B08-B1B7-42CE-A6BC-3988D91E9B11} - (no file)
backup-20080628-011950-522 O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\rweusnat.dll",s
backup-20080628-011950-947 O4 - HKLM\..\Run: [cc4ef04b] rundll32.exe "C:\WINDOWS\system32\ofqrysyi.dll",b
backup-20080628-012105-899 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20080629-004757-132 O2 - BHO: (no name) - {F03081EF-9785-4A20-91CA-88B6C741FF17} - C:\WINDOWS\system32\geBuSKDT.dll
backup-20080629-004757-206 O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\xxywVoLe.dll
backup-20080629-004757-380 O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\eslxafln.dll",s
backup-20080629-004757-462 O2 - BHO: (no name) - {435F1A75-04A7-497D-988B-E4F5B70C88C3} - (no file)
backup-20080629-004757-640 O20 - Winlogon Notify: xxywVoLe - C:\WINDOWS\SYSTEM32\xxywVoLe.dll
backup-20080629-004757-647 O4 - HKLM\..\Run: [cc4ef04b] rundll32.exe "C:\WINDOWS\system32\ompneoee.dll",b
backup-20080629-004757-662 O2 - BHO: (no name) - {AC473988-1940-40D6-B350-A6EF26981ED6} - C:\WINDOWS\system32\ivvfdjea.dll
backup-20080629-004757-852 O2 - BHO: (no name) - {DE6EF1A9-9BBF-4BB7-B678-80D98FDF5CC1} - C:\WINDOWS\system32\tuvwUMDU.dll (file missing)
backup-20080630-191753-101 O20 - Winlogon Notify: xxywVoLe - xxywVoLe.dll (file missing)
backup-20080630-191753-287 O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\tknepbmf.dll",s
backup-20080630-191753-643 O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\xxywVoLe.dll (file missing)
backup-20080630-191753-891 O2 - BHO: (no name) - {F03081EF-9785-4A20-91CA-88B6C741FF17} - (no file)
backup-20080630-191838-784 O2 - BHO: (no name) - {1AD42469-31B7-42F7-AD55-5250A95A92D5} - C:\WINDOWS\system32\geBuSKDT.dll
backup-20080630-191900-835 O2 - BHO: (no name) - {1AD42469-31B7-42F7-AD55-5250A95A92D5} - C:\WINDOWS\system32\geBuSKDT.dll
backup-20080630-210123-124 O2 - BHO: (no name) - {52081714-93E0-48FF-B15F-38303664F2B2} - (no file)
backup-20080630-210123-613 O2 - BHO: (no name) - {1AD42469-31B7-42F7-AD55-5250A95A92D5} - (no file)
backup-20080630-210123-904 O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\tknepbmf.dll",s

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys <Not Verified; ; ATK0110 ACPI Utility>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: DISPLAY\NTATIVRV01\5&1AA089F0&0&80000008&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVRV01\5&1AA089F0&0&80000008&01&00
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-02 15:29:59 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 02:35:22 81408 --a------ C:\WINDOWS\system32\ablyhrwm.dll
2008-07-02 02:33:23 103424 --a------ C:\WINDOWS\system32\drjtxl.dll
2008-07-02 02:33:21 103424 --a------ C:\WINDOWS\system32\hiabjous.dll
2008-07-02 02:33:13 90624 --a------ C:\WINDOWS\system32\gtpcpxrs.dll
2008-06-30 21:05:45 0 d-------- C:\VundoFix Backups
2008-06-30 19:16:07 81920 --a------ C:\WINDOWS\system32\icwgoxna.dll
2008-06-30 19:14:06 103424 --a------ C:\WINDOWS\system32\aopejj.dll
2008-06-30 19:14:05 103424 --a------ C:\WINDOWS\system32\ucdhhhme.dll
2008-06-30 19:13:57 91136 --a------ C:\WINDOWS\system32\tknepbmf.dll
2008-06-29 00:50:16 0 d-------- C:\!KillBox
2008-06-28 02:35:46 529113 --ahs---- C:\WINDOWS\system32\TDKSuBeg.ini2
2008-06-28 02:35:40 319488 -----n--- C:\WINDOWS\system32\geBuSKDT.dll
2008-06-28 00:49:45 529445 --ahs---- C:\WINDOWS\system32\UDMUwvut.ini2
2008-06-27 23:19:43 529981 --ahs---- C:\WINDOWS\system32\SvFLlUtv.ini2
2008-06-27 20:32:56 0 d-------- C:\Program Files\Trend Micro
2008-06-27 20:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-27 20:29:05 0 d-------- C:\Program Files\Security Task Manager
2008-06-27 19:59:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 19:54:30 0 d-------- C:\Program Files\MSXML 4.0
2008-06-26 15:40:03 531519 --ahs---- C:\WINDOWS\system32\ruEMmUvw.ini2
2008-06-26 15:22:44 0 d-------- C:\Documents and Settings\Jay\Application Data\Nero
2008-06-26 15:17:50 0 d-------- C:\Program Files\Nero
2008-06-26 15:17:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-26 15:17:49 0 d-------- C:\Program Files\Common Files\Nero
2008-06-26 15:08:13 0 d-------- C:\WINDOWS\CAVTemp
2008-06-26 14:40:34 0 d-------- C:\Program Files\Total Video Converter
2008-06-25 13:49:11 0 dr-h----- C:\Documents and Settings\Jay\Recent
2008-06-25 11:50:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-24 21:11:10 0 d-------- C:\Program Files\CCleaner
2008-06-24 21:09:46 0 d-------- C:\Program Files\Yahoo!
2008-06-22 20:37:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-22 20:37:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-21 00:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-06-21 00:18:13 0 d-------- C:\Program Files\CA
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-20 13:21:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-20 13:21:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-20 13:21:20 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-20 13:21:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-20 13:21:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-20 13:21:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-20 13:18:59 0 d--hs---- C:\WINDOWS\CSC
2008-06-16 21:07:03 0 d-------- C:\Documents and Settings\Jay\Application Data\Audacity
2008-06-16 21:06:52 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-06-16 21:03:37 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-16 20:58:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrium
2008-06-16 20:57:40 0 d-------- C:\Program Files\Macrium
2008-06-16 20:56:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-14 19:20:11 0 d-------- C:\Program Files\ATITool
2008-06-10 23:28:08 0 d-------- C:\WINDOWS\Sun
2008-06-10 20:25:52 0 d-------- C:\Documents and Settings\All Users\Application Data\JCreator
2008-06-10 20:25:51 0 d-------- C:\Documents and Settings\Jay\Application Data\JCreator
2008-06-10 20:21:36 0 d-------- C:\Program Files\Xinox Software
2008-06-10 20:21:09 0 d-------- C:\Documents and Settings\Jay\.SunDownloadManager
2008-06-10 18:44:14 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-10 18:44:14 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-10 18:44:13 0 d-------- C:\Program Files\Cheat Engine
2008-06-08 19:23:39 0 d-------- C:\Program Files\HOLDMYREALKEY
2008-06-07 13:01:04 0 d-------- C:\Program Files\RocketDock
2008-06-02 17:02:05 0 d-------- C:\Documents and Settings\Jay\Application Data\vlc
2008-06-02 17:00:53 0 d-------- C:\Program Files\VideoLAN
2008-06-02 15:29:55 0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2008-07-02 02:32:04 0 d-------- C:\Program Files\Warcraft III
2008-06-30 20:32:16 0 d-------- C:\Program Files\Messenger
2008-06-30 20:32:15 0 d-------- C:\Program Files\FrostWire
2008-06-30 20:24:45 77514 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 16:05:06 0 d-------- C:\Documents and Settings\Jay\Application Data\Azureus
2008-06-26 15:17:49 0 d-------- C:\Program Files\Common Files
2008-06-22 20:58:00 0 d-------- C:\Documents and Settings\Jay\Application Data\Adobe
2008-06-22 18:50:45 0 d-------- C:\Program Files\Steam
2008-06-19 18:40:04 0 d-------- C:\Program Files\Azureus
2008-06-09 18:25:26 0 d-------- C:\Documents and Settings\Jay\Application Data\Ventrilo
2008-06-08 19:31:41 0 d-------- C:\Program Files\StealthBot
2008-06-02 16:56:29 0 d-------- C:\Documents and Settings\Jay\Application Data\Apple Computer
2008-06-01 22:23:53 0 d-------- C:\Documents and Settings\Jay\Application Data\FrostWire
2008-05-31 12:42:50 0 d-------- C:\Program Files\VentSrv
2008-05-31 12:39:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 23:33:35 0 d-------- C:\Documents and Settings\Jay\Application Data\Logitech
2008-05-29 23:29:32 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-29 23:29:20 0 d-------- C:\Program Files\Logitech
2008-05-29 23:29:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 02:24:57 0 d-------- C:\Program Files\Microsoft Works
2008-05-28 02:24:42 0 d-------- C:\Program Files\MSBuild
2008-05-28 02:23:14 0 d-------- C:\Program Files\Microsoft.NET
2008-05-28 02:20:53 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-27 22:52:09 0 d-------- C:\Documents and Settings\Jay\Application Data\Macromedia
2008-05-27 21:16:29 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 20:47:51 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-27 20:47:51 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-27 20:30:20 0 d-------- C:\Program Files\Java
2008-05-27 20:15:49 0 d-------- C:\Program Files\Creative
2008-05-27 20:15:07 0 d-------- C:\Program Files\Analog Devices
2008-05-27 20:07:26 0 d-------- C:\Program Files\WinPcap
2008-05-27 20:00:29 0 d-------- C:\Program Files\Common Files\Java
2008-05-27 19:59:23 0 d-------- C:\Documents and Settings\Jay\Application Data\Sun
2008-05-27 19:51:29 0 d-------- C:\Program Files\iTunes
2008-05-27 19:41:24 0 d-------- C:\Program Files\Ventrilo
2008-05-27 18:37:45 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-27 18:31:05 0 d-------- C:\Documents and Settings\Jay\Application Data\ViStart
2008-05-27 18:25:05 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-27 18:24:13 0 d-------- C:\Documents and Settings\Jay\Application Data\WinRAR
2008-05-27 18:15:00 0 d-------- C:\Program Files\Windows Live
2008-05-27 18:14:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 18:03:55 0 d-------- C:\Program Files\iPod
2008-05-27 18:03:38 0 d-------- C:\Program Files\Bonjour
2008-05-27 18:03:33 0 d-------- C:\Program Files\QuickTime
2008-05-27 18:02:40 0 d-------- C:\Program Files\Common Files\Apple
2008-05-27 18:00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 18:00:51 0 d-------- C:\Documents and Settings\Jay\Application Data\Mozilla
2008-05-27 17:50:34 0 d-------- C:\Program Files\Movie Maker
2008-05-27 17:48:13 0 d-------- C:\Program Files\Windows NT
2008-05-27 17:15:56 0 d-------- C:\Program Files\Marvell
2008-05-27 17:14:43 0 d-------- C:\Documents and Settings\Jay\Application Data\Identities
2008-05-27 17:10:11 0 d-------- C:\Program Files\microsoft frontpage
2008-05-27 17:09:50 0 -rahs---- C:\MSDOS.SYS
2008-05-27 17:09:50 0 -rahs---- C:\IO.SYS
2008-05-27 17:09:50 0 --a------ C:\CONFIG.SYS
2008-05-27 17:09:50 0 --a------ C:\AUTOEXEC.BAT
2008-05-27 17:08:48 0 d-------- C:\Program Files\Online Services
2008-05-27 17:07:43 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-27 17:07:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-27 17:06:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-27 16:26:01 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-27 16:22:39 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 16:18:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 16:17:08 0 d-------- C:\Documents and Settings\Jay\Application Data\MSN6
2008-05-27 16:16:53 0 d-------- C:\Program Files\Intel
2008-05-27 12:02:10 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-27 12:02:07 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-27 12:01:41 62 --ahs---- C:\Documents and Settings\Jay\Application Data\desktop.ini
2008-05-12 11:49:00 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78E42A3F-B9A2-47A4-89DB-D63FD4CDD14D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAECE85D-1DC7-4ED9-ACB7-D30DE973EAA7}]
06/28/2008 02:35 AM 319488 --------- C:\WINDOWS\system32\geBuSKDT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [05/03/2005 07:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/29/2008 12:37 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 10:07 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:25 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 01:42 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"BMcf7dc3d7"="C:\WINDOWS\system32\tknepbmf.dll" [06/30/2008 07:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\
Shortcut to KEYHOLD.lnk - C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe [6/8/2008 7:24:08 PM]
Shortcut to StealthBot v2.6R3.lnk - C:\Program Files\StealthBot\StealthBot v2.6R3.exe [4/19/2005 12:53:30 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5/29/2008 11:29:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBuSKDT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf7dc3d7]
Rundll32.exe "C:\WINDOWS\system32\tbukrcbu.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8756 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-02 16:45:59 ------------
  • 0

#6
iamallama
Posted 02 July 2008 - 02:51 PM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1023.23 MiB / 572.99 MiB
Pagefile Memory (total/avail): 2460.74 MiB / 2114.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.53 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 15.87 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC35L060AVV207-0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jay\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAY-YAPIBZLAGU1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jay
LOGONSERVER=\\JAY-YAPIBZLAGU1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jay\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jay\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=JAY-YAPIBZLAGU1
USERNAME=Jay
USERPROFILE=C:\Documents and Settings\Jay
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jay (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C607218C-E913-46AC-AFB1-B6B3E99ED068}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C607218C-E913-46AC-AFB1-B6B3E99ED068}\Setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
Audacity 1.3.5 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CA Anti-Virus --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.4 --> "C:\Program Files\Cheat Engine\unins000.exe"
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Digital Audio MB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JCreator LE 4.50 --> "C:\Program Files\Xinox Software\JCreatorV4LE\unins000.exe"
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macrium Reflect --> MsiExec.exe /I{C5F0348A-EE3A-4FBE-811F-30040AA2222E}
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Security Task Manager 1.7f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StealthBot v2.6 Revision 3 (remove only) --> "C:\Program Files\StealthBot\uninst.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1495 / Error
Event Submitted/Written: 07/02/2008 04:26:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application stealthbot v2.6r3.exe, version 2.6.0.20, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [stealthbot v2.6r3.exe!ws!]

Event Record #/Type1494 / Error
Event Submitted/Written: 07/02/2008 04:26:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application keyhold.exe, version 2.6.0.20, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [keyhold.exe!ws!]

Event Record #/Type1485 / Success
Event Submitted/Written: 07/02/2008 11:18:09 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1478 / Error
Event Submitted/Written: 07/02/2008 02:46:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1462 / Success
Event Submitted/Written: 07/01/2008 11:30:56 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4091 / Error
Event Submitted/Written: 07/02/2008 04:30:14 PM / 07/02/2008 04:30:44 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type4075 / Error
Event Submitted/Written: 07/02/2008 11:20:33 AM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BA0A81B4-707D-4306-95D2-65F2E5264F86}.
The backup browser is stopping.

Event Record #/Type4070 / Warning
Event Submitted/Written: 07/02/2008 11:17:08 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\YOUR-F2BCRPRMNP on the network \Device\NetBT_Tcpip_{BA0A81B4-707D-4306-95D2-65F2E5264F86}.
The data is the error code.

Event Record #/Type4052 / Error
Event Submitted/Written: 07/02/2008 11:15:06 AM / 07/02/2008 11:15:36 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type4041 / Error
Event Submitted/Written: 07/02/2008 02:32:07 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type



-- End of Deckard's System Scanner: finished at 2008-07-02 16:45:59 ------------
  • 0

#7
Rorschach112
Posted 02 July 2008 - 03:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\ablyhrwm.dll
C:\WINDOWS\system32\drjtxl.dll
C:\WINDOWS\system32\hiabjous.dll
C:\WINDOWS\system32\gtpcpxrs.dll
C:\VundoFix Backups
C:\WINDOWS\system32\icwgoxna.dll
C:\WINDOWS\system32\aopejj.dll
C:\WINDOWS\system32\ucdhhhme.dll
C:\WINDOWS\system32\tknepbmf.dll
C:\!KillBox
C:\WINDOWS\system32\TDKSuBeg.ini2
C:\WINDOWS\system32\geBuSKDT.dll
C:\WINDOWS\system32\UDMUwvut.ini2
C:\WINDOWS\system32\SvFLlUtv.ini2
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

#8
iamallama
Posted 02 July 2008 - 03:14 PM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ablyhrwm.dll
C:\WINDOWS\system32\ablyhrwm.dll NOT unregistered.
C:\WINDOWS\system32\ablyhrwm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\drjtxl.dll
C:\WINDOWS\system32\drjtxl.dll NOT unregistered.
C:\WINDOWS\system32\drjtxl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hiabjous.dll
C:\WINDOWS\system32\hiabjous.dll NOT unregistered.
C:\WINDOWS\system32\hiabjous.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gtpcpxrs.dll
C:\WINDOWS\system32\gtpcpxrs.dll NOT unregistered.
C:\WINDOWS\system32\gtpcpxrs.dll moved successfully.
C:\VundoFix Backups moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\icwgoxna.dll
C:\WINDOWS\system32\icwgoxna.dll NOT unregistered.
C:\WINDOWS\system32\icwgoxna.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aopejj.dll
C:\WINDOWS\system32\aopejj.dll NOT unregistered.
C:\WINDOWS\system32\aopejj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ucdhhhme.dll
C:\WINDOWS\system32\ucdhhhme.dll NOT unregistered.
C:\WINDOWS\system32\ucdhhhme.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tknepbmf.dll
C:\WINDOWS\system32\tknepbmf.dll NOT unregistered.
C:\WINDOWS\system32\tknepbmf.dll moved successfully.
C:\!KillBox\Logs moved successfully.
C:\!KillBox moved successfully.
C:\WINDOWS\system32\TDKSuBeg.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\geBuSKDT.dll
C:\WINDOWS\system32\geBuSKDT.dll NOT unregistered.
C:\WINDOWS\system32\geBuSKDT.dll moved successfully.
C:\WINDOWS\system32\UDMUwvut.ini2 moved successfully.
C:\WINDOWS\system32\SvFLlUtv.ini2 moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF1381.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF1E88.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF6F3D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF7068.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF73C8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF859A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0125f.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01265.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_170814

Files moved on Reboot...
File C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF1381.tmp not found!
File C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF1E88.tmp not found!
File C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF6F3D.tmp not found!
File C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF7068.tmp not found!
C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF73C8.tmp moved successfully.
C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF859A.tmp moved successfully.
File C:\WINDOWS\temp\ZLT0125f.TMP not found!
File C:\WINDOWS\temp\ZLT01265.TMP not found!
  • 0

#9
Rorschach112
Posted 02 July 2008 - 03:39 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post a new DSS log
  • 0

#10
iamallama
Posted 02 July 2008 - 04:37 PM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Deckard's System Scanner v20071014.68
Run by Jay on 2008-07-02 18:10:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jay.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:31 PM, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Documents and Settings\Jay\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jay.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {78E42A3F-B9A2-47A4-89DB-D63FD4CDD14D} - (no file)
O2 - BHO: (no name) - {EAECE85D-1DC7-4ED9-ACB7-D30DE973EAA7} - (no file)
O2 - BHO: (no name) - {F074A196-2027-4C35-8F37-7979D9A5FD2E} - C:\WINDOWS\system32\geBuSKDT.dll (file missing)
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\tknepbmf.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to KEYHOLD.lnk = C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe
O4 - Startup: Shortcut to StealthBot v2.6R3.lnk = C:\Program Files\StealthBot\StealthBot v2.6R3.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211919850811
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9035 bytes

-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-06-27 20:32:56 0 d-------- C:\Program Files\Trend Micro
2008-06-27 20:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-27 20:29:05 0 d-------- C:\Program Files\Security Task Manager
2008-06-27 19:59:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 19:54:30 0 d-------- C:\Program Files\MSXML 4.0
2008-06-26 15:40:03 531519 --ahs---- C:\WINDOWS\system32\ruEMmUvw.ini2
2008-06-26 15:22:44 0 d-------- C:\Documents and Settings\Jay\Application Data\Nero
2008-06-26 15:17:50 0 d-------- C:\Program Files\Nero
2008-06-26 15:17:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-26 15:17:49 0 d-------- C:\Program Files\Common Files\Nero
2008-06-26 15:08:13 0 d-------- C:\WINDOWS\CAVTemp
2008-06-26 14:40:34 0 d-------- C:\Program Files\Total Video Converter
2008-06-25 13:49:11 0 dr-h----- C:\Documents and Settings\Jay\Recent
2008-06-25 11:50:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-24 21:11:10 0 d-------- C:\Program Files\CCleaner
2008-06-24 21:09:46 0 d-------- C:\Program Files\Yahoo!
2008-06-22 20:37:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-22 20:37:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-21 00:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-06-21 00:18:13 0 d-------- C:\Program Files\CA
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-20 13:21:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-20 13:21:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-20 13:21:20 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-20 13:21:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-20 13:21:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-20 13:21:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-20 13:18:59 0 d--hs---- C:\WINDOWS\CSC
2008-06-16 21:07:03 0 d-------- C:\Documents and Settings\Jay\Application Data\Audacity
2008-06-16 21:06:52 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-06-16 21:03:37 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-16 20:58:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrium
2008-06-16 20:57:40 0 d-------- C:\Program Files\Macrium
2008-06-16 20:56:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-14 19:20:11 0 d-------- C:\Program Files\ATITool
2008-06-10 23:28:08 0 d-------- C:\WINDOWS\Sun
2008-06-10 20:25:52 0 d-------- C:\Documents and Settings\All Users\Application Data\JCreator
2008-06-10 20:25:51 0 d-------- C:\Documents and Settings\Jay\Application Data\JCreator
2008-06-10 20:21:36 0 d-------- C:\Program Files\Xinox Software
2008-06-10 20:21:09 0 d-------- C:\Documents and Settings\Jay\.SunDownloadManager
2008-06-10 18:44:14 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-10 18:44:14 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-10 18:44:13 0 d-------- C:\Program Files\Cheat Engine
2008-06-08 19:23:39 0 d-------- C:\Program Files\HOLDMYREALKEY
2008-06-07 13:01:04 0 d-------- C:\Program Files\RocketDock
2008-06-02 17:02:05 0 d-------- C:\Documents and Settings\Jay\Application Data\vlc
2008-06-02 17:00:53 0 d-------- C:\Program Files\VideoLAN
2008-06-02 15:29:55 0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2008-07-02 02:32:04 0 d-------- C:\Program Files\Warcraft III
2008-06-30 20:32:16 0 d-------- C:\Program Files\Messenger
2008-06-30 20:32:15 0 d-------- C:\Program Files\FrostWire
2008-06-30 20:24:45 77514 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 16:05:06 0 d-------- C:\Documents and Settings\Jay\Application Data\Azureus
2008-06-26 15:17:49 0 d-------- C:\Program Files\Common Files
2008-06-22 20:58:00 0 d-------- C:\Documents and Settings\Jay\Application Data\Adobe
2008-06-22 18:50:45 0 d-------- C:\Program Files\Steam
2008-06-19 18:40:04 0 d-------- C:\Program Files\Azureus
2008-06-09 18:25:26 0 d-------- C:\Documents and Settings\Jay\Application Data\Ventrilo
2008-06-08 19:31:41 0 d-------- C:\Program Files\StealthBot
2008-06-02 16:56:29 0 d-------- C:\Documents and Settings\Jay\Application Data\Apple Computer
2008-06-01 22:23:53 0 d-------- C:\Documents and Settings\Jay\Application Data\FrostWire
2008-05-31 12:42:50 0 d-------- C:\Program Files\VentSrv
2008-05-31 12:39:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 23:33:35 0 d-------- C:\Documents and Settings\Jay\Application Data\Logitech
2008-05-29 23:29:32 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-29 23:29:20 0 d-------- C:\Program Files\Logitech
2008-05-29 23:29:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 02:24:57 0 d-------- C:\Program Files\Microsoft Works
2008-05-28 02:24:42 0 d-------- C:\Program Files\MSBuild
2008-05-28 02:23:14 0 d-------- C:\Program Files\Microsoft.NET
2008-05-28 02:20:53 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-27 22:52:09 0 d-------- C:\Documents and Settings\Jay\Application Data\Macromedia
2008-05-27 21:16:29 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 20:47:51 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-27 20:47:51 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-27 20:30:20 0 d-------- C:\Program Files\Java
2008-05-27 20:15:49 0 d-------- C:\Program Files\Creative
2008-05-27 20:15:07 0 d-------- C:\Program Files\Analog Devices
2008-05-27 20:07:26 0 d-------- C:\Program Files\WinPcap
2008-05-27 20:00:29 0 d-------- C:\Program Files\Common Files\Java
2008-05-27 19:59:23 0 d-------- C:\Documents and Settings\Jay\Application Data\Sun
2008-05-27 19:51:29 0 d-------- C:\Program Files\iTunes
2008-05-27 19:41:24 0 d-------- C:\Program Files\Ventrilo
2008-05-27 18:37:45 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-27 18:31:05 0 d-------- C:\Documents and Settings\Jay\Application Data\ViStart
2008-05-27 18:25:05 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-27 18:24:13 0 d-------- C:\Documents and Settings\Jay\Application Data\WinRAR
2008-05-27 18:15:00 0 d-------- C:\Program Files\Windows Live
2008-05-27 18:14:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 18:03:55 0 d-------- C:\Program Files\iPod
2008-05-27 18:03:38 0 d-------- C:\Program Files\Bonjour
2008-05-27 18:03:33 0 d-------- C:\Program Files\QuickTime
2008-05-27 18:02:40 0 d-------- C:\Program Files\Common Files\Apple
2008-05-27 18:00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 18:00:51 0 d-------- C:\Documents and Settings\Jay\Application Data\Mozilla
2008-05-27 17:50:34 0 d-------- C:\Program Files\Movie Maker
2008-05-27 17:48:13 0 d-------- C:\Program Files\Windows NT
2008-05-27 17:15:56 0 d-------- C:\Program Files\Marvell
2008-05-27 17:14:43 0 d-------- C:\Documents and Settings\Jay\Application Data\Identities
2008-05-27 17:10:11 0 d-------- C:\Program Files\microsoft frontpage
2008-05-27 17:09:50 0 -rahs---- C:\MSDOS.SYS
2008-05-27 17:09:50 0 -rahs---- C:\IO.SYS
2008-05-27 17:09:50 0 --a------ C:\CONFIG.SYS
2008-05-27 17:09:50 0 --a------ C:\AUTOEXEC.BAT
2008-05-27 17:08:48 0 d-------- C:\Program Files\Online Services
2008-05-27 17:07:43 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-27 17:07:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-27 17:06:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-27 16:26:01 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-27 16:22:39 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 16:18:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 16:17:08 0 d-------- C:\Documents and Settings\Jay\Application Data\MSN6
2008-05-27 16:16:53 0 d-------- C:\Program Files\Intel
2008-05-27 12:02:10 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-27 12:02:07 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-27 12:01:41 62 --ahs---- C:\Documents and Settings\Jay\Application Data\desktop.ini
2008-05-12 11:49:00 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78E42A3F-B9A2-47A4-89DB-D63FD4CDD14D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAECE85D-1DC7-4ED9-ACB7-D30DE973EAA7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F074A196-2027-4C35-8F37-7979D9A5FD2E}]
C:\WINDOWS\system32\geBuSKDT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [05/03/2005 07:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/29/2008 12:37 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 10:07 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:25 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 01:42 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"BMcf7dc3d7"="C:\WINDOWS\system32\tknepbmf.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\
Shortcut to KEYHOLD.lnk - C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe [6/8/2008 7:24:08 PM]
Shortcut to StealthBot v2.6R3.lnk - C:\Program Files\StealthBot\StealthBot v2.6R3.exe [4/19/2005 12:53:30 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5/29/2008 11:29:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBuSKDT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf7dc3d7]
Rundll32.exe "C:\WINDOWS\system32\tbukrcbu.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-02 18:19:26 ------------
  • 0

Advertisements

#11
Rorschach112
Posted 03 July 2008 - 12:36 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {78E42A3F-B9A2-47A4-89DB-D63FD4CDD14D} - (no file)
O2 - BHO: (no name) - {EAECE85D-1DC7-4ED9-ACB7-D30DE973EAA7} - (no file)
O2 - BHO: (no name) - {F074A196-2027-4C35-8F37-7979D9A5FD2E} - C:\WINDOWS\system32\geBuSKDT.dll (file missing)
O4 - HKLM\..\Run: [BMcf7dc3d7] Rundll32.exe "C:\WINDOWS\system32\tknepbmf.dll",s

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf7dc3d7
C:\WINDOWS\system32\tbukrcbu.dll
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new DSS log
  • 0

#12
iamallama
Posted 03 July 2008 - 03:00 PM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Explorer killed successfully
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf7dc3d7 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf7dc3d7\\ deleted successfully.
File/Folder C:\WINDOWS\system32\tbukrcbu.dll not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF61C2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF61DD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01ce0.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01ce6.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07032008_153552

Files moved on Reboot...
C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF61C2.tmp moved successfully.
C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF61DD.tmp moved successfully.
File C:\WINDOWS\temp\ZLT01ce0.TMP not found!
File C:\WINDOWS\temp\ZLT01ce6.TMP not found!
  • 0

#13
iamallama
Posted 03 July 2008 - 03:00 PM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 03, 2008 5:54:59 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/07/2008
Kaspersky Anti-Virus database records: 910775
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 45236
Number of viruses found: 7
Number of infected objects: 32
Number of suspicious objects: 0
Duration of the scan process: 00:42:43

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080702180958\backup\DOCUME~1\Jay\LOCALS~1\Temp\NERO14961\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SecTaskMan\tuvwUMDU.dll.q_804E004_q Infected: Trojan.Win32.Monderc.gen skipped
C:\Documents and Settings\Jay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_B8CC_4F39_CC4E_F0E4\dfsr.db Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_B8CC_4F39_CC4E_F0E4\fsr.log Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_B8CC_4F39_CC4E_F0E4\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_B8CC_4F39_CC4E_F0E4\tmp.edb Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\zdbg3sml.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\zdbg3sml.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\zdbg3sml.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\zdbg3sml.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\zdbg3sml.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\zdbg3sml.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\History\History.IE5\MSHist012008070320080704\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DF2A35.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DF6821.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DF6953.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DFAEDE.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DFB0B4.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DFC076.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DFE32B.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\39MTO9N0\kb767887[1] Infected: Trojan.Win32.Monderc.gen skipped
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\4QQOJQC7\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.zji skipped
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\4QQOJQC7\kb671231[1] Infected: Trojan.Win32.Monderc.a skipped
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jay\My Documents\Random Documents\Switchblade-Siliv-1-3-0-1.zip/Switchblade-Siliv-1-3-0-1/WIP/CMD/iepv.exe Infected: not-a-virus:PSWTool.Win32.IEPassView.a skipped
C:\Documents and Settings\Jay\My Documents\Random Documents\Switchblade-Siliv-1-3-0-1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jay\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jay\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080627-203629-574.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080629-004757-132.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080629-004757-206.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080630-191838-784.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080630-191900-835.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7E10FBDA-ACE5-41E3-A93A-98621FC3CF8E}\RP549\A0079969.exe Infected: Trojan.Win32.Agent.fmr skipped
C:\System Volume Information\_restore{7E10FBDA-ACE5-41E3-A93A-98621FC3CF8E}\RP549\A0079973.exe Infected: Trojan.Win32.Agent.fmr skipped
C:\System Volume Information\_restore{7E10FBDA-ACE5-41E3-A93A-98621FC3CF8E}\RP549\A0079982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\System Volume Information\_restore{AFE41830-79F1-4ACD-8419-0BD952B54237}\RP1\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\JAY-YAPIBZLAGU1.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Prefetch\OneNote Table Of Contents.onetoc2 Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT02614.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02618.TMP Object is locked skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\!KillBox\geBuSKDT.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\!KillBox\geBuSKDT.dll( 1) Infected: Trojan.Win32.Monderc.gen skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\!KillBox\xxywVoLe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\!KillBox\xxywVoLe.dll( 1) Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\!KillBox\xxywVoLe.dll( 2) Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\!KillBox\xxywVoLe.dll( 3) Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\!KillBox\xxywVoLe.dll( 4) Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\!KillBox\xxywVoLe.dll( 5) Infected: not-a-virus:AdWare.Win32.Virtumonde.zic skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\ablyhrwm.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\aopejj.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\drjtxl.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\geBuSKDT.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\gtpcpxrs.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\hiabjous.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\icwgoxna.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zji skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\tknepbmf.dll Infected: Trojan.Win32.Monderc.a skipped
C:\_OTMoveIt\MovedFiles\07022008_170814\WINDOWS\system32\ucdhhhme.dll Infected: Trojan.Win32.Monderc.gen skipped

Scan process completed.

Edited by iamallama, 03 July 2008 - 03:58 PM.

  • 0

#14
iamallama
Posted 03 July 2008 - 03:01 PM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Deckard's System Scanner v20071014.68
Run by Jay on 2008-07-03 17:59:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jay.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:36 PM, on 7/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Documents and Settings\Jay\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jay.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to KEYHOLD.lnk = C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe
O4 - Startup: Shortcut to StealthBot v2.6R3.lnk = C:\Program Files\StealthBot\StealthBot v2.6R3.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211919850811
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8845 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 15:42:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-03 15:42:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-03 15:42:13 0 d-------- C:\WINDOWS\LastGood
2008-06-27 20:32:56 0 d-------- C:\Program Files\Trend Micro
2008-06-27 20:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-27 20:29:05 0 d-------- C:\Program Files\Security Task Manager
2008-06-27 19:59:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 19:54:30 0 d-------- C:\Program Files\MSXML 4.0
2008-06-26 15:40:03 531519 --ahs---- C:\WINDOWS\system32\ruEMmUvw.ini2
2008-06-26 15:22:44 0 d-------- C:\Documents and Settings\Jay\Application Data\Nero
2008-06-26 15:17:50 0 d-------- C:\Program Files\Nero
2008-06-26 15:17:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-26 15:17:49 0 d-------- C:\Program Files\Common Files\Nero
2008-06-26 15:08:13 0 d-------- C:\WINDOWS\CAVTemp
2008-06-26 14:40:34 0 d-------- C:\Program Files\Total Video Converter
2008-06-25 13:49:11 0 dr-h----- C:\Documents and Settings\Jay\Recent
2008-06-25 11:50:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-24 21:11:10 0 d-------- C:\Program Files\CCleaner
2008-06-24 21:09:46 0 d-------- C:\Program Files\Yahoo!
2008-06-22 20:37:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-22 20:37:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-21 00:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-06-21 00:18:13 0 d-------- C:\Program Files\CA
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-20 13:21:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-20 13:21:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-20 13:21:20 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-20 13:21:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-20 13:21:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-20 13:21:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-20 13:18:59 0 d--hs---- C:\WINDOWS\CSC
2008-06-16 21:07:03 0 d-------- C:\Documents and Settings\Jay\Application Data\Audacity
2008-06-16 21:06:52 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-06-16 21:03:37 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-16 20:58:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrium
2008-06-16 20:57:40 0 d-------- C:\Program Files\Macrium
2008-06-16 20:56:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-14 19:20:11 0 d-------- C:\Program Files\ATITool
2008-06-10 23:28:08 0 d-------- C:\WINDOWS\Sun
2008-06-10 20:25:52 0 d-------- C:\Documents and Settings\All Users\Application Data\JCreator
2008-06-10 20:25:51 0 d-------- C:\Documents and Settings\Jay\Application Data\JCreator
2008-06-10 20:21:36 0 d-------- C:\Program Files\Xinox Software
2008-06-10 20:21:09 0 d-------- C:\Documents and Settings\Jay\.SunDownloadManager
2008-06-10 18:44:14 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-10 18:44:14 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-10 18:44:13 0 d-------- C:\Program Files\Cheat Engine
2008-06-08 19:23:39 0 d-------- C:\Program Files\HOLDMYREALKEY
2008-06-07 13:01:04 0 d-------- C:\Program Files\RocketDock


-- Find3M Report ---------------------------------------------------------------

2008-07-03 15:32:41 0 d-------- C:\Program Files\Warcraft III
2008-06-30 20:32:16 0 d-------- C:\Program Files\Messenger
2008-06-30 20:32:15 0 d-------- C:\Program Files\FrostWire
2008-06-30 20:24:45 77514 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 16:05:06 0 d-------- C:\Documents and Settings\Jay\Application Data\Azureus
2008-06-26 15:17:49 0 d-------- C:\Program Files\Common Files
2008-06-22 20:58:00 0 d-------- C:\Documents and Settings\Jay\Application Data\Adobe
2008-06-22 18:50:45 0 d-------- C:\Program Files\Steam
2008-06-19 18:40:04 0 d-------- C:\Program Files\Azureus
2008-06-09 18:25:26 0 d-------- C:\Documents and Settings\Jay\Application Data\Ventrilo
2008-06-08 19:31:41 0 d-------- C:\Program Files\StealthBot
2008-06-02 17:02:05 0 d-------- C:\Documents and Settings\Jay\Application Data\vlc
2008-06-02 17:00:53 0 d-------- C:\Program Files\VideoLAN
2008-06-02 16:56:29 0 d-------- C:\Documents and Settings\Jay\Application Data\Apple Computer
2008-06-02 15:29:56 0 d-------- C:\Program Files\Apple Software Update
2008-06-01 22:23:53 0 d-------- C:\Documents and Settings\Jay\Application Data\FrostWire
2008-05-31 12:42:50 0 d-------- C:\Program Files\VentSrv
2008-05-31 12:39:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 23:33:35 0 d-------- C:\Documents and Settings\Jay\Application Data\Logitech
2008-05-29 23:29:32 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-29 23:29:20 0 d-------- C:\Program Files\Logitech
2008-05-29 23:29:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 02:24:57 0 d-------- C:\Program Files\Microsoft Works
2008-05-28 02:24:42 0 d-------- C:\Program Files\MSBuild
2008-05-28 02:23:14 0 d-------- C:\Program Files\Microsoft.NET
2008-05-28 02:20:53 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-27 22:52:09 0 d-------- C:\Documents and Settings\Jay\Application Data\Macromedia
2008-05-27 21:16:29 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 20:47:51 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-27 20:47:51 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-27 20:30:20 0 d-------- C:\Program Files\Java
2008-05-27 20:15:49 0 d-------- C:\Program Files\Creative
2008-05-27 20:15:07 0 d-------- C:\Program Files\Analog Devices
2008-05-27 20:07:26 0 d-------- C:\Program Files\WinPcap
2008-05-27 20:00:29 0 d-------- C:\Program Files\Common Files\Java
2008-05-27 19:59:23 0 d-------- C:\Documents and Settings\Jay\Application Data\Sun
2008-05-27 19:51:29 0 d-------- C:\Program Files\iTunes
2008-05-27 19:41:24 0 d-------- C:\Program Files\Ventrilo
2008-05-27 18:37:45 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-27 18:31:05 0 d-------- C:\Documents and Settings\Jay\Application Data\ViStart
2008-05-27 18:25:05 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-27 18:24:13 0 d-------- C:\Documents and Settings\Jay\Application Data\WinRAR
2008-05-27 18:15:00 0 d-------- C:\Program Files\Windows Live
2008-05-27 18:14:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 18:03:55 0 d-------- C:\Program Files\iPod
2008-05-27 18:03:38 0 d-------- C:\Program Files\Bonjour
2008-05-27 18:03:33 0 d-------- C:\Program Files\QuickTime
2008-05-27 18:02:40 0 d-------- C:\Program Files\Common Files\Apple
2008-05-27 18:00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 18:00:51 0 d-------- C:\Documents and Settings\Jay\Application Data\Mozilla
2008-05-27 17:50:34 0 d-------- C:\Program Files\Movie Maker
2008-05-27 17:48:13 0 d-------- C:\Program Files\Windows NT
2008-05-27 17:15:56 0 d-------- C:\Program Files\Marvell
2008-05-27 17:14:43 0 d-------- C:\Documents and Settings\Jay\Application Data\Identities
2008-05-27 17:10:11 0 d-------- C:\Program Files\microsoft frontpage
2008-05-27 17:09:50 0 -rahs---- C:\MSDOS.SYS
2008-05-27 17:09:50 0 -rahs---- C:\IO.SYS
2008-05-27 17:09:50 0 --a------ C:\CONFIG.SYS
2008-05-27 17:09:50 0 --a------ C:\AUTOEXEC.BAT
2008-05-27 17:08:48 0 d-------- C:\Program Files\Online Services
2008-05-27 17:07:43 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-27 17:07:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-27 17:06:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-27 16:26:01 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-27 16:22:39 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 16:18:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 16:17:08 0 d-------- C:\Documents and Settings\Jay\Application Data\MSN6
2008-05-27 16:16:53 0 d-------- C:\Program Files\Intel
2008-05-27 12:02:10 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-27 12:02:07 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-27 12:01:41 62 --ahs---- C:\Documents and Settings\Jay\Application Data\desktop.ini
2008-05-12 11:49:00 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [05/03/2005 07:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/29/2008 12:37 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 10:07 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:25 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 01:42 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\
Shortcut to KEYHOLD.lnk - C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe [6/8/2008 7:24:08 PM]
Shortcut to StealthBot v2.6R3.lnk - C:\Program Files\StealthBot\StealthBot v2.6R3.exe [4/19/2005 12:53:30 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5/29/2008 11:29:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBuSKDT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-03 18:09:00 ------------

Edited by iamallama, 03 July 2008 - 04:10 PM.

  • 0

#15
iamallama
Posted 03 July 2008 - 07:10 PM

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
just wanted to say that my browsers work now so some things must be fixed =p
before i had to end explorer.exe to browse around and use alt tab to switch windows
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP