[Aad]

It seems that I have been infected by a maleware virus, also it shuts down my security update from windows.
Have done several cleanups as asked on the site, but still there are popups.
Down I put my hijackthis log,
Could you please help me to remove it?
Regards Aad

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:39, on 6-7-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
O2 - BHO: {0513f00a-c55a-80fb-21b4-cf784c994d0f} - {f0d499c4-87fc-4b12-bf08-a55ca00f3150} - C:\WINDOWS\system32\uaodmu.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5825 bytes

[Advertisements]

OK lets see what we can do

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: {0513f00a-c55a-80fb-21b4-cf784c994d0f} - {f0d499c4-87fc-4b12-bf08-a55ca00f3150} - C:\WINDOWS\system32\uaodmu.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Lets try the Automated Windows Update Fix from Castlecops

• Download WUFix.zip and unzip to your desktop.
• Double-Click WUFix.bat to run fix.
• You will see a window open and commands processing. When the window closes the fix will have completed.
• Restart the computer.

This fix will clear the proxy cache, places Windows Update sites in the Trusted Zone, places Windows Update sites in the exception list of IE Popup Blocker, starts all dependent services, registers required DLLS, empties the Windows Update temporary folder (with backup), renames the catroot2 folder, retains update history and Event log, and deletes BITS pending download queue.

Once done, go back to the Windows Update Website (You must use the Microsoft Internet Explorer to do this). Check your history to see if the update is already installed.

FINALLY FOR NOW

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Essexboy]

OK lets see what we can do

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: {0513f00a-c55a-80fb-21b4-cf784c994d0f} - {f0d499c4-87fc-4b12-bf08-a55ca00f3150} - C:\WINDOWS\system32\uaodmu.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Lets try the Automated Windows Update Fix from Castlecops

• Download WUFix.zip and unzip to your desktop.
• Double-Click WUFix.bat to run fix.
• You will see a window open and commands processing. When the window closes the fix will have completed.
• Restart the computer.

This fix will clear the proxy cache, places Windows Update sites in the Trusted Zone, places Windows Update sites in the exception list of IE Popup Blocker, starts all dependent services, registers required DLLS, empties the Windows Update temporary folder (with backup), renames the catroot2 folder, retains update history and Event log, and deletes BITS pending download queue.

Once done, go back to the Windows Update Website (You must use the Microsoft Internet Explorer to do this). Check your history to see if the update is already installed.

FINALLY FOR NOW

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Aad]

Hi Global Moderator,
Sorry for the delay however I seems to have some problems (hardware) with my internet connection and had some family problems to solve.
However these seems to have been solved and so I have done the thinks you asked me to do.
As I type this, no pupops have been seen at the moment, so far so good......
here are the log's from dss.
I hope you can keep them apart,
Regards
Aad

Deckard's System Scanner v20071014.68
Run by Aad on 2008-07-06 21:04:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-07-06 19:04:38 UTC - RP48 - Deckard's System Scanner Restore Point
47: 2008-07-06 18:56:00 UTC - RP47 - Software Distribution Service 3.0
46: 2008-07-05 22:54:00 UTC - RP46 - System Checkpoint
45: 2008-07-04 17:28:29 UTC - RP45 - Last known good configuration
44: 2008-07-04 17:28:22 UTC - RP44 - System Checkpoint


-- First Restore Point --
1: 2008-07-04 17:28:15 UTC - RP1 - Installed Digital Media Feature Pack for Windows Media Center 2005


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Aad.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:07, on 6-7-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Aad\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Aad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.planet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6318 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080706-204509-970 O2 - BHO: {0513f00a-c55a-80fb-21b4-cf784c994d0f} - {f0d499c4-87fc-4b12-bf08-a55ca00f3150} - C:\WINDOWS\system32\uaodmu.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN-transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01CE1028&REV_02\4&378EDFA4&0&00E2
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01CE1028&REV_02\4&378EDFA4&0&00E2
Service:


-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 20:51:45 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-06 20:46:56 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-06 12:37:34 0 d-------- C:\VundoFix Backups
2008-07-06 12:30:33 0 d-------- C:\Program Files\Enigma Software Group
2008-07-06 10:40:18 0 d-------- C:\Program Files\Trend Micro
2008-07-05 12:17:57 0 d-------- C:\Documents and Settings\Aad\Application Data\Malwarebytes
2008-07-05 12:17:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 12:17:45 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 12:17:24 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-05 11:05:50 0 dr-h----- C:\Documents and Settings\Aad\Recent
2008-07-05 10:37:28 3210 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-05 07:33:18 103424 --a------ C:\WINDOWS\system32\uaodmu.dll
2008-07-05 07:33:16 103424 --a------ C:\WINDOWS\system32\aetaxrhx.dll
2008-07-05 07:30:25 78848 -----n--- C:\WINDOWS\system32\ljtxwxmd.dll
2008-07-04 19:29:07 0 d-------- C:\Program Files\PowerISO
2008-07-03 20:59:53 0 d-------- C:\Program Files\Common Files\Canon
2008-07-02 22:50:18 0 d-------- C:\Program Files\Pro Imaging Powertoys
2008-07-02 22:50:18 0 d-------- C:\Program Files\Common Files\Nikon
2008-07-02 22:48:59 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-29 23:49:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-29 23:49:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-27 03:00:02 0 d-------- C:\Downloads <DOWNLO~2>
2008-06-26 23:33:05 0 d-------- C:\Documents and Settings\Aad\Application Data\Software Informer
2008-06-26 23:32:58 0 d-------- C:\Program Files\Software Informer
2008-06-21 06:55:18 0 d-------- C:\DestinatorApps
2008-06-15 07:05:58 0 d-------- C:\Documents and Settings\Aad\Application Data\CyberLink
2008-06-15 07:05:56 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-12 08:28:49 56108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Find3M Report ---------------------------------------------------------------

2008-07-06 12:30:19 0 d-------- C:\Documents and Settings\Aad\Application Data\LimeWire
2008-07-06 10:16:14 44153 --a------ C:\WINDOWS\system32\nvModes.dat
2008-07-05 12:17:24 0 d-------- C:\Program Files\Common Files
2008-07-05 10:28:38 0 d-------- C:\Documents and Settings\Aad\Application Data\uTorrent
2008-06-30 00:00:28 0 d-------- C:\Documents and Settings\Aad\Application Data\Adobe
2008-06-05 23:26:15 0 d-------- C:\Program Files\LimeWire
2008-06-05 23:24:07 0 d-------- C:\Program Files\CCleaner
2008-06-05 23:22:36 0 d-------- C:\Documents and Settings\Aad\Application Data\FrostWire
2008-06-05 14:50:10 0 d-------- C:\Documents and Settings\Aad\Application Data\WinRAR
2008-06-05 11:02:55 0 d-------- C:\Program Files\Messenger
2008-06-05 11:02:25 0 d-------- C:\Program Files\Movie Maker
2008-06-05 10:59:01 0 d-------- C:\Program Files\Windows NT
2008-06-01 15:29:54 0 d-------- C:\Documents and Settings\Aad\Application Data\vlc
2008-06-01 14:12:31 0 d-------- C:\Program Files\MSXML 4.0
2008-06-01 13:42:12 0 d-------- C:\Documents and Settings\Aad\Application Data\NeroVision
2008-06-01 13:41:49 0 d-------- C:\Program Files\Ahead
2008-06-01 13:39:47 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-01 13:38:23 0 d-------- C:\Program Files\VideoLAN
2008-06-01 13:36:37 0 d-------- C:\Program Files\CyberLink
2008-06-01 13:36:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-01 13:32:41 0 d-------- C:\Documents and Settings\Aad\Application Data\Logitech
2008-06-01 13:31:43 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-01 13:31:15 0 d-------- C:\Program Files\Logitech
2008-06-01 13:31:00 0 d-------- C:\Documents and Settings\Aad\Application Data\InstallShield
2008-06-01 13:28:57 0 d-------- C:\Program Files\Java
2008-06-01 13:28:20 0 d-------- C:\Program Files\Common Files\Java
2008-06-01 13:22:24 0 d-------- C:\Program Files\uTorrent
2008-06-01 13:18:46 0 d-------- C:\Program Files\DVD Decrypter
2008-06-01 13:18:26 0 d-------- C:\Program Files\DVD Shrink
2008-06-01 13:14:22 0 d-------- C:\Documents and Settings\Aad\Application Data\Macromedia
2008-06-01 13:03:23 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-31 23:11:09 0 d-------- C:\Documents and Settings\Aad\Application Data\Intel
2008-05-31 23:10:22 0 d-------- C:\Program Files\Intel
2008-05-31 23:09:08 0 d-------- C:\Program Files\Broadcom
2008-05-31 23:08:06 0 d-------- C:\Program Files\DIFX
2008-05-31 23:02:56 0 d-------- C:\Program Files\CONEXANT
2008-05-31 23:01:42 0 d-------- C:\Program Files\SigmaTel
2008-05-31 23:01:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-31 22:38:29 0 d-------- C:\Program Files\Microsoft Works
2008-05-31 22:37:05 0 d-------- C:\Program Files\Microsoft.NET
2008-05-31 22:14:23 0 d-------- C:\Program Files\Dell
2008-05-31 21:13:26 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-31 21:13:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-31 21:12:56 62 --ahs---- C:\Documents and Settings\Aad\Application Data\desktop.ini
2008-05-31 20:55:19 0 d-------- C:\Documents and Settings\Aad\Application Data\Identities
2008-05-31 20:33:27 0 d-------- C:\Program Files\microsoft frontpage
2008-05-31 20:32:03 0 -rahs---- C:\MSDOS.SYS
2008-05-31 20:32:03 0 -rahs---- C:\IO.SYS
2008-05-31 20:32:03 0 --a------ C:\CONFIG.SYS
2008-05-31 20:32:03 0 --a------ C:\AUTOEXEC.BAT
2008-05-31 20:30:17 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-31 20:29:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-31 20:27:30 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-31 20:27:00 0 d-------- C:\Program Files\Online Services
2008-05-31 20:26:24 0 d-------- C:\Program Files\Windows Plus
2008-05-31 20:23:59 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05-08-2005 14:56]
"SigmatelSysTrayApp"="stsystra.exe" [16-11-2005 16:35 C:\WINDOWS\stsystra.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [28-12-2005 12:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28-12-2005 12:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [21-03-2006 21:03]
"nwiz"="nwiz.exe" [21-03-2006 21:03 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [21-03-2006 21:03 C:\WINDOWS\system32\nvhotkey.dll]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [01-06-2008 13:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [26-08-2005 19:14]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-2007 03:17 C:\WINDOWS\KHALMNPR.Exe]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [13-04-2006 11:09]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [13-07-2003 04:49]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [13-07-2003 04:49]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [16-06-2008 10:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14-04-2008 02:12]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14-04-2008 02:12]
"fsm"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/1/2008 1:31:33 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 09-01-2008 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-06 21:06:57 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2500 @ 2.00GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2046.39 MiB / 1644.39 MiB
Pagefile Memory (total/avail): 3939.29 MiB / 3690.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1817.1 MiB

C: is Fixed (NTFS) - 73.03 GiB total, 21.24 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 73.13 GiB - 2 partitions
\PARTITION0 - Unknown - 86.26 MiB
\PARTITION1 (bootable) - Installable File System - 73.03 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Aad\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Aad
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Aad\LOCALS~1\Temp
TMP=C:\DOCUME~1\Aad\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=Aad
USERPROFILE=C:\Documents and Settings\Aad
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Aad (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Ahead NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
Ahead NeroVision Express --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Destinator Console --> C:\DESTIN~1\INSTAL~1\UNWISE.EXE C:\DESTIN~1\INSTAL~1\INSTALL.LOG
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.18.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0013 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50) --> MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NOD32 Antivirus System --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x13 -remove -removeonly
Software Informer 1.0 BETA --> "C:\Program Files\Software Informer\unins000.exe"
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type543 / Error
Event Submitted/Written: 07/05/2008 10:30:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module nevdec.ax, version 1.1.5.38, fault address 0x0000f959.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type511 / Error
Event Submitted/Written: 07/03/2008 04:27:30 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type508 / Error
Event Submitted/Written: 07/02/2008 10:08:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application fdm.exe, version 2.5.758.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type486 / Error
Event Submitted/Written: 06/28/2008 00:40:56 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 820711220.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type485 / Error
Event Submitted/Written: 06/28/2008 00:40:44 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x10001374.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2170 / Error
Event Submitted/Written: 07/06/2008 09:04:07 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.100 on the
Network Card with network address 0013023D67BE.

Event Record #/Type2169 / Warning
Event Submitted/Written: 07/06/2008 09:04:07 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013023D67BE. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2136 / Error
Event Submitted/Written: 07/06/2008 08:50:38 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.100 on the
Network Card with network address 0013023D67BE.

Event Record #/Type2135 / Warning
Event Submitted/Written: 07/06/2008 08:50:38 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013023D67BE. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2088 / Warning
Event Submitted/Written: 07/06/2008 11:13:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-06 21:06:57 ------------

[Essexboy]

Now that doesn't look to bad a few more to kill and a quick sweep for orphans. Is windows update working now ?
Time is not a problem

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
• Click the "Download" button to the right.
• Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

THEN

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\uaodmu.dll
  C:\WINDOWS\system32\aetaxrhx.dll
  C:\WINDOWS\system32\ljtxwxmd.dll
  Purity

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTMoveit and MBAM

[Aad]

Hi Moderator,
I don't know how you know all these things, but I'm affely glad you do
You helpt me out a lot, and I'm glad to be rid of the maleware junk. Yes the update is working again now.
Will be more carful next time......

Here are the results of both scans in a log.
Due to there was a message that something could not be removed I rebooted the computer and dit
the OTMoveIt2 scan again, that result is under the first log.
I devidet the logs by a ====== rule.

regards
Aad

DllUnregisterServer procedure not found in C:\WINDOWS\system32\uaodmu.dll
C:\WINDOWS\system32\uaodmu.dll NOT unregistered.
C:\WINDOWS\system32\uaodmu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aetaxrhx.dll
C:\WINDOWS\system32\aetaxrhx.dll NOT unregistered.
C:\WINDOWS\system32\aetaxrhx.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ljtxwxmd.dll
C:\WINDOWS\system32\ljtxwxmd.dll NOT unregistered.
C:\WINDOWS\system32\ljtxwxmd.dll moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_234353


================================================================================
=============================
RUNNED IT THE SECOND TIME THE RESULT WAS

File/Folder C:\WINDOWS\system32\uaodmu.dll not found.
File/Folder C:\WINDOWS\system32\aetaxrhx.dll not found.
File/Folder C:\WINDOWS\system32\ljtxwxmd.dll not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_234840

================================================================================
=============================

Malwarebytes' Anti-Malware 1.19
Database versie: 927
Windows 5.1.2600 Service Pack 3

23:55:19 6-7-2008
mbam-log-7-6-2008 (23-55-12).txt

Scan type: Snelle Scan
Objecten gescand: 39276
Verstreken tijd: 3 minute(s), 30 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

[Essexboy]

Excellent result there I think we can now let you go

Now the best part of the day ----- Your log now appears clean

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe

[Aad]

Thanks for the help mate,
Done the cleaning, and will try to keep it this way.
If I ever need tou guys again , I know that I'm in good hands .
Many thanks and regards.
Aad

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.