Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Joke-Bluescreen.c and antispyware 2008 [RESOLVED]


  • This topic is locked This topic is locked

#1
jmailf

jmailf

    Member

  • Member
  • PipPip
  • 40 posts
I am having trouble removing both Joke-Bluescreen.c and antispyware 2008. I have two computers infected and have tryed many things but I still can not get rid of them. Need help..
I ran Malwarebytes and SuperAntiSpyware below are the logs.

Malwarebytes' Anti-Malware 1.19
Database version: 926
Windows 5.1.2600 Service Pack 2

3:12:23 AM 7/6/2008
mbam-log-7-6-2008 (03-12-23).txt

Scan type: Quick Scan
Objects scanned: 51450
Time elapsed: 13 minute(s), 52 second(s)

Memory Processes Infected: 7
Memory Modules Infected: 4
Registry Keys Infected: 46
Registry Values Infected: 6
Registry Data Items Infected: 5
Folders Infected: 8
Files Infected: 98

Memory Processes Infected:
C:\WINDOWS\RE9NSU5JS1VF\command.exe (AdWare.CommAd) -> Failed to unload process.
C:\WINDOWS\SYSTEM32\pphcn6bj0ec3t.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\pcntotdm.exe (Adware.Agent) -> Unloaded process successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\Microsoft\dtsc\10314.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\uoyzsydz.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\lphcn6bj0ec3t.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\RE9NSU5JS1VF\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.WebHancer) -> Unloaded module successfully.
C:\software\dell softwarewb.dll (Keylogger) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\blphcn6bj0ec3t.scr (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdservice (AdWare.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
HKEY_CLASSES_ROOT\TypeLib\{1e1b286c-88ff-11d3-8d96-d7acac95951a} (Keylogger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e1b2879-88ff-11d3-8d96-d7acac95951a} (Keylogger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e1b2879-88ff-11d3-8d96-d7acac95951a} (Keylogger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pk.ie (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pk.ie.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GetModule19 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcn6bj0ec3t (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\uoyzsydz.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\Microsoft\dtsc (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\WINDOWS\RE9NSU5JS1VF\asappsrv.dll (AdWare.CommAd) -> Delete on reboot.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.WebHancer) -> Delete on reboot.
C:\WINDOWS\RE9NSU5JS1VF\command.exe (AdWare.CommAd) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pphcn6bj0ec3t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pcntotdm.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\software\dell softwarewb.dll (Keylogger) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\MOUNTMGRR.SYS (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu72.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\11A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\DOMINIKUE\Local Settings\Temp\~tmp143 (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\pckik.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\Microsoft\dtsc\10314.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\DOMINIKUE\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\lfn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uoyzsydz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\{dcbfc57b-0283-4516-2d6b-be70d8c9844f}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\{dcbfc57b-0283-4516-2d6b-be70d8c9844f}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\atmtd.dll.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\blphcn6bj0ec3t.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lphcn6bj0ec3t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\phcn6bj0ec3t.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\DOMINIKUE\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DOMINIKUE\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DOMINIKUE\Local Settings\Temp\mshtml2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\DOMINIKUE\Local Settings\Temp\mshtml3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/06/2008 at 04:10 AM

Application Version : 4.15.1000

Core Rules Database Version : 3497
Trace Rules Database Version: 1488

Scan type : Complete Scan
Total Scan Time : 00:45:50

Memory items scanned : 440
Memory threats detected : 8
Registry items scanned : 5831
Registry threats detected : 26
File items scanned : 64812
File threats detected : 131

Trojan.Dropper/Gen-PortSv
C:\WINDOWS\PORTSV.EXE
C:\WINDOWS\PORTSV.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\WINDOWS\SYSTEM32\BLPHCN6BJ0EC3T.SCR
C:\WINDOWS\SYSTEM32\BLPHCN6BJ0EC3T.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1032\A0204057.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1032\A0204073.SCR
C:\WINDOWS\Prefetch\BLPHCN6BJ0EC3T.SCR-2F055C7D.pf

Trojan.Unclassified/BrowserDriver
C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
[{61-16-65-5A-DW}] C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
C:\WINDOWS\SYSTEM32\CREG\BMNDIRD.EXE
C:\WINDOWS\SYSTEM32\RSWNW64N.EXE

Keylogger.PerfectKeyLogger
C:\SOFTWARE\DELL SOFTWARE.EXE
C:\SOFTWARE\DELL SOFTWARE.EXE
[dell software] C:\SOFTWARE\DELL SOFTWARE.EXE

Trojan.Downloader-SMSS/Fake
C:\WINDOWS\SYSTEM32\ICROSO~1.NET\SMSS.EXE
C:\WINDOWS\SYSTEM32\ICROSO~1.NET\SMSS.EXE
[Sen] C:\WINDOWS\SYSTEM32\ICROSO~1.NET\SMSS.EXE

Adware.ClickSpring/Resident
C:\PROGRA~1\COMMON~1\RACLE~1\CANREG~1.EXE
C:\PROGRA~1\COMMON~1\RACLE~1\CANREG~1.EXE

Rogue.MalwareProtector/Variant
C:\WINDOWS\SYSTEM32\PPHCN6BJ0EC3T.EXE
C:\WINDOWS\SYSTEM32\PPHCN6BJ0EC3T.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1032\A0204049.EXE

Rogue.AntiVirus XP 2008
C:\PROGRAM FILES\RHCJ6BJ0EC3T\RHCJ6BJ0EC3T.EXE
C:\PROGRAM FILES\RHCJ6BJ0EC3T\RHCJ6BJ0EC3T.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\WINDOWS\Prefetch\RHCJ6BJ0EC3T.EXE-1E9A8A6E.pf

Adware.AdRotate/System
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e187b49-0a4e-f03b-7ccb-ea9feec6f53d}
HKCR\CLSID\{9E187B49-0A4E-F03B-7CCB-EA9FEEC6F53D}
HKCR\CLSID\{9E187B49-0A4E-F03B-7CCB-EA9FEEC6F53D}
HKCR\CLSID\{9E187B49-0A4E-F03B-7CCB-EA9FEEC6F53D}\InProcServer32
HKCR\CLSID\{9E187B49-0A4E-F03B-7CCB-EA9FEEC6F53D}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PJMBCWRTDIIIT.DLL

Adware.Tracking Cookie
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][3].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][3].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][3].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][3].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][2].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][1].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][1].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][2].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][1].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][1].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][1].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][2].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][2].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][1].txt
C:\Documents and Settings\DOMINIKUE\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][3].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][3].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][4].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][5].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][2].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt
C:\Documents and Settings\FAMILY\Cookies\[email protected][1].txt

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Adware.Adservs
C:\DOCUMENTS AND SETTINGS\DOMINIKUE\APPLICATION DATA\MALWAREBYTES\MALWAREBYTES' ANTI-MALWARE\QUARANTINE\QUAR1.46505
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1033\A0204176.DLL
C:\WINDOWS\SYSTEM32\NET\JVVTMP3.EXE

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\DOMINIKUE\APPLICATION DATA\MALWAREBYTES\MALWAREBYTES' ANTI-MALWARE\QUARANTINE\QUAR1.53659
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1033\A0204177.EXE

Adware.ClickSpring
C:\Program Files\Common Files\RACLE~1\CANREG~1.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1032\A0204050.DLL

Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1032\A0204043.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1032\A0204051.DLL

Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1033\A0204159.CFG
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

Trojan.Unknown Origin
C:\WINDOWS\RE9NSU5JS1VF\LH6HMOCLMYPI.VBS

Trojan.Downloader-Gen/Suspicious
C:\WINDOWS\SYSTEM32\1030\ICMSETUP.EXE

Rogue.Dropper/Gen
C:\WINDOWS\SYSTEM32\LPHCN6BJ0EC3T.EXE

Adware.DeeWoo/ThinkAdz
C:\WINDOWS\SYSTEM32\PCNTOTDM.EXE
C:\WINDOWS\Prefetch\PCNTOTDM.EXE-0AEBD23E.pf

Rootkit.TNCore-Installer
C:\WINDOWS\SYSTEM32\TFIG\ICHNEWU.EXE





I hope you can help.......Once I clean this computer I will need help on the other computer. Thanks again for any assistance.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I am prepared to do both systems but just one at a time. When the first is fixed I will then move on to the second :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
jmailf

jmailf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Deckard's System Scanner v20071014.68
Run by DOMINIKUE on 2008-07-06 12:24:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-06 17:24:33 UTC - RP1036 - Deckard's System Scanner Restore Point
1: 2008-07-06 09:16:15 UTC - RP1035 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-06 12:26:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Application Data\nuxmfmpy\zefghmdg.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\DOMINIKUE\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\vmlytihq.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe
C:\Program Files\rhcj6bj0ec3t\rhcj6bj0ec3t.exe
C:\WINDOWS\SYSTEM32\pphcn6bj0ec3t.exe
C:\Documents and Settings\DOMINIKUE\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.8:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A836B13C-26F2-0A26-FB4E-7FA2E0E11DC7} - C:\WINDOWS\system32\yszaevl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RtWLan] C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SMrhcj6bj0ec3t] C:\Program Files\rhcj6bj0ec3t\rhcj6bj0ec3t.exe
O4 - HKLM\..\Run: [{2ddb23a2-4746-eb3c-b438-3ecb7e981a07}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\pjmbcwrtdiiit.dll" DllStart
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pcntotdm.exe DWram02
O4 - HKLM\..\Run: [lphcn6bj0ec3t] C:\WINDOWS\system32\lphcn6bj0ec3t.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\DOMINIKUE\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kfdqhqjx] C:\WINDOWS\system32\zwjyzqbm.exe
O4 - HKCU\..\Run: [Hquvx] "C:\Program Files\Common Files\?racle\?canregw.exe"
O4 - HKCU\..\Run: [ygntkywr] C:\WINDOWS\system32\rqdudijk.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [dell software] C:\software\dell software.exe
O4 - HKCU\..\Run: [mhnznzej] C:\WINDOWS\system32\vmlytihq.exe
O4 - HKLM\..\Policies\Explorer\Run: [ktz9iqkS0K] C:\Documents and Settings\All Users\Application Data\nuxmfmpy\zefghmdg.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\pcntotdm.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.us.army.mil (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151985526154
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B3B4B765-65DD-4C91-A7B1-B97B2B3224EC}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: MonUtilSh - {59F18BC1-178F-1E26-FAC0-03821CB3454F} - C:\Program Files\nvtkmz\MonUtilSh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\incdsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe service
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


--
End of file - 10994 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S1 MOUNTMGRR - c:\windows\system32\drivers\mountmgrr.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 PlugPlayRPC (Plug and Play (RPC)) - c:\windows\portsv.exe service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01811028&REV_03\4&10416D21&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01811028&REV_03\4&10416D21&0&40F0
Service: E100B


-- Scheduled Tasks -------------------------------------------------------------

2004-12-29 06:45:00 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 04:18:42 0 d-------- C:\Program Files\Panda Security
2008-07-06 04:18:41 0 d-------- C:\WINDOWS\LastGood
2008-07-06 04:14:23 94208 --a------ C:\WINDOWS\system32\pphcn6bj0ec3t.exe
2008-07-06 04:12:47 60928 --a------ C:\WINDOWS\system32\blphcn6bj0ec3t.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-06 04:12:43 109056 --a------ C:\WINDOWS\system32\lphcn6bj0ec3t.exe
2008-07-06 03:27:58 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-07-06 03:20:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 03:20:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 03:20:24 0 d-------- C:\Documents and Settings\DOMINIKUE\Application Data\SUPERAntiSpyware.com
2008-07-06 03:19:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 02:55:32 0 d-------- C:\Documents and Settings\DOMINIKUE\Application Data\Malwarebytes
2008-07-06 02:55:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 02:55:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 02:08:07 0 d-------- C:\Documents and Settings\DOMINIKUE\Application Data\AdobeUM
2008-07-06 02:07:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-06 01:23:22 0 d-------- C:\WINDOWS\system32\5343
2008-07-06 01:19:22 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 00:23:38 0 d-------- C:\Program Files\Enigma Software Group
2008-07-06 00:17:19 64317 --a------ C:\WINDOWS\system32\cclehaobvgzjaxta.exe
2008-07-06 00:12:37 401972 --a------ C:\WINDOWS\system32\g59.exe
2008-07-06 00:12:32 0 d--hs---- C:\WINDOWS\RE9NSU5JS1VF
2008-07-06 00:12:29 0 d-------- C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t
2008-07-06 00:12:23 0 d-------- C:\WINDOWS\system32\tfig
2008-07-06 00:12:23 0 d-------- C:\WINDOWS\system32\net
2008-07-06 00:12:23 0 d-------- C:\WINDOWS\system32\cREG
2008-07-06 00:12:23 0 d-------- C:\WINDOWS\system32\1030
2008-07-06 00:12:18 0 d-------- C:\WINDOWS\system32\olixds06
2008-07-06 00:12:18 0 d-------- C:\Temp
2008-07-06 00:12:11 0 d-------- C:\Program Files\rhcj6bj0ec3t
2008-07-06 00:12:09 0 d-------- C:\Program Files\Common Files\?racle
2008-07-06 00:12:03 0 d-------- C:\Program Files\nvtkmz
2008-07-06 00:11:56 0 d-------- C:\WINDOWS\system32\?icrosoft.NET
2008-07-06 00:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\nuxmfmpy
2008-07-06 00:11:33 0 d-------- C:\Documents and Settings\DOMINIKUE\Application Data\uTorrent
2008-07-06 00:11:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-06 00:11:28 0 d-------- C:\Program Files\uTorrent
2008-07-06 00:11:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-06 00:11:22 4 --a------ C:\WINDOWS\system32\hljwugsf.bin


-- Find3M Report ---------------------------------------------------------------

2008-07-06 04:11:07 0 d-------- C:\Program Files\Common Files\?racle
2008-07-06 03:19:12 0 d-------- C:\Program Files\Common Files
2008-07-01 15:42:38 0 d-------- C:\Documents and Settings\DOMINIKUE\Application Data\Skype
2008-06-04 20:18:29 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-06-04 20:18:27 0 d-------- C:\Program Files\McAfee
2008-06-04 20:17:34 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-04 10:39:24 0 d-------- C:\Documents and Settings\DOMINIKUE\Application Data\AVG7
2008-06-02 23:45:17 0 d-------- C:\Documents and Settings\DOMINIKUE\Application Data\WinRAR


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A836B13C-26F2-0A26-FB4E-7FA2E0E11DC7}]
C:\WINDOWS\system32\yszaevl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/06/2004 04:52 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/06/2004 04:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 09:15 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [08/23/2004 07:19 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [11/12/2004 12:18 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2004 12:18 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [04/19/2004 03:45 PM]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [04/19/2004 03:45 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/08/2001 05:50 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [11/25/2003 11:36 AM]
"SMSERIAL"="sm56hlpr.exe" [01/28/2004 06:42 AM C:\WINDOWS\sm56hlpr.exe]
"RtWLan"="C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe" [03/24/2005 05:13 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\WINDOWS\KHALMNPR.Exe]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 08:50 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
"SMrhcj6bj0ec3t"="C:\Program Files\rhcj6bj0ec3t\rhcj6bj0ec3t.exe" [07/06/2008 03:08 AM]
"{2ddb23a2-4746-eb3c-b438-3ecb7e981a07}"="C:\WINDOWS\system32\pjmbcwrtdiiit.dll" []
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]
"RegistryMechanic"="" []
"ExploreUpdSched"="C:\WINDOWS\system32\pcntotdm.exe" []
"lphcn6bj0ec3t"="C:\WINDOWS\system32\lphcn6bj0ec3t.exe" [07/06/2008 04:12 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Skype"="C:\Documents and Settings\DOMINIKUE\Local Settings\Application Data\Skype\Phone\Skype.exe" [07/20/2006 08:28 PM]
"MySpaceIM"="C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe" [02/01/2008 03:32 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"kfdqhqjx"="C:\WINDOWS\system32\zwjyzqbm.exe" []
"Hquvx"="C:\Program Files\Common Files\?racle\?canregw.exe" []
"ygntkywr"="C:\WINDOWS\system32\rqdudijk.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"dell software"="C:\software\dell software.exe" []
"mhnznzej"="C:\WINDOWS\system32\vmlytihq.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ktz9iqkS0K"=C:\Documents and Settings\All Users\Application Data\nuxmfmpy\zefghmdg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MonUtilSh"= {59F18BC1-178F-1E26-FAC0-03821CB3454F} - C:\Program Files\nvtkmz\MonUtilSh.dll [07/06/2008 12:12 AM 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""




-- End of Deckard's System Scanner: finished at 2008-07-06 12:27:18 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 502.07 MiB / 155.79 MiB
Pagefile Memory (total/avail): 1227.63 MiB / 778.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.21 MiB

C: is Fixed (NTFS) - 33.71 GiB total, 14.63 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400JD-75HKA1 - 37.25 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 33.71 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Documents and Settings\\DOMINIKUE\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"="C:\\Documents and Settings\\DOMINIKUE\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\DOMINIKUE\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"="C:\\Documents and Settings\\DOMINIKUE\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DOMINIKUE\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LOREDO
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DOMINIKUE
LOGONSERVER=\\LOREDO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp
USERDOMAIN=LOREDO
USERNAME=DOMINIKUE
USERPROFILE=C:\Documents and Settings\DOMINIKUE
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

DOMINIKUE (admin)
FAMILY (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
303 Game Collection --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C59130F9-50CF-47E2-AA70-D20529CB0026}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AntivirXP08 --> "C:\Program Files\rhcj6bj0ec3t\uninstall.exe"
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Bebo - Skype 2.5 --> "C:\Documents and Settings\DOMINIKUE\Local Settings\Application Data\Skype\Phone\unins000.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Deewoo Network Manager removal --> C:\WINDOWS\system32\pcntotdm.exe -UPop
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EarthLink Setup Files --> MsiExec.exe /X{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
MySpaceIM --> C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\Uninstall.exe
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PCI Fax Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19A6FE78-B4CC-4C19-8C94-84EA1423AEA6}\SETUP.EXE" -l0x9
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WG111v2 Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x9 REMOVE
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4534 / Error
Event Submitted/Written: 07/06/2008 03:17:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhcj6bj0ec3t.exe, version 0.0.0.0, faulting module rhcj6bj0ec3t.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhcj6bj0ec3t.exe!ws!]

Event Record #/Type4532 / Error
Event Submitted/Written: 07/06/2008 02:48:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4531 / Error
Event Submitted/Written: 07/06/2008 02:47:58 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4530 / Error
Event Submitted/Written: 07/06/2008 02:47:21 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4529 / Error
Event Submitted/Written: 07/06/2008 02:47:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type54999 / Error
Event Submitted/Written: 07/06/2008 04:10:50 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Plug and Play (RPC) service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type54971 / Warning
Event Submitted/Written: 07/06/2008 03:14:30 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "SAS window"

Event Record #/Type54970 / Warning
Event Submitted/Written: 07/06/2008 03:14:20 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "SAS window"

Event Record #/Type54959 / Error
Event Submitted/Written: 07/06/2008 01:18:59 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type54956 / Error
Event Submitted/Written: 07/06/2008 01:15:22 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.



-- End of Deckard's System Scanner: finished at 2008-07-06 12:27:18 ------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok there are quite a few infections there

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {A836B13C-26F2-0A26-FB4E-7FA2E0E11DC7} - C:\WINDOWS\system32\yszaevl.dll (file missing)
O4 - HKLM\..\Run: [SMrhcj6bj0ec3t] C:\Program Files\rhcj6bj0ec3t\rhcj6bj0ec3t.exe
O4 - HKLM\..\Run: [{2ddb23a2-4746-eb3c-b438-3ecb7e981a07}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\pjmbcwrtdiiit.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pcntotdm.exe DWram02
O4 - HKLM\..\Run: [lphcn6bj0ec3t] C:\WINDOWS\system32\lphcn6bj0ec3t.exe
O4 - HKCU\..\Run: [kfdqhqjx] C:\WINDOWS\system32\zwjyzqbm.exe
O4 - HKCU\..\Run: [Hquvx] "C:\Program Files\Common Files\?racle\?canregw.exe"
O4 - HKCU\..\Run: [ygntkywr] C:\WINDOWS\system32\rqdudijk.exe
O4 - HKCU\..\Run: [mhnznzej] C:\WINDOWS\system32\vmlytihq.exe
O4 - HKLM\..\Policies\Explorer\Run: [ktz9iqkS0K] C:\Documents and Settings\All Users\Application Data\nuxmfmpy\zefghmdg.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\pcntotdm.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O21 - SSODL: MonUtilSh - {59F18BC1-178F-1E26-FAC0-03821CB3454F} - C:\Program Files\nvtkmz\MonUtilSh.dll
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe service

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

@echo off
sc stop PlugPlayRPC
sc delete PlugPlayRPC
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file Posted Image

Then run fix.bat by double clicking you may see a black box appear this is normal

NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\vmlytihq.exe
    C:\Program Files\rhcj6bj0ec3t
    C:\WINDOWS\SYSTEM32\pphcn6bj0ec3t.exe
    C:\WINDOWS\system32\yszaevl.dll
    C:\WINDOWS\system32\pjmbcwrtdiiit.dll
    C:\WINDOWS\system32\lphcn6bj0ec3t.exe
    C:\WINDOWS\system32\pcntotdm.exe
    C:\WINDOWS\system32\zwjyzqbm.exe
    C:\WINDOWS\system32\rqdudijk.exe
    C:\Documents and Settings\All Users\Application Data\nuxmfmpy
    C:\WINDOWS\SYSTEM32\pcntotdm.exe
    C:\Program Files\nvtkmz
    c:\windows\system32\drivers\mountmgrr.sys 
    C:\WINDOWS\system32\pphcn6bj0ec3t.exe
    C:\WINDOWS\system32\blphcn6bj0ec3t.scr  
    C:\WINDOWS\system32\lphcn6bj0ec3t.exe
    C:\WINDOWS\system32\winpfz33.sys
    C:\WINDOWS\system32\cclehaobvgzjaxta.exe
    C:\WINDOWS\system32\g59.exe
    C:\WINDOWS\RE9NSU5JS1VF
    C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t
    C:\WINDOWS\system32\tfig
    C:\WINDOWS\system32\net
    C:\WINDOWS\system32\cREG
    C:\WINDOWS\system32\olixds06
    C:\Program Files\nvtkmz
    C:\WINDOWS\system32\hljwugsf.bin
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\ktz9iqkS0K
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\MonUtilSh
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Logs required : OTMoveit and Combofix
  • 0

#5
jmailf

jmailf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTMoveIt2 by OldTimer.


File/Folder C:\WINDOWS\system32\vmlytihq.exe not found.
Folder move failed. C:\Program Files\rhcj6bj0ec3t scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\pphcn6bj0ec3t.exe moved successfully.
File/Folder C:\WINDOWS\system32\yszaevl.dll not found.
File/Folder C:\WINDOWS\system32\pjmbcwrtdiiit.dll not found.
C:\WINDOWS\system32\lphcn6bj0ec3t.exe moved successfully.
File/Folder C:\WINDOWS\system32\pcntotdm.exe not found.
File/Folder C:\WINDOWS\system32\zwjyzqbm.exe not found.
File/Folder C:\WINDOWS\system32\rqdudijk.exe not found.
C:\Documents and Settings\All Users\Application Data\nuxmfmpy moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\pcntotdm.exe not found.
C:\Program Files\nvtkmz moved successfully.
File/Folder c:\windows\system32\drivers\mountmgrr.sys not found.
File/Folder C:\WINDOWS\system32\pphcn6bj0ec3t.exe not found.
C:\WINDOWS\system32\blphcn6bj0ec3t.scr moved successfully.
File/Folder C:\WINDOWS\system32\lphcn6bj0ec3t.exe not found.
C:\WINDOWS\system32\winpfz33.sys moved successfully.
C:\WINDOWS\system32\cclehaobvgzjaxta.exe moved successfully.
C:\WINDOWS\system32\g59.exe moved successfully.
C:\WINDOWS\RE9NSU5JS1VF moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\Packages moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine\Autorun moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t\Quarantine moved successfully.
C:\Documents and Settings\DOMINIKUE\Application Data\rhcj6bj0ec3t moved successfully.
C:\WINDOWS\system32\tfig moved successfully.
C:\WINDOWS\system32\net moved successfully.
C:\WINDOWS\system32\cREG moved successfully.
C:\WINDOWS\system32\olixds06 moved successfully.
File/Folder C:\Program Files\nvtkmz not found.
C:\WINDOWS\system32\hljwugsf.bin moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\ktz9iqkS0K >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\ktz9iqkS0K not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\MonUtilSh >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\MonUtilSh not found.
< Purity >
C:\WINDOWS\system32\Μicrosoft.NET\Μicrosoft.NET moved successfully.
C:\WINDOWS\system32\Μicrosoft.NET moved successfully.
C:\Program Files\Common Files\Оracle moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_133823





ComboFix log

ComboFix 08-07-05.1 - DOMINIKUE 2008-07-06 14:04:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\DOMINIKUE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\DOMINIKUE\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\rhcj6bj0ec3t
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\444.470
C:\WINDOWS\444.471
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\phcn6bj0ec3t.bmp

----- BITS: Possible infected sites -----

hxxp://80.93.48.89
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4


((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-06 13:38 . 2008-07-06 13:38 <DIR> d-------- C:\_OTMoveIt
2008-07-06 13:27 . 2008-07-06 13:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-06 12:24 . 2008-07-06 12:24 <DIR> d-------- C:\Deckard
2008-07-06 04:18 . 2008-07-06 04:18 <DIR> d-------- C:\Program Files\Panda Security
2008-07-06 04:18 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-07-06 03:20 . 2008-07-06 03:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 03:20 . 2008-07-06 03:20 <DIR> d-------- C:\Documents and Settings\DOMINIKUE\Application Data\SUPERAntiSpyware.com
2008-07-06 03:20 . 2008-07-06 03:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 03:19 . 2008-07-06 03:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 03:17 . 2008-07-06 04:10 94,208 --a------ C:\WINDOWS\SYSTEM32\92.tmp
2008-07-06 03:17 . 2008-07-06 04:10 94,208 --a------ C:\WINDOWS\SYSTEM32\91.tmp
2008-07-06 03:17 . 2008-07-06 03:17 94,208 --a------ C:\WINDOWS\SYSTEM32\90.tmp
2008-07-06 02:55 . 2008-07-06 02:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 02:55 . 2008-07-06 02:55 <DIR> d-------- C:\Documents and Settings\DOMINIKUE\Application Data\Malwarebytes
2008-07-06 02:55 . 2008-07-06 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 02:55 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-07-06 02:55 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-06 02:08 . 2008-07-06 02:08 <DIR> d-------- C:\Documents and Settings\DOMINIKUE\Application Data\AdobeUM
2008-07-06 02:07 . 2008-07-06 02:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 01:23 . 2008-07-06 03:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\5343
2008-07-06 01:19 . 2008-07-06 01:19 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 00:23 . 2008-07-06 00:23 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-06 00:22 . 2008-07-06 00:22 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-07-06 00:22 . 2008-07-06 00:22 4,286 --a------ C:\WINDOWS\SYSTEM32\Jamster.ico
2008-07-06 00:12 . 2008-07-06 04:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\1030
2008-07-06 00:12 . 2008-07-06 00:12 <DIR> d-------- C:\Temp\stmpv4
2008-07-06 00:12 . 2008-07-06 14:05 <DIR> d-------- C:\Temp
2008-07-06 00:11 . 2008-07-06 00:11 <DIR> d-------- C:\Program Files\uTorrent
2008-07-06 00:11 . 2008-07-06 00:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-06 00:11 . 2008-07-06 03:14 <DIR> d-------- C:\Documents and Settings\DOMINIKUE\Application Data\uTorrent
2008-06-12 10:58 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
2008-06-12 10:58 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 20:42 --------- d-----w C:\Documents and Settings\DOMINIKUE\Application Data\Skype
2008-06-05 01:18 --------- d-----w C:\Program Files\McAfee
2008-06-05 01:18 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2008-06-05 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-05 01:17 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-05 00:47 --------- d-----w C:\Documents and Settings\FAMILY\Application Data\AVG7
2008-06-05 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-04 15:39 --------- d-----w C:\Documents and Settings\DOMINIKUE\Application Data\AVG7
2008-06-01 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2005-05-26 19:28 39,504 ----a-w C:\Documents and Settings\FAMILY\Application Data\GDIPFONTCACHEV1.DAT
2005-03-01 09:09 39,504 ----a-w C:\Documents and Settings\DOMINIKUE\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Documents and Settings\DOMINIKUE\Local Settings\Application Data\Skype\Phone\Skype.exe" [2006-07-20 20:28 20045864]
"MySpaceIM"="C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe" [2008-02-01 15:32 8699904]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-05-06 16:52 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-05-06 16:48 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-11-12 12:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-12 12:18 77824]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 15:45 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 15:45 131072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 17:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-11-25 11:36 1232946]
"RtWLan"="C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe" [2005-03-24 17:13 491520]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 20:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
"SMSERIAL"="sm56hlpr.exe" [2004-01-28 06:42 565248 C:\WINDOWS\sm56hlpr.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-11-12 12:17:41 36953]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-16 13:06:07 784912]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2005-10-24 09:26:16 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Documents and Settings\\DOMINIKUE\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\DOMINIKUE\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-03-23 22:39]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-03-24 02:48]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-01 15:57]
S1 MOUNTMGRR;MOUNTMGRR;C:\WINDOWS\system32\drivers\MOUNTMGRR.sys []

.
Contents of the 'Scheduled Tasks' folder
"2004-12-29 11:45:00 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-dell software - C:\software\dell software.exe
HKLM-Run-RegistryMechanic - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 14:11:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-07-06 14:15:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 19:15:32

Pre-Run: 15,627,935,744 bytes free
Post-Run: 15,757,156,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

177 --- E O F --- 2008-06-25 22:36:57



HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:01 PM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\DOMINIKUE\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.8:3128
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RtWLan] C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\DOMINIKUE\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151985526154
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3B4B765-65DD-4C91-A7B1-B97B2B3224EC}: NameServer = 192.168.1.1,4.2.2.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8434 bytes
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nearly done - how is your system now ?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
MOUNTMGRR

File::
C:\WINDOWS\SYSTEM32\92.tmp
C:\WINDOWS\SYSTEM32\91.tmp
C:\WINDOWS\SYSTEM32\90.tmp
C:\WINDOWS\system32\drivers\MOUNTMGRR.sys

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : MBAM and Combofix
  • 0

#7
jmailf

jmailf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
ComboFix log

ComboFix 08-07-05.1 - DOMINIKUE 2008-07-06 15:58:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.151 [GMT -5:00]
Running from: C:\Documents and Settings\DOMINIKUE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\DOMINIKUE\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\SYSTEM32\90.tmp
C:\WINDOWS\SYSTEM32\91.tmp
C:\WINDOWS\SYSTEM32\92.tmp
C:\WINDOWS\system32\drivers\MOUNTMGRR.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\90.tmp
C:\WINDOWS\SYSTEM32\91.tmp
C:\WINDOWS\SYSTEM32\92.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MOUNTMGRR
-------\Service_MOUNTMGRR


((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-06 13:38 . 2008-07-06 13:38 <DIR> d-------- C:\_OTMoveIt
2008-07-06 13:27 . 2008-07-06 13:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-06 12:24 . 2008-07-06 12:24 <DIR> d-------- C:\Deckard
2008-07-06 04:18 . 2008-07-06 04:18 <DIR> d-------- C:\Program Files\Panda Security
2008-07-06 04:18 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-07-06 03:20 . 2008-07-06 03:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 03:20 . 2008-07-06 03:20 <DIR> d-------- C:\Documents and Settings\DOMINIKUE\Application Data\SUPERAntiSpyware.com
2008-07-06 03:20 . 2008-07-06 03:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 03:19 . 2008-07-06 03:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 02:55 . 2008-07-06 02:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 02:55 . 2008-07-06 02:55 <DIR> d-------- C:\Documents and Settings\DOMINIKUE\Application Data\Malwarebytes
2008-07-06 02:55 . 2008-07-06 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 02:55 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-07-06 02:55 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-06 02:08 . 2008-07-06 02:08 <DIR> d-------- C:\Documents and Settings\DOMINIKUE\Application Data\AdobeUM
2008-07-06 02:07 . 2008-07-06 02:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 01:23 . 2008-07-06 03:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\5343
2008-07-06 01:19 . 2008-07-06 01:19 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 00:23 . 2008-07-06 00:23 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-06 00:22 . 2008-07-06 00:22 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-07-06 00:22 . 2008-07-06 00:22 4,286 --a------ C:\WINDOWS\SYSTEM32\Jamster.ico
2008-07-06 00:12 . 2008-07-06 04:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\1030
2008-07-06 00:12 . 2008-07-06 00:12 <DIR> d-------- C:\Temp\stmpv4
2008-07-06 00:12 . 2008-07-06 14:05 <DIR> d-------- C:\Temp
2008-07-06 00:11 . 2008-07-06 00:11 <DIR> d-------- C:\Program Files\uTorrent
2008-07-06 00:11 . 2008-07-06 00:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-06 00:11 . 2008-07-06 03:14 <DIR> d-------- C:\Documents and Settings\DOMINIKUE\Application Data\uTorrent
2008-06-12 10:58 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
2008-06-12 10:58 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 20:42 --------- d-----w C:\Documents and Settings\DOMINIKUE\Application Data\Skype
2008-06-05 01:18 --------- d-----w C:\Program Files\McAfee
2008-06-05 01:18 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2008-06-05 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-05 01:17 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-05 00:47 --------- d-----w C:\Documents and Settings\FAMILY\Application Data\AVG7
2008-06-05 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-04 15:39 --------- d-----w C:\Documents and Settings\DOMINIKUE\Application Data\AVG7
2008-06-01 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2005-05-26 19:28 39,504 ----a-w C:\Documents and Settings\FAMILY\Application Data\GDIPFONTCACHEV1.DAT
2005-03-01 09:09 39,504 ----a-w C:\Documents and Settings\DOMINIKUE\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_14.15.19.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 19:10:20 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-07-06 21:02:11 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Documents and Settings\DOMINIKUE\Local Settings\Application Data\Skype\Phone\Skype.exe" [2006-07-20 20:28 20045864]
"MySpaceIM"="C:\Documents and Settings\DOMINIKUE\Application Data\MySpace\IM\bin\MySpaceIM.exe" [2008-02-01 15:32 8699904]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-05-06 16:52 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-05-06 16:48 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-11-12 12:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-12 12:18 77824]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 15:45 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 15:45 131072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 17:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-11-25 11:36 1232946]
"RtWLan"="C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe" [2005-03-24 17:13 491520]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 20:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
"SMSERIAL"="sm56hlpr.exe" [2004-01-28 06:42 565248 C:\WINDOWS\sm56hlpr.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-11-12 12:17:41 36953]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-16 13:06:07 784912]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2005-10-24 09:26:16 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Documents and Settings\\DOMINIKUE\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\DOMINIKUE\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-03-23 22:39]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-03-24 02:48]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-01 15:57]

.
Contents of the 'Scheduled Tasks' folder
"2004-12-29 11:45:00 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 16:02:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-07-06 16:07:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 21:07:17
ComboFix2.txt 2008-07-06 19:15:37

Pre-Run: 15,748,431,872 bytes free
Post-Run: 15,739,273,216 bytes free

163 --- E O F --- 2008-06-25 22:36:57


Malware log

Malwarebytes' Anti-Malware 1.19
Database version: 926
Windows 5.1.2600 Service Pack 2

4:13:20 PM 7/6/2008
mbam-log-7-6-2008 (16-13-20).txt

Scan type: Quick Scan
Objects scanned: 40030
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\DOMINIKUE\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
  • 0

#8
jmailf

jmailf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Just wanted to say thanks and Everything seems to be running better.............hope it is fixed now........let me know if something else needs to be done to this computer before we begin on the other one.....
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One down one to go :)

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


SYSTEM TWO

What are the problems on this one ?

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#10
jmailf

jmailf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Ok this computer is done......Do I uninstall the Spyhunter software?

On computer 2 I would get on the internet there but for some reason I can no longer access the internet, I do have a connection but internet explorer says it is unable to open pages
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Do I uninstall the Spyhunter software

Only if you want to

On computer 2 I would get on the internet there but for some reason I can no longer access the internet, I do have a connection but internet explorer says it is unable to open pages

Can you use Firefox, or transfer DSS via a USB ?
  • 0

#12
jmailf

jmailf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
can transfer using USB drive......
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you will need to trnsfer the results back to post here.. I am off to bed now so I will look tomorrow PM
  • 0

#14
jmailf

jmailf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Problems with computer 2

same as computer 1 with exception that computer 2 can not access internet

Here are the logs you asked for:

Main log

Deckard's System Scanner v20071014.68
Run by Julian on 2008-07-06 16:40:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
115: 2008-07-06 21:41:00 UTC - RP435 - Deckard's System Scanner Restore Point
114: 2008-07-06 18:44:45 UTC - RP434 - Installed SUPERAntiSpyware Free Edition
113: 2008-07-06 08:01:13 UTC - RP433 - Software Distribution Service 3.0
112: 2008-07-06 06:04:29 UTC - RP432 - Software Distribution Service 3.0
111: 2008-07-06 02:17:28 UTC - RP431 - Restore Operation


-- First Restore Point --
1: 2008-06-25 03:51:57 UTC - RP321 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-06 16:47:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\pphccrfj0en7l.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Documents and Settings\Julian\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
F0 - system.ini: Shell=explorer.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMrhc9rfj0en7l] C:\Program Files\rhc9rfj0en7l\rhc9rfj0en7l.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Julian\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LaunchList] F:\software\Pinnacle.studio.v11-MAGNiTUDE\LaunchList2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://pch.com (HKCU)
O15 - Trusted Zone: https://piratebay.org (HKCU)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {3585526B-10F8-07A3-55D1-B5777145E1E6} () - http://performanceop...ng/SoftInst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1133303056875
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143396802549
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{76CF95E2-1B44-4302-8788-B113A67F8FF5}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - \webcheck.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\Pclepci.sys
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe


--
End of file - 15297 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 WIBUKEY (WIBU-KEY Kernel Driver) - c:\windows\system32\drivers\wibukey.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 HCWBT8xx (Hauppauge WinTV 848/9 WDM Video Driver) - c:\windows\system32\drivers\hcwbt8xx.sys <Not Verified; Hauppauge Computer Works; WinTV WDM Driver>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\program files\ivt corporation\bluesoleil\device\win2k\btnetfilter.sys
S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe (file missing)
S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
S3 AdobeVersionCue - c:\program files\adobe\adobe version cue\service\versioncue.exe <Not Verified; Adobe Sytems; Adobe Version Cue™>
S3 Odsppppdmpu -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth AV Audio
Device ID: ROOT\MEDIA\0000
Manufacturer: IVT Corporation.
Name: Bluetooth AV Audio
PNP Device ID: ROOT\MEDIA\0000
Service:

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: mcdbus


-- Scheduled Tasks -------------------------------------------------------------

2008-07-06 16:00:00 266 --ah----- C:\WINDOWS\Tasks\8EA3D9DF83647E37.job
2008-07-05 22:53:25 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-01 01:00:18 334 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-06-25 18:08:16 342 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 16:32:30 0 --a------ C:\WINDOWS\system32\pphccrfj0en7l.exe
2008-07-06 13:45:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 13:44:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 13:44:48 0 d-------- C:\Documents and Settings\Julian\Application Data\SUPERAntiSpyware.com
2008-07-06 13:43:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 21:29:31 0 d-------- C:\Program Files\Spyware Doctor
2008-07-05 21:29:31 0 d-------- C:\Documents and Settings\Julian\Application Data\PC Tools
2008-07-05 21:29:11 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-05 21:14:45 0 d-------- C:\Documents and Settings\Julian\Application Data\rhc9rfj0en7l
2008-07-05 17:50:33 0 d-------- C:\Program Files\rhc9rfj0en7l
2008-07-04 12:44:32 0 d-------- C:\Program Files\XviD
2008-07-04 12:43:07 120320 --a------ C:\WINDOWS\system32\apexchanger.exe
2008-07-04 12:43:07 109568 --a------ C:\WINDOWS\system32\apex3gp.exe
2008-07-04 12:43:06 4755968 --a------ C:\WINDOWS\system32\apexconverter.exe
2008-07-04 12:43:04 61440 --a------ C:\WINDOWS\system32\cygz.dll
2008-07-04 12:43:04 1295582 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-07-04 12:43:04 86016 --a------ C:\WINDOWS\system32\AddiTunes.exe
2008-07-04 12:43:03 626688 --a------ C:\WINDOWS\system32\NCTImageFile.dll <Not Verified; Online Media Technologies Ltd.; NCTImageFile ActiveX DLL>
2008-07-04 12:43:02 249856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
2008-07-04 12:43:01 764416 --a------ C:\WINDOWS\system32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2008-07-04 12:43:00 495104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
2008-07-04 12:42:59 382464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
2008-07-04 12:42:58 780288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
2008-07-04 12:42:58 90112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-07-04 12:42:57 2846720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-07-04 12:42:56 312320 --a------ C:\WINDOWS\system32\NCTVideoView.dll <Not Verified; Online Media Technologies Ltd.; NCTVideoView ActiveX DLL>
2008-07-04 12:42:56 188416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
2008-07-04 12:42:55 778240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
2008-07-04 12:42:54 215552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
2008-07-04 12:42:47 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-07-04 12:42:47 0 d-------- C:\WINDOWS\system32\RMBin
2008-07-04 12:42:46 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-07-04 12:42:46 147456 --a------ C:\WINDOWS\system32\viscomqtenc.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-07-04 12:42:42 0 d-------- C:\Program Files\Apex
2008-06-29 20:53:36 0 d-------- C:\NVIDIA
2008-06-29 20:50:40 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-28 20:07:14 401408 --a------ C:\WINDOWS\system32\pvmjpg30.dll <Not Verified; Pegasus Imaging Corporation; PICVideo Codec Suite>
2008-06-28 20:07:05 1712128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-28 20:05:47 233472 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2008-06-28 20:05:46 184320 -----n--- C:\WINDOWS\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2008-06-28 20:05:46 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2008-06-28 20:05:46 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2008-06-28 20:05:46 41984 --a------ C:\WINDOWS\system32\cacheX.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2008-06-28 20:05:46 126976 -----n--- C:\WINDOWS\system32\AVIPrAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2008-06-28 20:05:20 884736 -----n--- C:\WINDOWS\system32\LMUIRes.dll <Not Verified; Fellowes, Inc.; MediaFACE>
2008-06-28 20:05:20 12288 -----n--- C:\WINDOWS\system32\LMLRes.dll <Not Verified; Fellowes, Inc.; MediaFACE>
2008-06-28 20:00:22 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2008-06-28 20:00:22 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-06-28 19:58:16 138752 --a------ C:\WINDOWS\system32\mase32.dll
2008-06-28 19:58:16 57856 --a------ C:\WINDOWS\system32\masd32.dll
2008-06-28 19:58:16 136192 --a------ C:\WINDOWS\system32\mamc32.dll <Not Verified; ; MAMC32 Dynamic Link Library>
2008-06-28 19:58:16 196096 --a------ C:\WINDOWS\system32\macd32.dll <Not Verified; ; MACD32 Dynamic Link Library>
2008-06-28 19:58:16 27648 --a------ C:\WINDOWS\system32\ma32.dll
2008-06-28 19:53:01 171520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
2008-06-28 19:52:59 41219 --a------ C:\WINDOWS\RSETPATH.exe <Not Verified; Pinnacle Systems; Pinnacle Systems RSETPATH>
2008-06-28 19:51:58 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2008-06-28 19:48:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-06-26 22:53:11 0 d-------- C:\Documents and Settings\Julian\Application Data\FunWebProducts
2008-06-25 23:05:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-06-25 18:23:41 0 d-------- C:\Documents and Settings\Julian\Application Data\McAfee
2008-06-25 18:14:12 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-25 18:14:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-25 18:13:50 0 d-------- C:\Program Files\SiteAdvisor
2008-06-25 18:13:49 0 d-------- C:\Documents and Settings\Julian\Application Data\SiteAdvisor
2008-06-25 18:13:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-25 18:12:17 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-06-25 18:07:48 0 d-------- C:\Program Files\McAfee.com
2008-06-25 18:07:37 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-25 18:07:25 0 d-------- C:\Program Files\McAfee
2008-06-25 17:46:08 52 --a------ C:\smp.bat
2008-06-25 16:16:21 0 d-------- C:\Documents and Settings\Julian\Application Data\Malwarebytes
2008-06-25 16:07:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 15:41:20 81920 -----n--- C:\WINDOWS\system32\prhifswm.dll
2008-06-25 15:41:12 91136 -----n--- C:\WINDOWS\system32\bsvajqkq.dll
2008-06-24 23:55:03 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-24 22:55:59 81920 -----n--- C:\WINDOWS\system32\mklfmtng.dll
2008-06-24 22:51:23 0 d-------- C:\Program Files\AVG
2008-06-24 22:51:23 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-24 21:28:53 0 d-------- C:\Program Files\Panda Security
2008-06-24 18:52:56 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-24 18:45:00 19456 -----n--- C:\WINDOWS\system32\nada64.dll
2008-06-24 17:43:15 0 d-------- C:\Documents and Settings\Julian\Application Data\U3
2008-06-18 21:23:31 0 d-------- C:\Program Files\FlashFXP
2008-06-08 17:21:44 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-08 17:21:43 0 d-------- C:\Documents and Settings\Julian\Application Data\MSN6


-- Find3M Report ---------------------------------------------------------------

2008-07-06 16:32:03 0 d-------- C:\Program Files\Trojan Remover
2008-07-06 13:43:21 0 d-------- C:\Program Files\Common Files
2008-07-04 14:05:37 3532 --a------ C:\drmHeader.bin
2008-07-04 01:23:53 0 d-------- C:\Documents and Settings\Julian\Application Data\Adobe
2008-06-28 20:04:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 19:58:17 95 --a------ C:\AUTOEXEC.BAT
2008-06-24 23:03:42 0 d-------- C:\Program Files\Enigma Software Group
2008-06-24 21:19:15 0 d-------- C:\Program Files\FreeCDRipper
2008-06-24 21:18:14 0 d-------- C:\Program Files\Magic Video Converter
2008-06-24 18:37:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-15 12:57:11 0 d-------- C:\Program Files\BitComet
2008-05-21 12:22:52 99714 --a------ C:\WINDOWS\system32\scvhost
2008-05-12 15:48:43 0 d-------- C:\Documents and Settings\Julian\Application Data\iPod Copy Expert
2008-04-24 17:58:47 30 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 06:05 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [11/06/2001 10:49 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/26/2005 10:18 PM]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [03/25/2004 12:35 PM]
"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [08/14/2004 04:42 AM]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" []
"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [05/11/2007 08:01 PM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [06/10/2007 05:38 PM]
"medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [03/07/2007 12:53 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"SMrhc9rfj0en7l"="C:\Program Files\rhc9rfj0en7l\rhc9rfj0en7l.exe" [07/05/2008 02:44 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [07/05/2008 09:32 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [12/20/2006 06:47 PM]
"iolo Task Agent"="C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe" [10/25/2001 02:20 PM]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [12/20/2006 06:47 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Startup Manager"="C:\Documents and Settings\Julian\Application Data\Systweak\ASO 2\smstartUp manager.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"LaunchList"="F:\software\Pinnacle.studio.v11-MAGNiTUDE\LaunchList2.exe" [03/21/2007 03:41 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/5/2005 2:18:07 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22446830-3ec2-11dd-ba4c-0011675e65a6}]
AutoRun\command- I:\JDSecure\Windows\JDSecure31.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1C044368-E58A-8CB0-0108-080707010102}]
C:\WINDOWS\system32\scvhost.exe



-- End of Deckard's System Scanner: finished at 2008-07-06 16:50:18 ------------



Extra log


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 767.53 MiB / 301.04 MiB
Pagefile Memory (total/avail): 1877.87 MiB / 1446.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.54 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 14.5 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 114.49 GiB total, 22.36 GiB free.
G: is Fixed (FAT32) - 76.66 GiB total, 36.09 GiB free.
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 4D080H4 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor 6Y120L0 - 114.5 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 114.49 GiB - F:

\\.\PHYSICALDRIVE2 - ExcelSto r Technology J68 USB Device - 76.69 GiB - 1 partition
\PARTITION0 - 16-bit FAT - 76.69 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Deep Sea Tycoon\\ut.exe"="C:\\Program Files\\Deep Sea Tycoon\\ut.exe:*:Enabled:ut"
"C:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe"="C:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe:*:Disabled:Luxor"
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\TorrentQ\\TorrentQ.exe"="C:\\Program Files\\TorrentQ\\TorrentQ.exe:*:Enabled:Torrent P2P application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\software\\fantasy football.exe"="F:\\software\\fantasy football.exe:*:Enabled:fantasy football"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\RM.exe"="F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\RM.exe:*:Enabled:Render Manager"
"F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\Studio.exe"="F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\Studio.exe:*:Enabled:Studio"
"F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\PMSRegisterFile.exe"="F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\umi.exe"="F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\umi.exe:*:Enabled:umi"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Julian\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LOREDOFLORES
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Julian
INCLUDE=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
LIB=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
LOGONSERVER=\\LOREDOFLORES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Julian\LOCALS~1\Temp
TMP=C:\DOCUME~1\Julian\LOCALS~1\Temp
USERDOMAIN=LOREDOFLORES
USERNAME=Julian
USERPROFILE=C:\Documents and Settings\Julian
VS71COMNTOOLS=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Julian (admin)
Lisa (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe PageMaker Plug-in Pack --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{12345678-1234-1234-1234-123456789ABC}\zidxp.exe"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced System Optimizer 2.10 --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Advanced X Video Converter --> "C:\Program Files\XVideoConverter\unins000.exe"
Allok 3GP PSP MP4 iPod Video Converter 4.2.0709 --> "C:\Program Files\PSPVideo Converter\unins000.exe"
AntivirXP08 --> "C:\Program Files\rhc9rfj0en7l\uninstall.exe"
Apex Free 3GP Video Converter 6.33 --> "C:\Program Files\Apex\Apex Free 3GP Video Converter\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bejeweled 2 Deluxe --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
BitComet 0.90 --> C:\Program Files\BitComet\uninst.exe
Blast! Software 500 Fonts --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Blast! Software\500 Fonts\Uninst.isu"
BlueSoleil --> MsiExec.exe /X{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CiD Help --> C:\DOCUME~1\Julian\APPLIC~1\CREATI~1\Greymfcd.exe -uninstall
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Craxtion4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16ACC3B-A84E-46B2-B6B4-0E088A94A944}\setup.exe" -l0x9 -removeonly
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2 --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://games.espn.go...-check.jarjnlp"
FlashFXP v3 --> "C:\Program Files\FlashFXP\unins000.exe"
  • 0

#15
jmailf

jmailf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I don't know why it didn't show everthing off of the extra log but here it is

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe PageMaker Plug-in Pack --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{12345678-1234-1234-1234-123456789ABC}\zidxp.exe"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced System Optimizer 2.10 --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Advanced X Video Converter --> "C:\Program Files\XVideoConverter\unins000.exe"
Allok 3GP PSP MP4 iPod Video Converter 4.2.0709 --> "C:\Program Files\PSPVideo Converter\unins000.exe"
AntivirXP08 --> "C:\Program Files\rhc9rfj0en7l\uninstall.exe"
Apex Free 3GP Video Converter 6.33 --> "C:\Program Files\Apex\Apex Free 3GP Video Converter\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bejeweled 2 Deluxe --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
BitComet 0.90 --> C:\Program Files\BitComet\uninst.exe
Blast! Software 500 Fonts --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Blast! Software\500 Fonts\Uninst.isu"
BlueSoleil --> MsiExec.exe /X{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CiD Help --> C:\DOCUME~1\Julian\APPLIC~1\CREATI~1\Greymfcd.exe -uninstall
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Craxtion4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16ACC3B-A84E-46B2-B6B4-0E088A94A944}\setup.exe" -l0x9 -removeonly
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2 --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://games.espn.go...-check.jarjnlp"
FlashFXP v3 --> "C:\Program Files\FlashFXP\unins000.exe"
FormFlow 99 Filler --> C:\Program Files\FormFlow\setupinf\bxg8sps\_unin.exe
Hauppauge English Help Files and Resources --> C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG
Hauppauge WinTV Scheduler --> C:\PROGRA~1\WinTV\SCHEDU~1\UNWISE.EXE C:\PROGRA~1\WinTV\SCHEDU~1\INSTALL.LOG
Hauppauge WinTV Soft PVR --> C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG
Hauppauge WinTV Source Selector --> C:\PROGRA~1\WinTV\UNtvsel.EXE C:\PROGRA~1\WinTV\WINTVsel.LOG
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
hp deskjet 920c series (Remove only) --> C:\Program Files\hp deskjet 920c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=920c -huninstall
Instant Photo Effects 2.0 --> C:\Program Files\Instant Photo Effects 2\Uninstall.exe
iolo technologies' System Mechanic Professional 6 --> "C:\Program Files\iolo\System Mechanic Professional 6\UninstallSMPro.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 3.8.0 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware --> "F:\software\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Memorex exPressit Label Design Studio --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Metallic Shades 2.0 Visual Style --> C:\WINDOWS\MetShadesUninst.exe
MGI VideoWave III (Remove Only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\VideoWave\Uninst.isu"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{91510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual Studio .NET Professional 2003 - English --> "C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Professional 2003 - English\setup.exe" /MaintMode
MixVibes PRO 5 uninstall --> C:\Program Files\MixVibesPro5\uninstall.exe
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola PST --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}\Setup.exe" -l0x9 anything
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Julian\Application Data\Move Networks\ie_bin\Uninst.exe
MSDN Library for Visual Studio .NET 2003 --> MsiExec.exe /I{5757AE1A-1DB4-4898-9806-09F77FBD5E57}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Nero PhotoShow Express --> "C:\Program Files\Nero\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA PureVideo Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
Online Manuals for WinTV (English) --> C:\PROGRA~1\WinTV\UNTVmans.exe C:\PROGRA~1\WinTV\WinTVMan.LOG
PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickSFV (Remove only) --> C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Road Runner Medic 6.1 --> "C:\Program Files\twc\medicsp2\unins000.exe"
SAMSUNG Mobile Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Excel 2007 (KB934670) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD098537-8857-4065-B4B6-AC023CB2C48E}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Sony PSP Media Manager 1.0 --> MsiExec.exe /X{ECB74828-944D-473A-BF6E-FBF596166815}
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Studio 11 --> C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Trojan Remover 6.6.1 --> "C:\Program Files\Trojan Remover\unins000.exe"
TrojanHunter 4.6 --> "C:\Program Files\TrojanHunter 4.6\unins000.exe"
TuneSleeve --> MsiExec.exe /X{D27F50DA-BD86-4F59-A873-6CDD97E622EC}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB933688) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6E692F1-63C2-4760-94C6-C689DCD053F1}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB933493) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {23F2FF76-ABCD-421D-9860-0D0B2999D028}
Update for Outlook 2007 Junk Email Filter (KB934655) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F7185592-E40D-476E-9BC4-38DF96EE176B}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
USB Storage Driver --> DelUIDrv.exe
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebFldrs XP -->
WIBU-KEY Setup (WIBU-KEY Remove) --> C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Desktop Login --> MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4116 / Error
Event Submitted/Written: 07/06/2008 04:33:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc9rfj0en7l.exe, version 0.0.0.0, faulting module rhc9rfj0en7l.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc9rfj0en7l.exe!ws!]

Event Record #/Type4109 / Error
Event Submitted/Written: 07/06/2008 01:42:23 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : explorer: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Event Record #/Type4108 / Error
Event Submitted/Written: 07/06/2008 01:42:20 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : explorer: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Event Record #/Type4106 / Error
Event Submitted/Written: 07/06/2008 03:04:07 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 - Update '{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Event Record #/Type4105 / Error
Event Submitted/Written: 07/06/2008 03:03:54 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32121 / Error
Event Submitted/Written: 07/06/2008 04:34:03 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The My Web Search Service service failed to start due to the following error:
%%3

Event Record #/Type32108 / Error
Event Submitted/Written: 07/06/2008 01:30:02 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk2\D, has a bad block.

Event Record #/Type32107 / Error
Event Submitted/Written: 07/06/2008 01:30:02 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk2\D, has a bad block.

Event Record #/Type32106 / Error
Event Submitted/Written: 07/06/2008 01:30:02 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk2\D, has a bad block.

Event Record #/Type32105 / Error
Event Submitted/Written: 07/06/2008 01:30:02 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk2\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-07-06 16:50:18 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP