Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack log plus active scan reports. [RESOLVED]


  • This topic is locked This topic is locked

#1
Dekky

Dekky

    New Member

  • Member
  • Pip
  • 7 posts
Hi there,

This is my first post here. I believe I followed the steps correctly under the Malware Removal forum. I had some unknown .dll's in my system32 folder. I believe I have got rid of them. Everything comes up clean except for a few things with Active scan.

Also my windows update suddenly turns off every single time I boot up. Can't seem to find anything on that.

Thank you in advance. Here are my logs. Sorry for the super long post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:38 AM, on 7/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7701 bytes


Malwarebytes' Anti-Malware 1.19
Database version: 923
Windows 5.1.2600 Service Pack 3

1:16:32 PM 7/5/2008
mbam-log-7-5-2008 (13-16-32).txt

Scan type: Quick Scan
Objects scanned: 43587
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jkkiigdB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Bdgiikkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Bdgiikkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkKbAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


AntiSpyware was clean.


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-06 04:19:09
PROTECTIONS: 1
MALWARE: 27
SUSPECTS: 2
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029434 spyware/virtumonde Spyware No 1 Yes No c:\windows\system32\appsetup.exe
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{56EA25FA-27F9-4189-99BA-AF39D4B71B99}\RP7\A0003997.exe[SDFix\apps\Process.exe]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.com.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.bs.serving-sys.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.questionmarket.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.atwola.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Hebert\Application Data\Mozilla\Firefox\Profiles\fxwa2350.default\cookies.txt[.ads.addynamix.com/]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{56EA25FA-27F9-4189-99BA-AF39D4B71B99}\RP7\A0003967.exe[327882R2FWJFW\NirCmdC.cfexe]
03205136 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{56EA25FA-27F9-4189-99BA-AF39D4B71B99}\RP101\A0007126.dll
03205213 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20080705-124658-747.dll
03205213 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20080704-123545-235.dll
03205213 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20080704-120024-265.dll
03205213 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20080704-120011-313.dll
03205213 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20080704-121626-854.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\Program Files\Trend Micro\HijackThis\backups\backup-20080704-120011-432.dll
No C:\WINDOWS\system32\daebqbfe.dll
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


I think that's it.

Thanks again.
  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there it looks pretty good :)

Do this for me,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

And finally,

Download the latest version of Java Runtime Environment (JRE) 6 Update 6. Then uninstall any older versions through add or remove programs.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Post back with the logs please :)
  • 0

#3
Dekky

Dekky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes' Anti-Malware 1.19
Database version: 927
Windows 5.1.2600 Service Pack 3

3:44:59 PM 7/6/2008
mbam-log-7-6-2008 (15-44-59).txt

Scan type: Quick Scan
Objects scanned: 43724
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Deckard's System Scanner v20071014.68
Run by Hebert on 2008-07-06 15:05:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
107: 2008-07-06 19:05:33 UTC - RP107 - Deckard's System Scanner Restore Point
106: 2008-07-06 16:03:57 UTC - RP106 - Removed Ad-Aware 2007
105: 2008-07-06 15:57:53 UTC - RP105 - Software Distribution Service 3.0
104: 2008-07-05 17:14:08 UTC - RP104 - Installed SUPERAntiSpyware Free Edition
103: 2008-07-05 17:02:58 UTC - RP103 - July5th


-- First Restore Point --
1: 2008-07-02 19:12:37 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Hebert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:59 PM, on 7/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Documents and Settings\Hebert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hebert.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7623 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080705-140007-441 O2 - BHO: {44d94461-8660-68fa-be84-990088927e6a} - {a6e72988-0099-48eb-af86-066816449d44} - C:\WINDOWS\system32\mzeame.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SI3112r (Silicon Image SiI 3512 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; Medley>
R2 DS1410D - c:\windows\system32\drivers\ds1410d.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>
S2 zumbus (Zune Bus Enumerator Driver) - c:\windows\system32\drivers\zumbus.sys (file missing)
S3 PciCon - e:\pcicon.sys (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CTAudSvcService (Creative Audio Service) - c:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>
R2 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe"
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 Creative Audio Engine Licensing Service - "c:\program files\common files\creative labs shared\service\ctaelicensing.exe" <Not Verified; Creative Labs; Creative Audio Engine Licensing Service>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 12:26:48 0 dr-h----- C:\Documents and Settings\Hebert\Recent
2008-07-06 11:55:43 0 d-------- C:\WINDOWS\LastGood
2008-07-05 13:43:57 0 d-------- C:\Program Files\Panda Security
2008-07-05 13:14:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 13:14:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 13:14:09 0 d-------- C:\Documents and Settings\Hebert\Application Data\SUPERAntiSpyware.com
2008-07-05 13:04:23 0 d-------- C:\Documents and Settings\Hebert\Application Data\Malwarebytes
2008-07-05 13:04:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 13:04:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 13:04:00 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-05 12:49:23 78336 -----n--- C:\WINDOWS\system32\dheujplv.dll
2008-07-05 12:49:18 103424 --a------ C:\WINDOWS\system32\lkxgsmul.dll
2008-07-04 12:19:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-04 12:19:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-04 12:19:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-07-04 12:18:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-04 12:18:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-04 12:18:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-04 12:18:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-04 12:18:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-04 12:18:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-04 12:18:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-04 12:18:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-04 12:18:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-04 12:18:28 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-04 12:18:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-04 12:18:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-04 12:18:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-04 12:18:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-04 12:18:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-04 12:13:18 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-07-04 12:04:54 0 d-------- C:\VundoFix Backups
2008-07-04 12:00:53 78848 -----n--- C:\WINDOWS\system32\kehnlsnd.dll
2008-07-04 11:58:36 103424 --a------ C:\WINDOWS\system32\daebqbfe.dll
2008-07-04 00:33:52 0 d-------- C:\Documents and Settings\Hebert\Application Data\Media Player Classic
2008-07-04 00:32:04 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-04 00:32:03 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-04 00:32:01 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-03 23:01:52 0 d-------- C:\WINDOWS\system32\Release Unicode
2008-07-03 22:59:45 0 d-------- C:\WINDOWS\system32\Release
2008-07-03 22:01:33 0 d-------- C:\Program Files\TVersity Codec Pack
2008-07-03 22:00:02 0 d-------- C:\Program Files\TVersity
2008-07-03 11:02:07 102912 --a------ C:\WINDOWS\system32\xlkfpn.dll
2008-07-03 11:02:06 102912 --a------ C:\WINDOWS\system32\woasarrd.dll
2008-07-02 14:12:30 0 d-------- C:\Documents and Settings\Hebert\Application Data\ESET
2008-07-01 12:50:35 0 d-------- C:\Documents and Settings\Hebert\Application Data\Nero
2008-07-01 01:20:41 0 d-------- C:\Program Files\Red Kawa
2008-06-24 23:55:56 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-24 23:55:31 0 d-------- C:\Program Files\Realtek
2008-06-24 23:55:29 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-24 23:55:29 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-24 17:51:49 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-06-24 17:51:07 102400 --a------ C:\WINDOWS\system32\cttele32.dll <Not Verified; Creative Technology Ltd; Creative Common Proxy Stud>
2008-06-24 16:06:30 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-06-24 16:06:30 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-06-24 16:04:21 0 d-------- C:\Program Files\OpenAL
2008-06-24 16:01:05 77824 -----n--- C:\WINDOWS\system32\ctdvda32.dll <Not Verified; Creative Technology Ltd; Creative DVD-Audio Product>
2008-06-24 15:58:31 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-24 03:15:38 0 d-------- C:\WINDOWS\Prefetch
2008-06-24 02:46:45 0 d-------- C:\Program Files\VIA
2008-06-24 02:46:25 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-06-24 02:29:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-23 21:40:02 0 d-------- C:\WINDOWS\system32\scripting
2008-06-23 21:40:02 0 d-------- C:\WINDOWS\system32\en
2008-06-23 21:40:02 0 d-------- C:\WINDOWS\Network Diagnostic
2008-06-23 21:40:02 0 d-------- C:\WINDOWS\L2Schemas


-- Find3M Report ---------------------------------------------------------------

2008-07-06 15:01:17 0 d-------- C:\Documents and Settings\Hebert\Application Data\GrabIt
2008-07-06 12:04:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 13:04:00 0 d-------- C:\Program Files\Common Files
2008-07-01 13:01:41 0 d-------- C:\Documents and Settings\Hebert\Application Data\Ahead
2008-06-25 14:00:41 0 d-------- C:\Program Files\FrostWire
2008-06-25 11:31:58 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-25 01:13:36 0 d-------- C:\Documents and Settings\Hebert\Application Data\Skype
2008-06-24 23:55:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 16:07:29 183 --a------ C:\WINDOWS\setuplog
2008-06-24 16:06:17 0 d-------- C:\Program Files\Creative
2008-06-24 03:09:24 0 d-------- C:\Program Files\Messenger
2008-06-24 03:08:57 0 d-------- C:\Program Files\Movie Maker
2008-06-24 03:07:01 0 d-------- C:\Program Files\Windows NT
2008-06-24 02:22:06 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-04 13:58:17 0 d-------- C:\Program Files\PartyGaming
2008-06-01 20:24:56 0 d-------- C:\Documents and Settings\Hebert\Application Data\FrostWire
2008-05-26 21:14:43 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-05-26 21:14:27 0 d-------- C:\Program Files\ABBYY FineReader 6.0
2008-05-26 21:14:00 0 d-------- C:\Program Files\Lexmark X6100 Series
2008-05-24 00:30:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-23 18:24:58 0 d-------- C:\Program Files\AirPort
2008-05-23 15:50:46 0 d-------- C:\Program Files\CCleaner
2008-05-23 15:11:53 0 d-------- C:\Program Files\Trend Micro
2008-05-21 21:40:10 0 d-------- C:\Program Files\Warcraft III
2008-05-20 22:47:38 76079 --a------ C:\WINDOWS\War3Unin.dat
2008-05-20 22:33:10 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-20 22:33:10 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-11 00:43:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-09 15:29:00 13312 --a------ C:\WINDOWS\system32\ac3api.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:28:42 2560 --a------ C:\WINDOWS\system32\CtxfiRes.dll <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-09 15:28:42 2560 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-09 15:28:40 39424 --a------ C:\WINDOWS\system32\CTxfiSpk.dll <Not Verified; Creative Technology Ltd; Ctxfispk Dynamic Link Library>
2008-05-09 15:28:40 41984 --a------ C:\WINDOWS\system32\CTxfiBtn.dll <Not Verified; Creative Technology Ltd; CTXFIBTN Dynamic Link Library>
2008-05-09 15:28:38 23040 --a------ C:\WINDOWS\system32\Ctxfihlp.exe <Not Verified; Creative Technology Ltd; CTXfiHlp Application>
2008-05-09 15:24:14 47104 --a------ C:\WINDOWS\system32\CTxfiReg.exe <Not Verified; Creative Technology Ltd; CTXFIREG>
2008-05-09 15:24:12 15360 --a------ C:\WINDOWS\system32\Ct20xspi.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:24:08 1214464 --a------ C:\WINDOWS\system32\CTxfispi.exe <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:15:36 386852 --a------ C:\WINDOWS\system32\ctdnlstr.dat
2008-05-09 15:15:36 51787 --a------ C:\WINDOWS\system32\ctdlang.dat
2008-05-09 15:15:04 201216 --a------ C:\WINDOWS\system32\ctemupia.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:16 194560 --a------ C:\WINDOWS\system32\ct_oal.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:12 50688 --a------ C:\WINDOWS\system32\ctasio.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:10 53248 --a------ C:\WINDOWS\system32\ctdproxy.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:46 74240 --a------ C:\WINDOWS\system32\ctosuser.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:44 10240 --a------ C:\WINDOWS\system32\sfman32.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:42 130560 --a------ C:\WINDOWS\system32\sfms32.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:38 16384 --a------ C:\WINDOWS\system32\regplib.exe
2008-05-09 15:11:36 68608 --a------ C:\WINDOWS\system32\piaproxy.dll <Not Verified; Creative Technology Ltd; E-mu PIA>
2008-05-09 15:08:12 7680 --a------ C:\WINDOWS\system32\enlocstr.exe
2008-05-09 15:08:08 12800 --a------ C:\WINDOWS\system32\killapps.exe <Not Verified; ; killapps>
2008-05-09 15:07:24 36864 --a------ C:\WINDOWS\system32\devreg.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-05 15:17:26 585416 --a------ C:\WINDOWS\system32\APOIM32.exe <Not Verified; Creative Technology Ltd; Creative Audio Processing Object Interface Module>
2008-04-14 01:06:03 32653 --a------ C:\WINDOWS\scunin.dat
2008-04-14 01:06:01 967 --a------ C:\WINDOWS\ScUnin.pif
2008-04-14 01:06:01 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [04/19/2004 09:19 AM]
"CTHelper"="CTHELPER.EXE" [12/12/2006 10:46 AM C:\WINDOWS\system32\CtHelper.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/13/2007 01:58 AM]
"nwiz"="nwiz.exe" [03/13/2007 01:58 AM C:\WINDOWS\system32\nwiz.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 12:09 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [07/25/2003 10:58 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/13/2007 01:58 AM]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00 AM]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [06/16/2005 06:25 PM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [06/16/2005 06:25 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"CTxfiHlp"="CTXFIHLP.EXE" [05/09/2008 03:28 PM C:\WINDOWS\system32\Ctxfihlp.exe]
"RTHDCPL"="RTHDCPL.EXE" [11/22/2007 04:40 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [03/13/2008 04:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [08/26/2007 06:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Hebert\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [6/24/2003 2:31:35 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [8/26/2007 7:00:11 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [3/21/1999 9:00:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/06/2008 11:32 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07/06/2008 11:33 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\System32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - PAVBOOT
*Newly Created Service* - SASDIFSV



-- End of Deckard's System Scanner: finished at 2008-07-06 15:07:43 ------------
  • 0

#4
Dekky

Dekky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2047.23 MiB / 1549.7 MiB
Pagefile Memory (total/avail): 3943.46 MiB / 3601.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1870.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 35.2 GiB free.
D: is Fixed (NTFS) - 37.26 GiB total, 36.65 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380013AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD400JB-00ENA0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Hebert\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GREG-H
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Hebert
LOGONSERVER=\\GREG-H
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Hebert\LOCALS~1\Temp
TMP=C:\DOCUME~1\Hebert\LOCALS~1\Temp
USERDOMAIN=GREG-H
USERNAME=Hebert
USERPROFILE=C:\Documents and Settings\Hebert
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Hebert (admin)
Jesmer (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Silicon Image Raid\Uninst.isu"
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Autodesk DirectConnect 2.0 --> MsiExec.exe /I{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
GLOBEtrotter FLEXid Drivers --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
GrabIt 1.7.1 Beta (build 960) --> "C:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.9.5 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Lexmark X6100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBFUN5C.EXE -dLexmark X6100 Series
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Maya 2008 --> MsiExec.exe /I{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}
Maya 2008 Documentation (en_US) --> MsiExec.exe /I{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nostromo Array Programming Software --> MsiExec.exe /X{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\OALInst.exe" /U
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
Print to Fax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TVersity Codec Pack 1.2 --> C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.0.0.2 RC1 --> C:\Program Files\TVersity\Media Server\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type13254 / Success
Event Submitted/Written: 07/06/2008 00:01:12 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13239 / Error
Event Submitted/Written: 07/05/2008 00:50:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.62306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13233 / Success
Event Submitted/Written: 07/05/2008 00:30:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13217 / Success
Event Submitted/Written: 07/04/2008 04:57:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13196 / Success
Event Submitted/Written: 07/04/2008 00:36:13 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23739 / Error
Event Submitted/Written: 07/06/2008 00:04:21 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type23736 / Error
Event Submitted/Written: 07/06/2008 00:04:21 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type23733 / Error
Event Submitted/Written: 07/06/2008 00:04:21 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type23730 / Error
Event Submitted/Written: 07/06/2008 00:04:21 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type23727 / Error
Event Submitted/Written: 07/06/2008 00:04:21 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-07-06 15:07:43 ------------
  • 0

#5
Dekky

Dekky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 06, 2008 18:57:34
Records in database: 918909
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 85426
Threat name: 2
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 00:41:27


File name / Threat name / Threats count
C:\Documents and Settings\Jesmer\My Documents\Shared\Coldplay - cemeteries of london.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080705-140007-441.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\system32\daebqbfe.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\system32\lkxgsmul.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\system32\woasarrd.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\system32\xlkfpn.dll Infected: Trojan.Win32.Monderc.gen 1

The selected area was scanned.


So I guess I didn't get everything. Not sure on what steps I should take to remove this junk.

Thanks again for all your help.
  • 0

#6
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Your Java is still outdated.

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Now please go to add or remove programs and uninstall the following please.

Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Viewpoint Media Player


Now,


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Jesmer\My Documents\Shared\Coldplay - cemeteries of london.mp3
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080705-140007-441.dll
    C:\WINDOWS\system32\mzeame.dll
    C:\WINDOWS\system32\dheujplv.dll
    C:\WINDOWS\system32\lkxgsmul.dll
    C:\WINDOWS\system32\kehnlsnd.dll
    C:\WINDOWS\system32\daebqbfe.dll
    C:\WINDOWS\system32\xlkfpn.dll
    C:\WINDOWS\system32\woasarrd.dll
    C:\program files\viewpoint
    Viewpoint Manager Service <delete service>
    HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce\\tscuninstall
    emptytemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re-run DSS and post back with the OTMoveIt2 log and Main.txt (Extra.txt will not be produced.)
  • 0

#7
Dekky

Dekky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here we go. :)

Deckard's System Scanner v20071014.68
Run by Hebert on 2008-07-07 12:55:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Hebert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:45 PM, on 7/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hebert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hebert.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7580 bytes

-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 12:47:09 0 d-------- C:\Program Files\Common Files\Java
2008-07-07 00:13:58 0 dr-h----- C:\Documents and Settings\Hebert\Recent
2008-07-07 00:10:04 0 d-------- C:\WINDOWS\nvidia icons
2008-07-07 00:09:53 0 d-------- C:\WINDOWS\NV37681464.TMP
2008-07-07 00:04:17 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-07 00:04:15 0 d-------- C:\Documents and Settings\Hebert\Application Data\SystemRequirementsLab
2008-07-06 15:32:02 0 d-------- C:\Documents and Settings\Hebert\.SunDownloadManager
2008-07-05 13:43:57 0 d-------- C:\Program Files\Panda Security
2008-07-05 13:14:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 13:14:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 13:14:09 0 d-------- C:\Documents and Settings\Hebert\Application Data\SUPERAntiSpyware.com
2008-07-05 13:04:23 0 d-------- C:\Documents and Settings\Hebert\Application Data\Malwarebytes
2008-07-05 13:04:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 13:04:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 13:04:00 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-04 12:19:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-04 12:19:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-04 12:19:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-07-04 12:18:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-04 12:18:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-04 12:18:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-04 12:18:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-04 12:18:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-04 12:18:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-04 12:18:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-04 12:18:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-04 12:18:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-04 12:18:28 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-04 12:18:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-04 12:18:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-04 12:18:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-04 12:18:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-04 12:18:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-04 12:13:18 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-07-04 00:33:52 0 d-------- C:\Documents and Settings\Hebert\Application Data\Media Player Classic
2008-07-04 00:32:04 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-04 00:32:03 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-04 00:32:01 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-03 23:01:52 0 d-------- C:\WINDOWS\system32\Release Unicode
2008-07-03 22:59:45 0 d-------- C:\WINDOWS\system32\Release
2008-07-03 22:01:33 0 d-------- C:\Program Files\TVersity Codec Pack
2008-07-03 22:00:02 0 d-------- C:\Program Files\TVersity
2008-07-02 14:12:30 0 d-------- C:\Documents and Settings\Hebert\Application Data\ESET
2008-07-01 12:50:35 0 d-------- C:\Documents and Settings\Hebert\Application Data\Nero
2008-07-01 01:20:41 0 d-------- C:\Program Files\Red Kawa
2008-06-24 23:55:56 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-24 23:55:31 0 d-------- C:\Program Files\Realtek
2008-06-24 23:55:29 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-24 23:55:29 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-24 17:51:49 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-06-24 17:51:07 102400 --a------ C:\WINDOWS\system32\cttele32.dll <Not Verified; Creative Technology Ltd; Creative Common Proxy Stud>
2008-06-24 16:06:30 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-06-24 16:06:30 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-06-24 16:04:21 0 d-------- C:\Program Files\OpenAL
2008-06-24 16:01:05 77824 -----n--- C:\WINDOWS\system32\ctdvda32.dll <Not Verified; Creative Technology Ltd; Creative DVD-Audio Product>
2008-06-24 15:58:31 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-24 03:15:38 0 d-------- C:\WINDOWS\Prefetch
2008-06-24 02:46:45 0 d-------- C:\Program Files\VIA
2008-06-24 02:46:25 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-06-24 02:29:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-23 21:40:02 0 d-------- C:\WINDOWS\system32\scripting
2008-06-23 21:40:02 0 d-------- C:\WINDOWS\system32\en
2008-06-23 21:40:02 0 d-------- C:\WINDOWS\Network Diagnostic
2008-06-23 21:40:02 0 d-------- C:\WINDOWS\L2Schemas


-- Find3M Report ---------------------------------------------------------------

2008-07-07 12:47:38 0 d-------- C:\Program Files\Java
2008-07-07 12:47:09 0 d-------- C:\Program Files\Common Files
2008-07-06 15:41:20 0 d-------- C:\Documents and Settings\Hebert\Application Data\GrabIt
2008-07-06 12:04:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 13:01:41 0 d-------- C:\Documents and Settings\Hebert\Application Data\Ahead
2008-06-25 14:00:41 0 d-------- C:\Program Files\FrostWire
2008-06-25 11:31:58 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-25 01:13:36 0 d-------- C:\Documents and Settings\Hebert\Application Data\Skype
2008-06-24 23:55:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 16:07:29 183 --a------ C:\WINDOWS\setuplog
2008-06-24 16:06:17 0 d-------- C:\Program Files\Creative
2008-06-24 03:09:24 0 d-------- C:\Program Files\Messenger
2008-06-24 03:08:57 0 d-------- C:\Program Files\Movie Maker
2008-06-24 03:07:01 0 d-------- C:\Program Files\Windows NT
2008-06-24 02:22:06 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-04 13:58:17 0 d-------- C:\Program Files\PartyGaming
2008-06-01 20:24:56 0 d-------- C:\Documents and Settings\Hebert\Application Data\FrostWire
2008-05-26 21:14:43 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-05-26 21:14:27 0 d-------- C:\Program Files\ABBYY FineReader 6.0
2008-05-26 21:14:00 0 d-------- C:\Program Files\Lexmark X6100 Series
2008-05-24 00:30:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-23 18:24:58 0 d-------- C:\Program Files\AirPort
2008-05-23 15:50:46 0 d-------- C:\Program Files\CCleaner
2008-05-23 15:11:53 0 d-------- C:\Program Files\Trend Micro
2008-05-21 21:40:10 0 d-------- C:\Program Files\Warcraft III
2008-05-20 22:47:38 76079 --a------ C:\WINDOWS\War3Unin.dat
2008-05-20 22:33:10 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-20 22:33:10 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-11 00:43:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-09 15:29:00 13312 --a------ C:\WINDOWS\system32\ac3api.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:28:42 2560 --a------ C:\WINDOWS\system32\CtxfiRes.dll <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-09 15:28:42 2560 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-09 15:28:40 39424 --a------ C:\WINDOWS\system32\CTxfiSpk.dll <Not Verified; Creative Technology Ltd; Ctxfispk Dynamic Link Library>
2008-05-09 15:28:40 41984 --a------ C:\WINDOWS\system32\CTxfiBtn.dll <Not Verified; Creative Technology Ltd; CTXFIBTN Dynamic Link Library>
2008-05-09 15:28:38 23040 --a------ C:\WINDOWS\system32\Ctxfihlp.exe <Not Verified; Creative Technology Ltd; CTXfiHlp Application>
2008-05-09 15:24:14 47104 --a------ C:\WINDOWS\system32\CTxfiReg.exe <Not Verified; Creative Technology Ltd; CTXFIREG>
2008-05-09 15:24:12 15360 --a------ C:\WINDOWS\system32\Ct20xspi.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:24:08 1214464 --a------ C:\WINDOWS\system32\CTxfispi.exe <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:15:36 386852 --a------ C:\WINDOWS\system32\ctdnlstr.dat
2008-05-09 15:15:36 51787 --a------ C:\WINDOWS\system32\ctdlang.dat
2008-05-09 15:15:04 201216 --a------ C:\WINDOWS\system32\ctemupia.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:16 194560 --a------ C:\WINDOWS\system32\ct_oal.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:12 50688 --a------ C:\WINDOWS\system32\ctasio.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:10 53248 --a------ C:\WINDOWS\system32\ctdproxy.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:46 74240 --a------ C:\WINDOWS\system32\ctosuser.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:44 10240 --a------ C:\WINDOWS\system32\sfman32.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:42 130560 --a------ C:\WINDOWS\system32\sfms32.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:38 16384 --a------ C:\WINDOWS\system32\regplib.exe
2008-05-09 15:11:36 68608 --a------ C:\WINDOWS\system32\piaproxy.dll <Not Verified; Creative Technology Ltd; E-mu PIA>
2008-05-09 15:08:12 7680 --a------ C:\WINDOWS\system32\enlocstr.exe
2008-05-09 15:08:08 12800 --a------ C:\WINDOWS\system32\killapps.exe <Not Verified; ; killapps>
2008-05-09 15:07:24 36864 --a------ C:\WINDOWS\system32\devreg.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-05 15:17:26 585416 --a------ C:\WINDOWS\system32\APOIM32.exe <Not Verified; Creative Technology Ltd; Creative Audio Processing Object Interface Module>
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-14 01:06:03 32653 --a------ C:\WINDOWS\scunin.dat
2008-04-14 01:06:01 967 --a------ C:\WINDOWS\ScUnin.pif
2008-04-14 01:06:01 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [04/19/2004 09:19 AM]
"CTHelper"="CTHELPER.EXE" [12/12/2006 10:46 AM C:\WINDOWS\system32\CtHelper.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 12:09 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [07/25/2003 10:58 AM]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00 AM]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [06/16/2005 06:25 PM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [06/16/2005 06:25 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"CTxfiHlp"="CTXFIHLP.EXE" [05/09/2008 03:28 PM C:\WINDOWS\system32\Ctxfihlp.exe]
"RTHDCPL"="RTHDCPL.EXE" [11/22/2007 04:40 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [03/13/2008 04:48 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [08/26/2007 06:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\Hebert\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [6/24/2003 2:31:35 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [8/26/2007 7:00:11 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [3/21/1999 9:00:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/06/2008 11:32 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07/06/2008 11:33 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\System32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-07 12:57:16 ------------


Explorer killed successfully
C:\Documents and Settings\Jesmer\My Documents\Shared\Coldplay - cemeteries of london.mp3 moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Trend Micro\HijackThis\backups\backup-20080705-140007-441.dll
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080705-140007-441.dll NOT unregistered.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080705-140007-441.dll moved successfully.
File/Folder C:\WINDOWS\system32\mzeame.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\dheujplv.dll
C:\WINDOWS\system32\dheujplv.dll NOT unregistered.
C:\WINDOWS\system32\dheujplv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lkxgsmul.dll
C:\WINDOWS\system32\lkxgsmul.dll NOT unregistered.
C:\WINDOWS\system32\lkxgsmul.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\kehnlsnd.dll
C:\WINDOWS\system32\kehnlsnd.dll NOT unregistered.
C:\WINDOWS\system32\kehnlsnd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\daebqbfe.dll
C:\WINDOWS\system32\daebqbfe.dll NOT unregistered.
C:\WINDOWS\system32\daebqbfe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xlkfpn.dll
C:\WINDOWS\system32\xlkfpn.dll NOT unregistered.
C:\WINDOWS\system32\xlkfpn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\woasarrd.dll
C:\WINDOWS\system32\woasarrd.dll NOT unregistered.
C:\WINDOWS\system32\woasarrd.dll moved successfully.
File/Folder C:\program files\viewpoint not found.
Service not present: Viewpoint Manager Service.
< HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce\\tscuninstall >
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce\\tscuninstall deleted successfully.
< emptytemp >
File delete failed. C:\DOCUME~1\Hebert\LOCALS~1\Temp\IadHide4.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07072008_125016

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\Hebert\LOCALS~1\Temp\IadHide4.dll
C:\DOCUME~1\Hebert\LOCALS~1\Temp\IadHide4.dll NOT unregistered.
C:\DOCUME~1\Hebert\LOCALS~1\Temp\IadHide4.dll moved successfully.
C:\WINDOWS\temp\hlktmp moved successfully.
  • 0

#8
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Your logs look clean :)

Please download OTCleanIt.
  • Save it to your desktop.
  • Double Click on OTCleanIt.exe, a window will appear.
  • Please press the CleanUp! Button.
This will remove the tools we used during the process of cleaning your computer.

Now,

Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates.

First, click the System Restore tab.

* Check the box beside "Turn off System Restore"
* Click "Apply"
* At the prompt, click "Yes"

Wait while your system deletes existing Restore Points, this may take a few moments.

* Uncheck the box beside "Turn off System Restore"
* Click "Apply"
* At the prompt, click "Yes"

Your system will now create a new Restore Point.

&

Now that your are clean, you'll want to stay that way.

Some important things that you should keep in mind in order to protect yourself:
  • Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
    Things you can do to aviod downloading bad programs:
    • Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
    • Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
    • Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
    • Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
  • Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
  • Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.
I have listed two programs to boost your security while using no resources.
  • SpywareBlaster Take a look at the tutorial here.
  • ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Also consider using an alternative web broswer. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera.

Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.

Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.
  • 0

#9
Dekky

Dekky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Everything seems perfect now. Thank you so much for your help. I notice it was your Birthday a few days ago, hope you had a good one.

Take care

Dekky
  • 0

#10
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Thank you,

I had a great birthday.

Glad to hear everything is running smoothly, enjoy your day still and take care :)

Mike
  • 0

#11
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP