Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Analyze this please [RESOLVED]


  • This topic is locked This topic is locked

#1
Hemant Kumar

Hemant Kumar

    New Member

  • Member
  • Pip
  • 9 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:12 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Offline Course Player\OlpSynch.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe
C:\Documents and Settings\Administrator\Desktop\amazon-ecs-2007-07-16-cs-library\amazon-ecs-2007-07-16-cs-library\src\Amazon.ECS.Samples\bin\Debug\Amazon.ECS.Samples.vshost.exe
C:\WINDOWS\system32\dllhost.exe
c:\windows\microsoft.net\framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 67.19.173.157 dashboard.efficience.us
O1 - Hosts: 207.171.183.113 s3.amazonaws.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://wm.efficience.us
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...4/uploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BF5BEF-CB47-49E8-BAC3-10A2E8EDAD46}: NameServer = 208.67.222.222,208.67.222.220
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\WMI VPN\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7307 bytes

Thanks and Regards,
Hemant
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I would like to take a deeper look if I may

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Hemant Kumar

Hemant Kumar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
main.txt

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-09 10:19:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2008-07-09 04:49:55 UTC - RP161 - Deckard's System Scanner Restore Point
46: 2008-07-08 11:02:20 UTC - RP160 - System Checkpoint
45: 2008-07-07 10:55:54 UTC - RP159 - System Checkpoint
44: 2008-07-04 10:49:11 UTC - RP158 - System Checkpoint
43: 2008-07-03 07:02:41 UTC - RP157 - System Checkpoint


-- First Restore Point --
1: 2008-06-26 07:43:38 UTC - RP115 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:53 AM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Offline Course Player\OlpSynch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 67.19.173.157 dashboard.efficience.us
O1 - Hosts: 207.171.183.113 s3.amazonaws.com
O2 - BHO: (no name) - {01F355AF-524A-4AA1-A2CE-8F2F03D16042} - C:\WINDOWS\system32\ssqPFuRK.dll
O2 - BHO: (no name) - {0E7D984E-B9EE-4F55-960D-970A1ACE7B31} - C:\WINDOWS\system32\cbXOExuS.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d} - C:\WINDOWS\system32\yhwqnuhy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: {2ab23057-4031-0cca-5c34-e329a60c99ae} - {ea99c06a-923e-43c5-acc0-130475032ba2} - C:\WINDOWS\system32\qpvfhc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://wm.efficience.us
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...4/uploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BF5BEF-CB47-49E8-BAC3-10A2E8EDAD46}: NameServer = 208.67.222.222,208.67.222.220
O20 - Winlogon Notify: ssqPFuRK - C:\WINDOWS\SYSTEM32\ssqPFuRK.dll
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\WMI VPN\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8126 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080708-110355-606 O2 - BHO: (no name) - {50D58AD1-8F36-4F5B-BE40-6687D58F3EB1} - C:\WINDOWS\system32\cbXOExuS.dll
backup-20080708-110355-876 O2 - BHO: {572b5eb4-cd3e-ad2a-1004-b6f824cfc30d} - {d03cfc42-8f6b-4001-a2da-e3dc4be5b275} - C:\WINDOWS\system32\qkqwzf.dll
backup-20080708-110355-953 O2 - BHO: (no name) - {01F355AF-524A-4AA1-A2CE-8F2F03D16042} - C:\WINDOWS\system32\ssqPFuRK.dll
backup-20080708-112427-161 O2 - BHO: (no name) - {50D58AD1-8F36-4F5B-BE40-6687D58F3EB1} - C:\WINDOWS\system32\cbXOExuS.dll
backup-20080708-112427-277 O2 - BHO: (no name) - {01F355AF-524A-4AA1-A2CE-8F2F03D16042} - C:\WINDOWS\system32\ssqPFuRK.dll
backup-20080708-124802-615 O4 - HKLM\..\Run: [BMb3b6afb6] Rundll32.exe "C:\WINDOWS\system32\wtloctwj.dll",s
backup-20080708-124802-697 O4 - HKLM\..\Run: [b0859c2a] rundll32.exe "C:\WINDOWS\system32\riyxixpd.dll",b

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - VBSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>

S3 usbbus (LGE CDMA Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Multi function Driver>
S3 UsbDiag (LGE CDMA USB Serial Port) - c:\windows\system32\drivers\lgusbdiag.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Diagnostics Driver>
S3 USBModem (LGE CDMA USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Modem Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MSSEARCH (Microsoft Search) - "c:\program files\common files\system\mssearch\bin\mssearch.exe" <Not Verified; Microsoft Corporation; PKM>

S3 ExtranetAccess (Contivity VPN Service) - "c:\program files\wmi vpn\extranet_serv.exe" <Not Verified; Nortel Networks NA, Inc.; Nortel Networks Contivity VPN Client>
S4 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1F1C22F902700
Manufacturer: Microsoft
Name: 1394 Net Adapter #3
PNP Device ID: V1394\NIC1394\1F1C22F902700
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-07-08 10:22:04 438 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{940F17C0-E4A7-4918-A95C-7872C4B2307B}.job
2008-01-04 15:11:31 356 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-01-04 15:11:29 348 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-08 15:36:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-07-08 15:35:34 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-07-08 12:24:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-07-08 12:13:49 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 12:13:31 0 d-------- C:\Program Files\Spyware Doctor
2008-07-08 12:13:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-07-08 12:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-08 12:01:36 49664 --a------ C:\WINDOWS\system32\yhwqnuhy.dll
2008-07-08 11:58:37 103424 --a------ C:\WINDOWS\system32\qpvfhc.dll
2008-07-08 11:58:36 103424 --a------ C:\WINDOWS\system32\bjrlnujq.dll
2008-07-08 11:58:27 91648 --a------ C:\WINDOWS\system32\wtloctwj.dll
2008-07-08 10:52:41 0 d-------- C:\Program Files\Trend Micro
2008-07-07 11:57:25 78848 --a------ C:\WINDOWS\system32\riyxixpd.dll
2008-07-07 11:57:21 102912 --a------ C:\WINDOWS\system32\qkqwzf.dll
2008-07-07 11:57:19 102912 --a------ C:\WINDOWS\system32\gljsdygf.dll
2008-07-04 12:16:35 0 --a------ C:\WINDOWS\system32\lduumi.dll
2008-07-04 12:16:34 0 --a------ C:\WINDOWS\system32\dcpxtppo.dll
2008-07-03 12:20:40 0 --a------ C:\WINDOWS\system32\jrbhpx.dll
2008-07-03 12:20:38 0 --a------ C:\WINDOWS\system32\emhdvauf.dll
2008-07-02 12:17:03 0 --a------ C:\WINDOWS\system32\tmuetg.dll
2008-07-02 12:17:02 0 --a------ C:\WINDOWS\system32\kfhsnmlu.dll
2008-07-01 19:46:57 0 d-------- C:\CLRProfiler
2008-07-01 12:17:18 0 --a------ C:\WINDOWS\system32\xqmhwi.dll
2008-07-01 12:17:17 0 --a------ C:\WINDOWS\system32\erjltoap.dll
2008-07-01 12:15:00 0 --a------ C:\WINDOWS\system32\oivanfve.dll
2008-06-26 14:32:53 56320 --a------ C:\WINDOWS\system32\efcBqqNg.dll
2008-06-26 13:13:28 381806 --ahs---- C:\WINDOWS\system32\SuxEOXbc.ini2
2008-06-26 13:13:19 322048 --a------ C:\WINDOWS\system32\cbXOExuS.dll
2008-06-26 13:08:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-26 13:08:02 0 d-------- C:\Program Files\Common Files\Real
2008-06-26 13:08:00 0 d-------- C:\Program Files\Real
2008-06-26 13:07:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-26 13:06:31 56320 --a------ C:\WINDOWS\system32\ssqPFuRK.dll
2008-06-25 17:59:25 0 d-------- C:\Program Files\Offline Course Player
2008-06-25 17:35:17 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-25 13:07:23 0 d-------- C:\spoolerlogs
2008-06-23 15:44:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\IsolatedStorage
2008-06-20 10:31:13 0 d-------- C:\Program Files\MultipleIEs
2008-06-18 13:42:36 0 d-------- C:\Program Files\Business Objects
2008-06-18 13:41:44 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-06-18 13:40:42 0 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-06-18 13:39:45 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-06-18 13:39:45 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-18 13:27:22 0 d-------- C:\Program Files\Microsoft SDKs
2008-06-18 13:27:21 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-06-18 13:26:01 0 d-------- C:\Program Files\Microsoft Web Designer Tools
2008-06-18 13:23:38 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-18 13:23:34 0 d-------- C:\Program Files\Reference Assemblies
2008-06-18 10:31:48 0 d-------- C:\Program Files\WinAVIVideoConverter
2008-06-18 10:31:37 3082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
2008-06-17 15:36:40 200704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-06-17 15:36:40 404480 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-06-17 15:36:40 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-06-17 15:36:40 3049984 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-06-17 15:36:40 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-06-17 15:36:40 14909 --a------ C:\WINDOWS\system32\A_reg.reg
2008-06-17 15:36:38 0 d-------- C:\Program Files\Cucusoft
2008-06-17 15:36:29 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-16 12:46:22 0 d-------- C:\Program Files\123 GIF&JPG Optimizer
2008-06-10 16:49:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft FxCop
2008-06-10 16:48:50 0 d-------- C:\Program Files\Microsoft FxCop 1.36
2008-06-09 19:54:09 0 d-------- C:\Program Files\Core Services
2008-06-09 17:04:01 0 d-------- C:\clr


-- Find3M Report ---------------------------------------------------------------

2008-07-09 10:19:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-07-08 12:13:25 0 d-------- C:\Program Files\Google
2008-07-02 14:11:45 27420 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-26 14:35:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-26 13:08:51 0 d-------- C:\Program Files\Common Files
2008-06-25 17:59:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 14:48:49 0 d-------- C:\Program Files\MSDN
2008-06-18 13:38:44 0 d-------- C:\Program Files\Microsoft.NET
2008-06-18 13:33:23 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-18 13:30:14 0 d-------- C:\Program Files\MSBuild
2008-06-09 18:24:01 0 d-------- C:\Program Files\Microsoft ACT
2008-06-09 09:41:33 0 d-------- C:\Program Files\McAfee
2008-06-06 16:45:25 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-05 17:30:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-05 17:19:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-05 17:06:20 0 d-------- C:\Program Files\AdventNet
2008-06-05 17:06:03 0 d-------- C:\Program Files\Photomatix
2008-06-05 17:05:45 0 d-------- C:\Program Files\Microsoft Web Application Stress Tool
2008-06-05 10:33:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\QEngine
2008-06-02 15:14:12 0 d-------- C:\Program Files\Ultrapico
2008-05-22 18:16:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-22 18:15:59 0 d-------- C:\Program Files\Safari


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01F355AF-524A-4AA1-A2CE-8F2F03D16042}]
06/26/2008 01:06 PM 56320 --a------ C:\WINDOWS\system32\ssqPFuRK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E7D984E-B9EE-4F55-960D-970A1ACE7B31}]
06/26/2008 01:13 PM 322048 --a------ C:\WINDOWS\system32\cbXOExuS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d}]
07/08/2008 12:01 PM 49664 --a------ C:\WINDOWS\system32\yhwqnuhy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ea99c06a-923e-43c5-acc0-130475032ba2}]
07/08/2008 11:58 AM 103424 --a------ C:\WINDOWS\system32\qpvfhc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [02/19/2008 03:34 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"OLPSYNCH"="C:\Program Files\Offline Course Player\OlpSynch.exe" [02/19/2008 04:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/26/2008 01:08 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [03/25/2008 07:08 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 05:30 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07/08/2008 12:13 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01F355AF-524A-4AA1-A2CE-8F2F03D16042}"= C:\WINDOWS\system32\ssqPFuRK.dll [06/26/2008 01:06 PM 56320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPFuRK]
ssqPFuRK.dll 06/26/2008 01:06 PM 56320 C:\WINDOWS\system32\ssqPFuRK.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\WINDOWS\system32\cbXOExuS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SQLWriter"=3 (0x3)
"SQLSERVERAGENT"=3 (0x3)
"SQLAgent$SQL2005"=3 (0x3)
"Spooler"=2 (0x2)
"RichVideo"=2 (0x2)
"ReportServer$SQL2005"=3 (0x3)
"MSSQLSERVER"=2 (0x2)
"MSOLAP$SQL2005"=3 (0x3)
"msftesql$SQL2005"=3 (0x3)
"MsDtsServer"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"AcrSch2Svc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67b69f9b-d532-11dc-abf4-444553544200}]
AutoRun\command- H:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2a43835-ad5b-11dc-abb4-001cc012c388}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
Open \command- H:\MicrosoftPowerPoint.exe




-- Hosts -----------------------------------------------------------------------

67.19.173.157 dashboard.efficience.us
207.171.183.113 s3.amazonaws.com


-- End of Deckard's System Scanner: finished at 2008-07-09 10:25:17 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
CPU 1: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 1004.54 MiB / 365.98 MiB
Pagefile Memory (total/avail): 2408.94 MiB / 1697.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.13 MiB

C: is Fixed (NTFS) - 39.07 GiB total, 16.3 GiB free.
D: is Fixed (NTFS) - 39.06 GiB total, 21.3 GiB free.
E: is Fixed (NTFS) - 39.06 GiB total, 32.3 GiB free.
F: is Fixed (NTFS) - 31.86 GiB total, 13.24 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD161HJ - 149.05 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 39.07 GiB - C:
\PARTITION1 - Extended Partition - 109.98 GiB - D: - E: - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ETI-4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
INCLUDE=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
LIB=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\;C:\Program Files\SQLXML 4.0\bin\
LOGONSERVER=\\ETI-4
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\wcat
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=ETI-4
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
VS71COMNTOOLS=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
ASPNET
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acronis True Image --> MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnkhSvn --> MsiExec.exe /I{A5F838BB-8E30-4AE7-B496-7E30CA8BAB33}
ASP.NET Web Profile Generator Add-In --> MsiExec.exe /I{B3AD7EEE-0041-42C8-84E5-3D06B902C2A1}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Cucusoft Ultimate Video Converter 7.08 --> "C:\Program Files\Cucusoft\Ultimate-converter\unins000.exe"
CuteFTP 6 Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}
Expresso --> MsiExec.exe /I{345FB947-0E75-41B6-B2A8-7FEDFFF866BF}
Fiddler2 --> "C:\Program Files\Fiddler2\uninst.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® Management Engine Interface --> C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel® PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Internet Explorer Developer Toolbar --> MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft ASP.NET 2.0 AJAX Extensions 1.0 --> MsiExec.exe /X{082BDF7B-4810-4599-BF0D-E3AC44EC8524}
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft FxCop 1.36 RTM --> MsiExec.exe /X{AB82EDB5-9F7B-3C3C-A678-28016363063C}
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 (SQL2005) --> MsiExec.exe /I{2373A92B-1C1C-4E71-B494-5CA97F96AA19}
Microsoft SQL Server 2005 Analysis Services (SQL2005) --> MsiExec.exe /I{982DB00A-9C4E-436B-8707-18E113BAA44C}
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{96327C3C-96BE-4C7A-A6F7-A71635E5949A}
Microsoft SQL Server 2005 Books Online (English) --> MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Integration Services --> MsiExec.exe /I{E0A41F96-7231-4AE8-A654-EEB34F935462}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Notification Services --> MsiExec.exe /I{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}
Microsoft SQL Server 2005 Reporting Services (SQL2005) --> MsiExec.exe /I{3BDB182E-8371-46BD-AC39-C14A91D5EEF8}
Microsoft SQL Server 2005 Samples --> MsiExec.exe /I{DDF6E319-BCD9-4FE3-9D69-26B2F47BEF7C}
Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{90032DD0-ABEE-4424-AC1E-B076BDD4E350}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.1 --> MsiExec.exe /X{8C6EE0B4-650F-452E-B9C2-882A72227B19}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio .NET Enterprise Architect 2003 - English --> "C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Enterprise Architect 2003 - English\setup.exe" /MaintMode
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library for Visual Studio 2005 --> msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005 --> MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2008 - ENU --> C:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - ENU\setup.exe
MSDN Library for Visual Studio 2008 - ENU --> MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultipleIEs --> "C:\Program Files\MultipleIEs\unins000.exe"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NUnit 2.4.6 --> MsiExec.exe /I{34ECF45C-A24F-41E5-8064-538821E80645}
NUnitForms v2.0 alpha5 --> MsiExec.exe /I{59956A91-E53F-4D80-8678-08BDCFEA61A3}
Offline Course Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BC1AB78-2D98-4906-84B5-4230B5420DCC}\Setup.exe" -l0x9 -f1"C:\Program Files\InstallShield Installation Information\{3BC1AB78-2D98-4906-84B5-4230B5420DCC}\setup.iss"
PAL --> "C:\WINDOWS\IsUninst.exe" -y -f"C:\Program Files\PAL\Uninstl\DeIsL1.isu" -c"C:\Program Files\PAL\Uninstl\palunins.dll
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PInvoke.net Visual Studio Add-In --> MsiExec.exe /I{0508A4AD-2521-4600-B68E-7E472DB20847}
PowerDVD Ultra --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Remedy User 6.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{437B532F-EB2B-40A2-8585-DEFA15F92C76}\Setup.exe" -l0x9 Useruninstall
Safari --> MsiExec.exe /X{40589552-3892-409E-B92C-9F5032A4B2F0}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SQLXML4 --> MsiExec.exe /I{8C62A94B-4AB6-485F-A111-93056684D340}
TortoiseSVN 1.4.7.11792 (32 bit) --> MsiExec.exe /X{0CEBB8A4-8057-4823-8746-95ABBBE2F40E}
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Visual Studio 2005 Tools for Office Second Edition Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe
WMI VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type9305 / Success
Event Submitted/Written: 07/08/2008 05:18:19 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type9255 / Error
Event Submitted/Written: 07/08/2008 00:27:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ole32.dll, version 5.1.2600.2726, fault address 0x0003030f.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type9245 / Success
Event Submitted/Written: 07/08/2008 09:42:33 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type9142 / Warning
Event Submitted/Written: 07/07/2008 04:00:50 PM
Event ID/Source: 1309 / ASP.NET 2.0.50727.0
Event Description:
Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 7/7/2008 4:00:50 PM

Event time (UTC): 7/7/2008 10:30:50 AM

Event ID: ca8dcef4c1e441d19c61dfebb701fd4a

Event sequence: 42

Event occurrence: 1

Event detail code: 0



Application information:

Application domain: /LM/W3SVC/1/Root/AmazonWS-3-128598998765156250

Trust level: 30050

Application Virtual Path: 30051

Application Path: 30052

Machine name: 30053



Process information:

Process ID: 30055

Process name: 30056

Account name: 30057



Exception information:

Exception type: 30058

Exception message: 30059



Request information:

Request URL: An unhandled exception has occurred.0

Request path: An unhandled exception has occurred.1

User host address: An unhandled exception has occurred.2

User: An unhandled exception has occurred.3

Is authenticated: An unhandled exception has occurred.4

Authentication Type: An unhandled exception has occurred.5

Thread account name: An unhandled exception has occurred.6



Thread information:

Thread ID: An unhandled exception has occurred.7

Thread account name: An unhandled exception has occurred.8

Is impersonating: An unhandled exception has occurred.9

Stack trace: 7/7/2008 4:00:50 PM0



Custom event details:

30054

Event Record #/Type9141 / Warning
Event Submitted/Written: 07/07/2008 01:03:58 PM
Event ID/Source: 1310 / ASP.NET 2.0.50727.0
Event Description:
Event code: 3007

Event message: A compilation error has occurred.

Event time: 7/7/2008 1:03:58 PM

Event time (UTC): 7/7/2008 7:33:58 AM

Event ID: 18e7c02ef59d48b7aa64b9cf6ab686e4

Event sequence: 33

Event occurrence: 1

Event detail code: 0



Application information:

Application domain: /LM/W3SVC/1/Root/AmazonWS-1-128598844956093750

Trust level: 30070

Application Virtual Path: 30071

Application Path: 30072

Machine name: 30073



Process information:

Process ID: 30075

Process name: 30076

Account name: 30077



Exception information:

Exception type: 30078

Exception message: 30079



Request information:

Request URL: A compilation error has occurred.0

Request path: A compilation error has occurred.1

User host address: A compilation error has occurred.2

User: A compilation error has occurred.3

Is authenticated: A compilation error has occurred.4

Authentication Type: A compilation error has occurred.5

Thread account name: A compilation error has occurred.6



Thread information:

Thread ID: A compilation error has occurred.7

Thread account name: A compilation error has occurred.8

Is impersonating: A compilation error has occurred.9

Stack trace: 7/7/2008 1:03:58 PM0



Custom event details:

30074



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18757 / Error
Event Submitted/Written: 07/09/2008 10:13:35 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type18756 / Error
Event Submitted/Written: 07/09/2008 10:13:24 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type18755 / Error
Event Submitted/Written: 07/09/2008 10:13:13 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type18754 / Error
Event Submitted/Written: 07/09/2008 10:13:03 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type18753 / Error
Event Submitted/Written: 07/09/2008 10:12:52 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-07-09 10:25:17 ------------

Thanks and Regards,
Hemant
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You do have a few nasties there, lets clear them and see what happens

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\yhwqnuhy.dll
    C:\WINDOWS\system32\qpvfhc.dll
    C:\WINDOWS\system32\bjrlnujq.dll
    C:\WINDOWS\system32\wtloctwj.dll
    C:\WINDOWS\system32\riyxixpd.dll
    C:\WINDOWS\system32\qkqwzf.dll
    C:\WINDOWS\system32\gljsdygf.dll
    C:\WINDOWS\system32\lduumi.dll
    C:\WINDOWS\system32\dcpxtppo.dll
    C:\WINDOWS\system32\jrbhpx.dll
    C:\WINDOWS\system32\emhdvauf.dll
    C:\WINDOWS\system32\tmuetg.dll
    C:\WINDOWS\system32\kfhsnmlu.dll
    C:\WINDOWS\system32\xqmhwi.dll
    C:\WINDOWS\system32\erjltoap.dll
    C:\WINDOWS\system32\oivanfve.dll
    C:\WINDOWS\system32\efcBqqNg.dll
    C:\WINDOWS\system32\SuxEOXbc.ini2
    C:\WINDOWS\system32\cbXOExuS.dll
    C:\WINDOWS\system32\ssqPFuRK.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPFuRK
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F355AF-524A-4AA1-A2CE-8F2F03D16042}
    HKEY_CLASSES_ROOT\CLSID\{01F355AF-524A-4AA1-A2CE-8F2F03D16042}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E7D984E-B9EE-4F55-960D-970A1ACE7B31}
    HKEY_CLASSES_ROOT\CLSID\{0E7D984E-B9EE-4F55-960D-970A1ACE7B31}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d}
    HKEY_CLASSES_ROOT\CLSID\{7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ab23057-4031-0cca-5c34-e329a60c99ae}
    HKEY_CLASSES_ROOT\CLSID\{2ab23057-4031-0cca-5c34-e329a60c99ae}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67b69f9b-d532-11dc-abf4-444553544200}
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTMoveit and MBAM
  • 0

#5
Hemant Kumar

Hemant Kumar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTMoveIt2

Under the green box i see the following....

C:\WINDOWS\system32\yhwqnuhy.dll unregistered successfully.
C:\WINDOWS\system32\yhwqnuhy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qpvfhc.dll
C:\WINDOWS\system32\qpvfhc.dll NOT unregistered.
C:\WINDOWS\system32\qpvfhc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bjrlnujq.dll
C:\WINDOWS\system32\bjrlnujq.dll NOT unregistered.
C:\WINDOWS\system32\bjrlnujq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wtloctwj.dll
C:\WINDOWS\system32\wtloctwj.dll NOT unregistered.
C:\WINDOWS\system32\wtloctwj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\riyxixpd.dll
C:\WINDOWS\system32\riyxixpd.dll NOT unregistered.
C:\WINDOWS\system32\riyxixpd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qkqwzf.dll
C:\WINDOWS\system32\qkqwzf.dll NOT unregistered.
C:\WINDOWS\system32\qkqwzf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gljsdygf.dll
C:\WINDOWS\system32\gljsdygf.dll NOT unregistered.
C:\WINDOWS\system32\gljsdygf.dll moved successfully.
File/Folder C:\WINDOWS\system32\lduumi.dll not found.
File/Folder C:\WINDOWS\system32\dcpxtppo.dll not found.
File/Folder C:\WINDOWS\system32\jrbhpx.dll not found.
File/Folder C:\WINDOWS\system32\emhdvauf.dll not found.
File/Folder C:\WINDOWS\system32\tmuetg.dll not found.
File/Folder C:\WINDOWS\system32\kfhsnmlu.dll not found.
File/Folder C:\WINDOWS\system32\xqmhwi.dll not found.
File/Folder C:\WINDOWS\system32\erjltoap.dll not found.
File/Folder C:\WINDOWS\system32\oivanfve.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcBqqNg.dll
C:\WINDOWS\system32\efcBqqNg.dll NOT unregistered.
C:\WINDOWS\system32\efcBqqNg.dll moved successfully.
C:\WINDOWS\system32\SuxEOXbc.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbXOExuS.dll
C:\WINDOWS\system32\cbXOExuS.dll NOT unregistered.
C:\WINDOWS\system32\cbXOExuS.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqPFuRK.dll
C:\WINDOWS\system32\ssqPFuRK.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ssqPFuRK.dll scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPFuRK >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPFuRK\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F355AF-524A-4AA1-A2CE-8F2F03D16042} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F355AF-524A-4AA1-A2CE-8F2F03D16042}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{01F355AF-524A-4AA1-A2CE-8F2F03D16042}] >
Registry key HKEY_CLASSES_ROOT\CLSID\{01F355AF-524A-4AA1-A2CE-8F2F03D16042}]\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E7D984E-B9EE-4F55-960D-970A1ACE7B31} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E7D984E-B9EE-4F55-960D-970A1ACE7B31}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{0E7D984E-B9EE-4F55-960D-970A1ACE7B31}] >
Registry key HKEY_CLASSES_ROOT\CLSID\{0E7D984E-B9EE-4F55-960D-970A1ACE7B31}]\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d}] >
Registry key HKEY_CLASSES_ROOT\CLSID\{7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d}]\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ab23057-4031-0cca-5c34-e329a60c99ae} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ab23057-4031-0cca-5c34-e329a60c99ae}\\ not found.
< HKEY_CLASSES_ROOT\CLSID\{2ab23057-4031-0cca-5c34-e329a60c99ae} >
Registry key HKEY_CLASSES_ROOT\CLSID\{2ab23057-4031-0cca-5c34-e329a60c99ae}\\ not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67b69f9b-d532-11dc-abf4-444553544200} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67b69f9b-d532-11dc-abf4-444553544200}\\ deleted successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07092008_145059

On Reboot, the OTMoveIt2 displayed the log file that it was not able to delete / unregister the C:\WINDOWS\system32\ssqPFuRK.dll file. I tried to manually unregister and delete it but i was not successful. Then i sought my friends help on how to forcefully delete this file. He suggested to boot my OS from the CD and enter in recover mode and then to delete the file. I did so and was able to delete it successfully.


Malwarebytes' Anti-malware log results...

Malwarebytes' Anti-Malware 1.20
Database version: 933
Windows 5.1.2600 Service Pack 2

3:39:33 PM 7/9/2008
mbam-log-7-9-2008 (15-39-33).txt

Scan type: Quick Scan
Objects scanned: 52665
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b0859c2a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmb3b6afb6 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vkyjdgnq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qngdjykv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvakubjm.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Let me know what to do next.

Thanks and Regards,
Hemant.

Edited by Hemant Kumar, 09 July 2008 - 04:18 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

He suggested to boot my OS from the CD and enter in recover mode and then to delete the file. I did so and was able to delete it successfully.

A bit dodgy unless you know exactly what you are doing, how is your system running now ?

Lets do a final sweep now and see what that reveals

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#7
Hemant Kumar

Hemant Kumar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Please find the OTScanIt log attached and let me know what to do further

Thanks and Regards,
Hemant.Attached File  OTScanIt.Txt   270.99KB   69 downloads
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Whitling them down now :)

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {01F355AF-524A-4AA1-A2CE-8F2F03D16042} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqPFuRK.dll []
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {a0cb8059-9282-4ca1-b280-5f74abf46044} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nhkzzx.dll [Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 90 days]
NY -> dkwxskpn.dll -> %SystemRoot%\System32\dkwxskpn.dll
NY -> dpxixyir.ini -> %SystemRoot%\System32\dpxixyir.ini
NY -> fndstqsx.ini -> %SystemRoot%\System32\fndstqsx.ini
NY -> gfhotaon.ini -> %SystemRoot%\System32\gfhotaon.ini
NY -> kscivblv.ini -> %SystemRoot%\System32\kscivblv.ini
NY -> ldgldmft.ini -> %SystemRoot%\System32\ldgldmft.ini
NY -> mpnderxj.ini -> %SystemRoot%\System32\mpnderxj.ini
NY -> nhkzzx.dll -> %SystemRoot%\System32\nhkzzx.dll
NY -> pptasnmu.ini -> %SystemRoot%\System32\pptasnmu.ini
NY -> SuxEOXbc.ini -> %SystemRoot%\System32\SuxEOXbc.ini
NY -> trjdlkme.ini -> %SystemRoot%\System32\trjdlkme.ini
[Files/Folders - Modified Within 90 days]
NY -> dkwxskpn.dll -> %SystemRoot%\System32\dkwxskpn.dll
NY -> dpxixyir.ini -> %SystemRoot%\System32\dpxixyir.ini
NY -> fndstqsx.ini -> %SystemRoot%\System32\fndstqsx.ini
NY -> gfhotaon.ini -> %SystemRoot%\System32\gfhotaon.ini
NY -> jnccwhbu.dll -> %SystemRoot%\System32\jnccwhbu.dll
NY -> kscivblv.ini -> %SystemRoot%\System32\kscivblv.ini
NY -> ldgldmft.ini -> %SystemRoot%\System32\ldgldmft.ini
NY -> mpnderxj.ini -> %SystemRoot%\System32\mpnderxj.ini
NY -> nhkzzx.dll -> %SystemRoot%\System32\nhkzzx.dll
NY -> pptasnmu.ini -> %SystemRoot%\System32\pptasnmu.ini
NY -> SuxEOXbc.ini -> %SystemRoot%\System32\SuxEOXbc.ini
NY -> trjdlkme.ini -> %SystemRoot%\System32\trjdlkme.ini
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

I see you have Malwarebytes, but to be sure I would like you to get the latest version
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTScanit report and MBAM. How is your computer now ?
  • 0

#9
Hemant Kumar

Hemant Kumar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy,
I have attached the 1) mbam log 2) OTScanIt log and 3) HijackThis log. Sometimes but not often an advertisement shows up in the IE browser window. This window spawns automatically. Still believe there is something lurking around. Please let me know what to do next.

Thanks and Regards,
Hemant.
Attached File  mbam_log_7_11_2008__11_57_53_.txt   1.02KB   62 downloads
Attached File  07112008_113628.txt   7.8KB   73 downloads
Attached File  hijackthis.txt   7.79KB   60 downloads
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just one more to remove.. I think I will use another scanner to be sure

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7C5C3D9C-A65A-4E23-9C7F-DBBFD95AB68d} - C:\WINDOWS\System32\jnccwhbu.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

Advertisements


#11
Hemant Kumar

Hemant Kumar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy,
Please find the log files attached. Let me know what is our next step.

1. ComboFix.txtAttached File  ComboFix.txt   19.38KB   125 downloads
2. hijackthis.txtAttached File  hijackthis.txt   7.08KB   57 downloads

Thanks and Regards,
Hemant.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again, well those two logs looked good are you still experiencing the popup ? If so could you take a screenshot of one for me

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

  • 0

#13
Hemant Kumar

Hemant Kumar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy,
I have installed the latest JRE. Also, in the recent past i have not seen that popup showing again. One more information, only starting from yesterday (Monday 14th July 2008), I received a MSN Messenger popup with a zip file attached from my friend who is in the same block as I 'm working. Before, accepting/opening I asked if he has sent me the file. He replied that he didn't sent any file. Strange. Slowly I found that other team members also received such MSN Messenger popup with an attached file. Does this mean that a new virus is trying to get in? or our system is infected with a virus? Please let me know on this.

Thanks and Regards,
Hemant.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I received a MSN Messenger popup with a zip file attached from my friend who is in the same block as I 'm working. Before, accepting/opening I asked if he has sent me the file. He replied that he didn't sent any file. Strange. Slowly I found that other team members also received such MSN Messenger popup with an attached file. Does this mean that a new virus is trying to get in? or our system is infected with a virus? Please let me know on this.

It sounds as though he is infected with the MSN virus. You are wise to double check whether zip files sent to you are legitimate.

Based on the latest information

Now the best part of the day ----- Your log now appears clean :)

Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#15
Hemant Kumar

Hemant Kumar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you Essexboy,
Thank you very much for helping me clean my system. :) Now I have following list of tools installed in my system. Let me know which ones should I keep and which one is not needed.

1. ERUNT 1.1j
2. Google Toolbar for IE
3. HijackThis 2.0.2
4. Java ™ 6 Update 7
5. Java ™ SE Development Kit 6 Update 7
6. Malwarebytes' Anti-Malware
7. McAfee SecurityCenter
8. Spyware Doctor 5.5 (non-Registered)
9. Spyware Blaster 4.1
10. Trojan Hunter 5.0

Thanks and Regards,
Hemant.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP