Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.vundo [RESOLVED]


  • This topic is locked This topic is locked

#1
Poke

Poke

    Member

  • Member
  • PipPipPip
  • 162 posts
Heres the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:40 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [x3watch] "C:\Program Files\X3watch\x3watch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorkPace 3.0] "C:\Program Files\WorkPace 3.0\workpace.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [New Application] "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8580 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I would like to do a deeper search if I may

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Poke

Poke

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
ty for replying and here you go:

Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-11 15:52:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
33: 2008-07-11 22:52:50 UTC - RP400 - Deckard's System Scanner Restore Point
32: 2008-07-11 22:15:30 UTC - RP399 - Installed Java™ 6 Update 7
31: 2008-07-11 07:27:33 UTC - RP398 - Software Distribution Service 3.0
30: 2008-07-11 04:16:15 UTC - RP397 - Move file to quarantine: urqNEUnm.dll
29: 2008-07-11 04:15:57 UTC - RP396 - Move file to quarantine: ljJDvVMF.dll


-- First Restore Point --
1: 2008-06-29 01:12:08 UTC - RP368 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:11 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Compaq_Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [x3watch] "C:\Program Files\X3watch\x3watch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorkPace 3.0] "C:\Program Files\WorkPace 3.0\workpace.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [New Application] "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8526 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTDevice_Srv (CT Device Query service) - c:\program files\creative\shared files\ctdevsrv.exe <Not Verified; Creative Technology Ltd; CTDevSrv Application>

S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-10 21:04:00 0 dr-h----- C:\Documents and Settings\Compaq_Owner\Recent
2008-07-09 19:37:03 0 d-------- C:\Program Files\PacificPoker
2008-07-09 19:32:31 0 d-------- C:\Program Files\PokerStars.NET
2008-07-08 00:10:13 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Nexon
2008-07-08 00:07:52 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-07 23:55:42 0 d-------- C:\Nexon
2008-07-06 23:16:08 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Creative
2008-07-05 14:27:01 53248 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-07-05 14:27:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-07-05 14:26:46 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-07-05 14:26:46 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-07-05 14:26:37 0 d-------- C:\Program Files\Creative
2008-07-02 00:10:10 0 d-------- C:\WINDOWS\$regcmp$
2008-07-01 09:21:36 23 --a------ C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
2008-06-28 16:37:09 277343 --ahs---- C:\WINDOWS\system32\aKnpYcdd.ini2
2008-06-28 16:17:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 16:16:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 16:16:26 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-06-28 16:09:41 0 d-------- C:\VundoFix Backups
2008-06-28 09:05:20 1431 --ahs---- C:\WINDOWS\system32\mnUENqru.ini2
2008-06-28 08:40:37 43008 --a------ C:\WINDOWS\system32\clbdll.dll
2008-06-28 08:40:17 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-26 21:50:09 0 d-------- C:\Program Files\SXS Sniffer
2008-06-26 07:50:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-26 07:50:51 0 d-------- C:\Program Files\Security Task Manager
2008-06-24 12:14:34 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-06-24 12:13:14 0 d-------- C:\Program Files\G-Collections
2008-06-18 17:40:55 0 d-------- C:\Program Files\Windows Media Connect 2


-- Find3M Report ---------------------------------------------------------------

2008-07-11 15:20:25 0 d-------- C:\Program Files\Java
2008-07-10 21:07:27 0 d-------- C:\Program Files\Steam
2008-07-10 18:40:37 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2008-07-08 00:07:52 0 d-------- C:\Program Files\Common Files
2008-07-06 23:14:28 0 d-------- C:\Program Files\LimeWire
2008-07-06 09:30:44 0 d---s---- C:\Program Files\Xfire
2008-07-05 14:26:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-05 13:13:09 0 d-------- C:\Program Files\SwiftKit
2008-07-01 08:36:43 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Xfire
2008-06-28 16:15:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 08:39:20 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-23 09:21:09 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-06-17 21:29:23 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2008-06-14 23:29:54 0 d-------- C:\Program Files\Oxeye Games
2008-06-14 22:53:49 0 d-------- C:\Program Files\mIRC
2008-06-14 22:46:29 0 d-------- C:\Program Files\PacificPoker4
2008-06-10 18:59:43 23552 --a----c- C:\WINDOWS\xobglu32.dll
2008-06-10 18:59:43 63488 --a----c- C:\WINDOWS\xobglu16.dll
2008-06-06 19:42:44 0 d-------- C:\Program Files\Atari
2008-06-05 18:07:58 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2008-06-05 18:07:49 0 d-------- C:\Program Files\ZoneAlarmSB
2008-06-05 15:28:16 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\iolo
2008-06-02 17:27:34 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\GSC
2008-05-31 09:36:29 0 d-------- C:\Program Files\WorkPace 3.0
2008-05-23 10:34:18 4 --a------ C:\mems001.dat
2008-05-21 22:52:52 0 d-------- C:\Program Files\Uniblue
2008-05-21 22:49:04 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\MailWasherPro
2008-05-21 22:44:41 0 d-------- C:\Program Files\Innovative Solutions
2008-05-21 22:11:12 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Auslogics
2008-05-21 06:59:20 0 d-------- C:\Program Files\Auslogics
2008-05-20 22:08:48 0 d-------- C:\Program Files\Registry Clean Expert
2008-05-20 22:02:19 0 d-------- C:\Program Files\VS Revo Group
2008-05-20 21:29:57 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-05-20 21:29:03 0 d-------- C:\Program Files\Quick StartUp
2008-05-18 12:54:48 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-05-17 08:50:32 0 d-------- C:\Program Files\WarRock
2008-05-02 22:12:29 6736 --a----c- C:\WINDOWS\mozver.dat
2008-04-24 17:34:57 528 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\ubroadcastStationManager.xml
2008-04-20 21:10:56 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-20 21:10:55 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-12 21:38:47 3374929 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\dance dance revolution - ddr - 99 red ballons (techno remix).ub
2008-04-12 21:35:53 2120254 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\Nickleback - How You Remind Me.ub
2008-04-12 21:34:53 3433865 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\The All-American Rejects - My Paper Heart.ub
2008-04-12 21:30:08 3487284 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\The All-American Rejects - It Ends Tonight.ub
2008-04-12 21:27:42 3832463 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\The All-American Rejects - Move Along.ub
2008-04-12 21:26:42 3301470 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\The All-American Rejects - Dirty Little Secrets.ub
2008-04-12 21:24:01 1337396 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\DDR - Speed Over Beethoven.ub
2008-04-12 21:08:12 4289252 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\Nickleback - Photograph.ub
2008-04-12 21:06:59 5200246 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\Nickleback - Far Away.ub
2008-04-12 21:04:18 3169450 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\Jimmy Eat World - The Middle.ub
2008-04-12 20:34:16 3471981 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\HereWithoutYou.ub
2008-04-12 20:33:05 6697313 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\DragonForce Through The Fire And Flames.ub


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
06/05/2008 06:07 PM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [06/05/2008 06:07 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 10:34 PM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [01/29/2007 07:22 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [08/04/2004 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"x3watch"="C:\Program Files\X3watch\x3watch.exe" [09/28/2007 08:50 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/02/2008 05:18 PM]
"WorkPace 3.0"="C:\Program Files\WorkPace 3.0\workpace.exe" [03/15/2006 03:52 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Steam"="c:\program files\steam\steam.exe" [03/27/2008 05:42 PM]
"New Application"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe" [03/29/2008 11:18 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/06/2008 01:50 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 02:39 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [12/18/2007 02:20 PM]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [6/26/2008 1:10:40 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoUserNameInStartMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1
"MaxRecentDocs"=0
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcYpnKa

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Hare.lnk]
backup=C:\WINDOWS\pss\Hare.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
"C:\Program Files\CCleaner\CCleaner.exe" /AUTO

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
"C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
"C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
"C:\Program Files\Uniblue\SpeedUpMyPC" 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9




-- End of Deckard's System Scanner: finished at 2008-07-11 15:55:55 ------------

Extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 510.48 MiB / 169.29 MiB
Pagefile Memory (total/avail): 1244.2 MiB / 711.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.04 MiB

C: is Fixed (NTFS) - 179.8 GiB total, 124.71 GiB free.
D: is Fixed (FAT32) - 6.5 GiB total, 0.44 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3200822A - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 6.51 GiB - D:
\PARTITION1 (bootable) - Installable File System - 179.8 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.)
AV: avast! antivirus 4.8.1169 [VPS 080711-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-27E1513D96
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Owner
LOGONSERVER=\\YOUR-27E1513D96
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
sourcesdk=c:\program files\steam\steamapps\sony100111\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=YOUR-27E1513D96
USERNAME=Compaq_Owner
USERPROFILE=C:\Documents and Settings\Compaq_Owner
VProject=c:\program files\steam\steamapps\sony100111\counter-strike source\cstrike
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Disk Cleaner --> MsiExec.exe /X{6C2EDF63-C83B-4AAD-AC26-1784660F618B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BOINC --> MsiExec.exe /I{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}
Cablenut 4.08 --> C:\Program Files\Cablenut\uninst-cablenut.exe
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Civilization III Complete Edition --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
Creative Media Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative ZEN Stone User's Guide --> "C:\Program Files\Creative\Creative ZEN Stone\UGRemove.exe" /Product_Name:ZENStoneUG
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Free Registry Defrag --> "C:\Program Files\Registry Clean Expert\unins000.exe"
GSC --> C:\Program Files\InstallShield Installation Information\{298FC7A4-44AF-411D-BB17-C8516C20849B}\setup.exe -runfromtemp -l0x0409
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet 5400 series --> C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{E6FC4EEE-2EEA-49A7-B036-908B9BD4BB70}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Motorola SM56 Speakerphone Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quick StartUp 2.3 --> "C:\Program Files\Quick StartUp\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Task Manager 1.7f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Snow Sakura --> C:\WINDOWS\unvise32.exe C:\Program Files\G-Collections\uninstal.log
Sony Vegas Pro 8.0 --> MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
Source SDK --> "C:\Program Files\Steam\steam.exe" steam://uninstall/211
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Source SDK Base 2007 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/218
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SwiftKit --> C:\Program Files\SwiftKit\Uninstall.exe
TweakNow RegCleaner Standard --> "C:\Program Files\TweakNow RegCleaner Std\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WorkPace 3.0 --> "C:\PROGRA~1\WORKPA~1.0\UNINST~1.EXE" C:\PROGRA~1\WORKPA~1.0\INSTALL.LOG
X3watch 5.0.5 --> "C:\Program Files\X3watch\unins000.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log -------------------------------------------------------

Event Record #/Type1828 / Success
Event Submitted/Written: 07/10/2008 09:09:08 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1808 / Success
Event Submitted/Written: 07/09/2008 09:17:50 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1795 / Success
Event Submitted/Written: 07/09/2008 08:06:21 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1775 / Success
Event Submitted/Written: 07/06/2008 09:30:06 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1755 / Success
Event Submitted/Written: 07/02/2008 10:56:17 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type103330 / Warning
Event Submitted/Written: 07/11/2008 10:45:48 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type103325 / Error
Event Submitted/Written: 07/10/2008 11:54:24 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type103324 / Error
Event Submitted/Written: 07/10/2008 11:54:20 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type103323 / Error
Event Submitted/Written: 07/10/2008 11:54:16 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type103322 / Error
Event Submitted/Written: 07/10/2008 11:54:13 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-07-11 15:55:55 ------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I can see where the problem lies now, so to work :)

First I will secure your system

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 6


Please note any other programs that you dont recognize in that list in your next response

TO START

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\aKnpYcdd.ini2
    C:\WINDOWS\system32\mnUENqru.ini2
    C:\WINDOWS\system32\clbdll.dll
    C:\WINDOWS\system32\windrv.sys
    C:\WINDOWS\system32\ddcYpnKa
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : MBAM and OTMoveit log, plus how is your system running now ?
  • 0

#5
Poke

Poke

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Ok here they are, and just wondering, what was my problem?

Malwarebytes' Anti-Malware 1.20
Database version: 942
Windows 5.1.2600 Service Pack 2

10:46:11 AM 7/12/2008
mbam-log-7-12-2008 (10-46-11).txt

Scan type: Quick Scan
Objects scanned: 65384
Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6T32LII5\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6T32LII5\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6T32LII5\revosetup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\U97AFZRN\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\run_mod.bat (Trojan.Agent) -> Quarantined and deleted successfully.


OTC:\WINDOWS\system32\aKnpYcdd.ini2 moved successfully.
C:\WINDOWS\system32\mnUENqru.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.dll NOT unregistered.
C:\WINDOWS\system32\clbdll.dll moved successfully.
C:\WINDOWS\system32\windrv.sys moved successfully.
File/Folder C:\WINDOWS\system32\ddcYpnKa not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_095108

Edited by Poke, 12 July 2008 - 11:52 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Ok here they are, and just wondering, what was my problem?

][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcYpnKa

This registry key allows the malware access to your system

Lsass.exe, the "Local Security Authentication Server", generates the process responsible for authenticating users for the Winlogon service.
At System startup, the LSA will load the authentication package DLLs referenced in the following registry value:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"


A recent variant of Virtumonde/Vundo malware adds to this registry value in order to load a dll into memory:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcYpnKa.dll

Whoever the user is that signs on - even if passwords are changed


Lesson over :)

How is your system running now any further problems ?
  • 0

#7
Poke

Poke

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Looks like its gone but ill hope it didnt hack email. Thx for all ur help.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#9
Poke

Poke

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Any anti viruses that are free do u recommend?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I use Avast which is free but does require annual registration and I see you have that - or do you mean antispyware ?
  • 0

#11
Poke

Poke

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Good enough.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP