Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

vundo trojan please help [RESOLVED]


  • This topic is locked This topic is locked

#1
gamerzzz

gamerzzz

    Member

  • Member
  • PipPip
  • 12 posts
I tryed using 2 different tools to remove my problem including vundofix and VirtumundoBegone. Vundofix picked up the error but whenever i try to fix the problem the computer either freezes or restarts. With virtumundobegone it didn't even pick up the problem. I know there is a problem because even windows defender picks it up. My hijackthis log file is here...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:09 AM, on 7/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Ryan\Desktop\Desktop icon shortcuts\other\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=GT5404
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT5404
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\efcdaWnk.dll,#1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [00e97af7] rundll32.exe "C:\Users\Ryan\AppData\Local\Temp\cyhiterc.dll",b
O4 - HKCU\..\Run: [BM03da496b] Rundll32.exe "C:\Users\Ryan\AppData\Local\Temp\pujngquv.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1933435250-3723658570-234160391-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 10955 bytes


please help

Edited by Mike, 20 July 2008 - 12:24 PM.

  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Mylog" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.
    If the forum doesn't let you upload it then please zip the .run file by right clicking the file and selecting send to Zip file.

To attach a file, do the following:* Click Add Reply
* Under the reply panel is the Attachments Panel
* Browse for the attachment file you want to upload, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* Click on Posted Image to insert the attachment into your post

Edited by Mike, 12 July 2008 - 12:51 PM.

  • 0

#3
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Opened at topic starters request.

*note information comes from PM.

I'll need you to post the .run file not the log file, take a look at the above instructions again and attach the file here :)
  • 0

#5
gamerzzz

gamerzzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
sorry my bad heres what u wanted i think

Attached File  logfile.zip   109.64KB   60 downloads
  • 0

#6
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there :)

Download the zipped attachment at the end of this post (this will be your runscanner file fixed by me).
  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC
then,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

Edited by Mike, 22 July 2008 - 02:47 AM.

  • 0

#7
gamerzzz

gamerzzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
main:

Deckard's System Scanner v20071014.68
Run by other owner on 2008-07-23 16:23:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
19: 2008-07-23 16:59:58 UTC - RP322 - Scheduled Checkpoint
18: 2008-07-22 21:32:06 UTC - RP321 - Windows Update
17: 2008-07-22 00:11:46 UTC - RP320 - Scheduled Checkpoint
16: 2008-07-20 20:34:31 UTC - RP319 - Scheduled Checkpoint
15: 2008-07-18 15:23:29 UTC - RP318 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-07-08 16:34:52 UTC - RP300 - Device Driver Package Install: VSO Software


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis (run as other owner.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:18 PM, on 7/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Users\other owner\Desktop\dss.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Users\Ryan\Desktop\DESKTO~1\other\other owner.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=GT5404
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT5404
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BM03da496b] Rundll32.exe "C:\Users\OTHERO~1\AppData\Local\Temp\sllygbvh.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1933435250-3723658570-234160391-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 9503 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-23 16:25:11 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{F24906C1-A4AF-46D9-B33B-8A89458A158A}.job
2008-07-23 16:16:16 450 --a------ C:\Windows\Tasks\RegCure Program Check.job
2008-07-15 19:02:47 384 --a------ C:\Windows\Tasks\RegCure.job
2008-06-16 08:38:13 334 --a------ C:\Windows\Tasks\McQcTask.job
2008-06-16 08:38:13 342 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-22 16:39:15 0 d-------- C:\Program Files\Act-3D
2008-07-22 16:22:21 0 d-------- C:\Program Files\Virtual Hottie 2
2008-07-20 13:06:05 61440 --a------ C:\Windows\diabunin.exe
2008-07-20 13:06:05 86528 --a------ C:\Windows\bnetunin.exe
2008-07-15 17:00:59 0 d-------- C:\Program Files\RegCure
2008-07-15 16:53:13 0 d-------- C:\Program Files\Alwil Software
2008-07-12 20:55:36 0 --a------ C:\Users\Ryan\jagex_runescape_preferences.dat
2008-07-12 07:11:55 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-07-12 05:41:04 0 d-------- C:\VundoFix Backups
2008-07-09 08:42:05 0 d-------- C:\Program Files\Xilisoft
2008-07-08 10:57:54 0 d-------- C:\Temp
2008-07-08 10:57:27 81920 --a------ C:\Windows\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-07-08 10:57:25 323584 --a------ C:\Windows\system32\FoxImager.dll
2008-07-08 10:57:24 0 d-------- C:\Program Files\Cheetah Burner
2008-07-08 09:34:28 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-07-07 14:22:00 0 d-------- C:\Program Files\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-07-23 16:13:53 0 d-------- C:\Users\other owner\AppData\Roaming\uTorrent
2008-07-20 12:58:51 0 d-------- C:\Users\other owner\AppData\Roaming\DAEMON Tools
2008-07-20 12:53:58 0 d-------- C:\Program Files\Diablo II
2008-07-20 12:53:11 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-07-17 11:08:14 0 d-------- C:\Users\other owner\AppData\Roaming\Adobe
2008-07-11 09:24:36 0 d-------- C:\Users\other owner\AppData\Roaming\Google
2008-07-10 18:49:33 0 d-------- C:\Users\other owner\AppData\Roaming\acccore
2008-07-10 14:12:57 0 d-------- C:\Users\other owner\AppData\Roaming\Vso
2008-07-10 11:54:16 174 --ahs---- C:\Program Files\desktop.ini
2008-07-09 21:24:31 0 d-------- C:\Program Files\Windows Mail
2008-07-08 11:00:33 0 d-------- C:\Users\other owner\AppData\Roaming\DivX
2008-07-08 10:57:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 09:35:43 34 --a------ C:\Users\other owner\AppData\Roaming\pcouffin.log
2008-07-08 09:34:34 7887 --a------ C:\Users\other owner\AppData\Roaming\pcouffin.cat
2008-07-07 14:15:37 0 d-------- C:\Program Files\LimeWire
2008-07-06 13:32:13 0 d-------- C:\Users\other owner\AppData\Roaming\LimeWire
2008-06-22 16:27:07 0 d-------- C:\Users\other owner\AppData\Roaming\vlc
2008-06-22 15:39:19 0 d-------- C:\Users\other owner\AppData\Roaming\Macromedia
2008-06-22 15:37:34 0 d-------- C:\Users\other owner\AppData\Roaming\Mozilla
2008-06-22 15:37:16 0 d-------- C:\Users\other owner\AppData\Roaming\GTek
2008-06-22 15:36:48 0 d-------- C:\Users\other owner\AppData\Roaming\Identities
2008-06-22 11:36:50 8191 --a------ C:\Windows\17PHolmes1864.exe
2008-06-17 14:41:43 0 d-------- C:\Program Files\Project64 1.6
2008-06-16 08:38:21 0 d-------- C:\Program Files\McAfee
2008-06-14 21:55:10 0 d-------- C:\Program Files\Common Files
2008-06-14 21:55:10 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-06-13 20:43:13 0 d-------- C:\Program Files\Disney
2008-06-09 16:44:53 0 d-------- C:\Program Files\Rockstar Games
2008-06-09 16:44:53 0 d-------- C:\Program Files\Kazaa
2008-06-09 16:44:52 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-06-04 13:29:43 0 d-------- C:\Program Files\Microsoft Games
2008-06-03 19:20:51 0 d-------- C:\Program Files\Gateway Games
2008-06-03 19:19:04 0 d-------- C:\Program Files\Warcraft III
2008-06-01 11:45:48 18041 --a------ C:\Windows\DIIUnin.dat
2008-06-01 10:31:13 21840 --a------ C:\Windows\system32\SIntfNT.dll
2008-06-01 10:31:12 17212 --a------ C:\Windows\system32\SIntf32.dll
2008-06-01 10:31:12 12067 --a------ C:\Windows\system32\SIntf16.dll
2008-06-01 00:56:40 2829 --a------ C:\Windows\DIIUnin.pif
2008-06-01 00:56:40 94208 --a------ C:\Windows\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-05-31 19:33:29 0 d-------- C:\Program Files\Napster
2008-05-31 19:32:57 0 d-------- C:\Program Files\Common Files\Napster Shared
2008-05-31 14:14:31 0 d-------- C:\Program Files\PowerISO
2008-05-31 13:54:07 0 d-------- C:\Program Files\SwiftKit
2008-05-31 13:43:08 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-30 22:19:24 0 d-------- C:\Program Files\7-Zip
2008-05-27 17:49:48 0 d-------- C:\Program Files\Freeze.com
2008-05-27 17:49:45 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-05-25 08:25:03 0 d-------- C:\Program Files\Autodesk


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
07/31/2007 04:33 PM 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 07:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [11/18/2006 07:01 AM]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [09/26/2006 10:56 AM]
"CHotkey"="zHotkey.exe" [11/07/2006 02:08 PM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [01/27/2005 09:13 AM C:\WINDOWS\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [11/07/2006 02:34 PM C:\WINDOWS\ModPS2Key.exe]
"SigmatelSysTrayApp"="sttray.exe" [11/02/2006 11:38 AM C:\WINDOWS\sttray.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 12:39 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/28/2007 02:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 06:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 06:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 06:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 04:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/08/2008 11:49 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"BM03da496b"="C:\Users\OTHERO~1\AppData\Local\Temp\sllygbvh.dll,s" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c42b72e2-2f51-11dd-a432-00146c6629e4}]
AutoRun\command- K:\AUTORUN.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-23 16:31:45 ------------
  • 0

#8
gamerzzz

gamerzzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
extra:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 1013.41 MiB / 188.31 MiB
Pagefile Memory (total/avail): 2280.95 MiB / 1186.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.81 MiB

C: is Fixed (NTFS) - 223.19 GiB total, 80.55 GiB free.
D: is Fixed (NTFS) - 9.69 GiB total, 5.5 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Fixed (FAT32) - 37.24 GiB total, 8.09 GiB free.
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250824AS - 232.88 GiB - 2 partitions
\PARTITION0 - Installable File System - 9.69 GiB - D:
\PARTITION1 (bootable) - Installable File System - 223.19 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - ST94813A USB Device - 37.26 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 37.25 GiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AV: avast! antivirus 4.8.1201 [VPS 080723-1] v4.8.1201 (ALWIL Software)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1201 [VPS 080723-1] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\other owner\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAMAL
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\other owner
LOCALAPPDATA=C:\Users\other owner\AppData\Local
LOGONSERVER=\\JAMAL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\OTHERO~1\AppData\Local\Temp
TMP=C:\Users\OTHERO~1\AppData\Local\Temp
USERDOMAIN=Jamal
USERNAME=other owner
USERPROFILE=C:\Users\other owner
VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

IUSR_NMPR
Ryan
other owner


-- Add/Remove Programs ---------------------------------------------------------

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.58 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Premiere Pro 1.5 --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x0009
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Applian FLV Player --> "C:\Windows\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battle.net --> C:\Windows\bnetunin.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector --> regsvr32 /u /s "c:\google\BAE.dll"
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXE
Diablo --> C:\Windows\diabunin.exe
Diablo II --> C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Platinum 4.0.6.2 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
EZ Videos - EVTV 1 --> "C:\PROGRA~1\Freeze.com\EZ Videos - EVTV 1\UNINSTAL.EXE"
Freecorder Toolbar --> C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG
Freecorder Toolbar 3.0 Application --> "C:\Windows\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gateway Game Console --> "C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"
Gateway Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
GIMP 2.4.2 --> "C:\Users\Ryan\Desktop\Desktop icon shortcuts\programming and editing\GIMP-2.0\setup\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTA2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Users\Ryan\Desktop\Desktop icon shortcuts\other\HijackThis.exe" /uninstall
Homestead SiteBuilder --> C:\Program Files\Homestead\Homestead SiteBuilder\hkuninst.exe -path C:\Program Files\Homestead\Homestead SiteBuilder
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® Viiv™ Software --> MsiExec.exe /X{26C610BF-761B-4209-BD6A-A0F1B73D6DDE} /qb!
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Maya 8.5 Personal Learning Edition Documentation (en_US) --> MsiExec.exe /I{6A829DA3-E377-4BC0-938F-F453C6BB3F67}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual C++ 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition - ENU --> MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
PlayPro's Interactive Guitar v2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514780-E2A4-11D4-BF97-8D5FC6493A42}\Setup.exe" -uninst
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2 Multimedia Keyboard Driver --> "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\setup.exe" -ul
Quest3D Viewers 3.0e --> "C:\Program Files\Act-3D\Quest3D Viewers 3.0e\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RCT3 Soaked --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Replay Converter 2.8 --> C:\Windows\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini"
RollerCoaster Tycoon® 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
The Sims™ 2 Deluxe --> C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Unreal Tournament 2004 --> C:\UT2004\System\Setup.exe uninstall "UT2004"
VC Runtimes MSI --> MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Hottie 2 --> C:\Users\other owner\Desktop\other programs\Q3DUnInst.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xilisoft DVD Creator --> C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe
XviD MPEG4 Video Codec (remove only) --> "C:\Windows\system32\xvid-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type12502 / Success
Event Submitted/Written: 07/23/2008 04:16:05 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type12501 / Success
Event Submitted/Written: 07/23/2008 04:16:03 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type12496 / Success
Event Submitted/Written: 07/23/2008 04:15:54 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type12488 / Warning
Event Submitted/Written: 07/23/2008 04:14:10 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1933435250-3723658570-234160391-1002_Classes:
Process 876 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1933435250-3723658570-234160391-1002_CLASSES

Event Record #/Type12487 / Warning
Event Submitted/Written: 07/23/2008 04:14:08 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1933435250-3723658570-234160391-1002:
Process 876 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1933435250-3723658570-234160391-1002



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type86272 / Warning
Event Submitted/Written: 07/23/2008 04:20:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jamal27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jamal27 can't undo changes that you allow.

For more information please see the following:
%Jamal275

Scan ID: {569F8ED9-378A-4DCC-9631-650CC1A614AA}

User: Jamal\other owner

Name: %Jamal271

ID: %Jamal272

Severity ID: %Jamal273

Category ID: %Jamal274

Path Found: %Jamal276

Alert Type: %Jamal278

Detection Type: 1.1.1505.02

Event Record #/Type86271 / Warning
Event Submitted/Written: 07/23/2008 04:20:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jamal27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jamal27 can't undo changes that you allow.

For more information please see the following:
%Jamal275

Scan ID: {D0C1CE47-4DC8-485F-8D89-EA5AA9C577D8}

User: Jamal\other owner

Name: %Jamal271

ID: %Jamal272

Severity ID: %Jamal273

Category ID: %Jamal274

Path Found: %Jamal276

Alert Type: %Jamal278

Detection Type: 1.1.1505.02

Event Record #/Type86270 / Warning
Event Submitted/Written: 07/23/2008 04:19:22 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type86269 / Warning
Event Submitted/Written: 07/23/2008 04:19:22 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type86247 / Warning
Event Submitted/Written: 07/23/2008 04:14:33 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-07-23 16:31:45 ------------
  • 0

#9
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

You have two antivirus programs installed, McAfee and Avast! - running more than one program only lowers your protection and slows down your computer.
Please uninstall one of them now, which one is up to you.

Did you install Freecorder by Conduit? Some Conduit toolbars are reputed to have a certain adware/trackware functionality.

I would stay away from registry cleaners - one mistake and it could mean you need to reformat.
Not to mention the program RegCure doesn't have a great reputation.

Go to add or remove programs and uninstall:
Virtual Hottie 2
Freeze.com
Free Offers from Freeze.com
Viewpoint Media Player


Now,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\Virtual Hottie 2
    C:\Windows\diabunin.exe
    C:\Windows\bnetunin.exe
    C:\Windows\17PHolmes1864.exe
    C:\Program Files\Freeze.com
    C:\Program Files\Free Offers from Freeze.com
    K:\AUTORUN.EXE
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM03da496b
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c42b72e2-2f51-11dd-a432-00146c6629e4}
    emptytemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Then,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by Mike, 24 July 2008 - 04:39 AM.

  • 0

#10
gamerzzz

gamerzzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTmoveit

Explorer killed successfully
C:\Program Files\Virtual Hottie 2\Default\whiteRoom moved successfully.
C:\Program Files\Virtual Hottie 2\Default\temple moved successfully.
C:\Program Files\Virtual Hottie 2\Default\Morphs moved successfully.
C:\Program Files\Virtual Hottie 2\Default\menu moved successfully.
C:\Program Files\Virtual Hottie 2\Default\island moved successfully.
C:\Program Files\Virtual Hottie 2\Default\interface moved successfully.
C:\Program Files\Virtual Hottie 2\Default\Hair moved successfully.
C:\Program Files\Virtual Hottie 2\Default\Forest moved successfully.
C:\Program Files\Virtual Hottie 2\Default\extras moved successfully.
C:\Program Files\Virtual Hottie 2\Default\channels moved successfully.
C:\Program Files\Virtual Hottie 2\Default\3rd moved successfully.
C:\Program Files\Virtual Hottie 2\Default moved successfully.
C:\Program Files\Virtual Hottie 2 moved successfully.
C:\Windows\diabunin.exe moved successfully.
C:\Windows\bnetunin.exe moved successfully.
C:\Windows\17PHolmes1864.exe moved successfully.
File/Folder C:\Program Files\Freeze.com not found.
C:\Program Files\Free Offers from Freeze.com moved successfully.
File/Folder K:\AUTORUN.EXE not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM03da496b >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM03da496b deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c42b72e2-2f51-11dd-a432-00146c6629e4} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c42b72e2-2f51-11dd-a432-00146c6629e4}\\ deleted successfully.
< emptytemp >
File delete failed. C:\Users\OTHERO~1\AppData\Local\Temp\~DFFAD6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07242008_145321

Files moved on Reboot...
File C:\Users\OTHERO~1\AppData\Local\Temp\~DFFAD6.tmp not found!
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
  • 0

Advertisements


#11
gamerzzz

gamerzzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
MALWAREBYTES


Malwarebytes' Anti-Malware 1.23
Database version: 988
Windows 6.0.6000

3:35:40 PM 7/24/2008
mbam-log-7-24-2008 (15-35-40).txt

Scan type: Quick Scan
Objects scanned: 40151
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b682b571-b6ca-4f0b-843d-4f368a214847} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Spyware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a40daa84-0eac-44c2-a45c-76688f005ac0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Ryan\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Ryan\AppData\Local\Temp\uwwuiowm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Local\Temp\fvvemxby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Local\Temp\pdhixwkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Local\Temp\CmdLineExt02.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Ryan\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Ryan\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Spyware.BHO) -> Delete on reboot.
  • 0

#12
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,



Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Re-run DSS and post the log here as well please :)
  • 0

#13
gamerzzz

gamerzzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 25, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 25, 2008 17:18:29
Records in database: 1008024
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 115167
Threat name: 4
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 01:58:09


File name / Threat name / Threats count
C:\Deckard\System Scanner\backup\Users\OTHERO~1\AppData\Local\Temp\avaevntv.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Deckard\System Scanner\backup\Users\OTHERO~1\AppData\Local\Temp\harrorkr.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Deckard\System Scanner\backup\Users\OTHERO~1\AppData\Local\Temp\nhvuowqy.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Deckard\System Scanner\backup\Users\OTHERO~1\AppData\Local\Temp\sllygbvh.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Deckard\System Scanner\backup\Users\OTHERO~1\AppData\Local\Temp\ssqQKccA.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Deckard\System Scanner\backup\Users\OTHERO~1\AppData\Local\Temp\wmtjdsig.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVJERFCF\kb456456[1] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVJERFCF\kb671231[1] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVJERFCF\kb767887[1] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM4RMY0I\kb456456[1] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM4RMY0I\kb456456[2] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM4RMY0I\kb671231[1] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM4RMY0I\kb671231[2] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM4RMY0I\kb767887[1] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM4RMY0I\kb767887[2] Infected: Trojan.Win32.Monderc.gen 1
C:\Users\other owner\Documents\Downloads\DVD Fab Platinum 4.0.6.2 (with serial key)\DVD Fab Platinum 4.0.6.2 (with serial key).rar Infected: Trojan.Win32.Delf.cwu 1
C:\Users\other owner\Documents\Downloads\DVD Fab Platinum 4.0.6.2 (with serial key)\DVDFab.Platinum.4.0.6.2.rar Infected: Trojan.Win32.Delf.cwu 1
J:\music\gay\fire ol dirty [bleep]1.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
J:\music\gay\swizz beats blow your mine.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
J:\Nero-8.3.2.1_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1

The selected area was scanned.
  • 0

#14
gamerzzz

gamerzzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Deckard's System Scanner v20071014.68
Run by other owner on 2008-07-25 11:55:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis (run as other owner.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:47 AM, on 7/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\other owner\Desktop\anti-virus stuff\dss.exe
C:\Users\Ryan\Desktop\DESKTO~1\other\OTHERO~1.EXE
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=GT5404
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT5404
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1933435250-3723658570-234160391-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0301771216936364) (0301771216936364mcinstcleanup) - Unknown owner - C:\Users\OTHERO~1\AppData\Local\Temp\030177~1.EXE (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8025 bytes

-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-24 15:27:06 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-24 15:27:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 14:40:57 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-07-23 18:46:30 23 --a------ C:\Users\other owner\jagex_runescape_preferences.dat
2008-07-22 16:39:15 0 d-------- C:\Program Files\Act-3D
2008-07-15 16:53:13 0 d-------- C:\Program Files\Alwil Software
2008-07-12 20:55:36 0 --a------ C:\Users\Ryan\jagex_runescape_preferences.dat
2008-07-12 07:11:55 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-07-12 05:41:04 0 d-------- C:\VundoFix Backups
2008-07-09 08:42:05 0 d-------- C:\Program Files\Xilisoft
2008-07-08 10:57:54 0 d-------- C:\Temp
2008-07-08 10:57:27 81920 --a------ C:\Windows\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-07-08 10:57:25 323584 --a------ C:\Windows\system32\FoxImager.dll
2008-07-08 10:57:24 0 d-------- C:\Program Files\Cheetah Burner
2008-07-08 09:34:28 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-07-07 14:22:00 0 d-------- C:\Program Files\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-07-25 11:57:43 0 d-------- C:\Users\other owner\AppData\Roaming\uTorrent
2008-07-24 15:27:10 0 d-------- C:\Users\other owner\AppData\Roaming\Malwarebytes
2008-07-24 14:42:19 0 d-------- C:\Program Files\Freecorder
2008-07-24 14:29:50 0 d-------- C:\Program Files\McAfee
2008-07-24 14:29:50 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-20 12:58:51 0 d-------- C:\Users\other owner\AppData\Roaming\DAEMON Tools
2008-07-20 12:53:58 0 d-------- C:\Program Files\Diablo II
2008-07-20 12:53:11 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-07-17 11:08:14 0 d-------- C:\Users\other owner\AppData\Roaming\Adobe
2008-07-11 09:24:36 0 d-------- C:\Users\other owner\AppData\Roaming\Google
2008-07-10 18:49:33 0 d-------- C:\Users\other owner\AppData\Roaming\acccore
2008-07-10 14:12:57 0 d-------- C:\Users\other owner\AppData\Roaming\Vso
2008-07-10 11:54:16 174 --ahs---- C:\Program Files\desktop.ini
2008-07-09 21:24:31 0 d-------- C:\Program Files\Windows Mail
2008-07-08 11:00:33 0 d-------- C:\Users\other owner\AppData\Roaming\DivX
2008-07-08 10:57:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 09:35:43 34 --a------ C:\Users\other owner\AppData\Roaming\pcouffin.log
2008-07-08 09:34:34 7887 --a------ C:\Users\other owner\AppData\Roaming\pcouffin.cat
2008-07-07 14:15:37 0 d-------- C:\Program Files\LimeWire
2008-07-06 13:32:13 0 d-------- C:\Users\other owner\AppData\Roaming\LimeWire
2008-06-22 16:27:07 0 d-------- C:\Users\other owner\AppData\Roaming\vlc
2008-06-22 15:39:19 0 d-------- C:\Users\other owner\AppData\Roaming\Macromedia
2008-06-22 15:37:34 0 d-------- C:\Users\other owner\AppData\Roaming\Mozilla
2008-06-22 15:37:16 0 d-------- C:\Users\other owner\AppData\Roaming\GTek
2008-06-22 15:36:48 0 d-------- C:\Users\other owner\AppData\Roaming\Identities
2008-06-17 14:41:43 0 d-------- C:\Program Files\Project64 1.6
2008-06-14 21:55:10 0 d-------- C:\Program Files\Common Files
2008-06-14 21:55:10 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-06-13 20:43:13 0 d-------- C:\Program Files\Disney
2008-06-09 16:44:53 0 d-------- C:\Program Files\Rockstar Games
2008-06-09 16:44:53 0 d-------- C:\Program Files\Kazaa
2008-06-09 16:44:52 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-06-04 13:29:43 0 d-------- C:\Program Files\Microsoft Games
2008-06-03 19:20:51 0 d-------- C:\Program Files\Gateway Games
2008-06-03 19:19:04 0 d-------- C:\Program Files\Warcraft III
2008-06-01 11:45:48 18041 --a------ C:\Windows\DIIUnin.dat
2008-06-01 10:31:13 21840 --a------ C:\Windows\system32\SIntfNT.dll
2008-06-01 10:31:12 17212 --a------ C:\Windows\system32\SIntf32.dll
2008-06-01 10:31:12 12067 --a------ C:\Windows\system32\SIntf16.dll
2008-06-01 00:56:40 2829 --a------ C:\Windows\DIIUnin.pif
2008-06-01 00:56:40 94208 --a------ C:\Windows\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-05-31 19:33:29 0 d-------- C:\Program Files\Napster
2008-05-31 19:32:57 0 d-------- C:\Program Files\Common Files\Napster Shared
2008-05-31 14:14:31 0 d-------- C:\Program Files\PowerISO
2008-05-31 13:54:07 0 d-------- C:\Program Files\SwiftKit
2008-05-31 13:43:08 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-30 22:19:24 0 d-------- C:\Program Files\7-Zip
2008-05-25 08:25:03 0 d-------- C:\Program Files\Autodesk


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [11/18/2006 07:01 AM]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [09/26/2006 10:56 AM]
"CHotkey"="zHotkey.exe" [11/07/2006 02:08 PM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [01/27/2005 09:13 AM C:\WINDOWS\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [11/07/2006 02:34 PM C:\WINDOWS\ModPS2Key.exe]
"SigmatelSysTrayApp"="sttray.exe" [11/02/2006 11:38 AM C:\WINDOWS\sttray.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 12:39 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/28/2007 02:51 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 06:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 06:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 06:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 04:19 PM]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [07/23/2008 08:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-25 11:58:20 ------------
  • 0

#15
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Cracks will get you infected 99% of the time - aviod them. your DVD Fab came with DELF, one of the hardest infections to remove..

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Users\other owner\Documents\Downloads\DVD Fab Platinum 4.0.6.2 (with serial key)\DVD Fab Platinum 4.0.6.2 (with serial key).rar
    C:\Users\other owner\Documents\Downloads\DVD Fab Platinum 4.0.6.2 (with serial key)\DVDFab.Platinum.4.0.6.2.rar
    J:\music\gay
    J:\Nero-8.3.2.1_eng_trial.exe
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

How is your PC running now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP