Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sites not loading and crashing with IE [RESOLVED]


  • This topic is locked This topic is locked

#1
D3adGeek

D3adGeek

    New Member

  • Member
  • Pip
  • 8 posts
I have seen many topics with this problem. I have Vista and here is the Main.txt and Extra.txt pasted. I use Firefox but I keep getting disconected sometimes.

I had many Popups with IE but I have been able to remove that after cleaning with like 10 diff. spyware removal.
What left is that IE has many site that does not load and also crash. Doing so, my desktop close in Vista and then reopen. Very annoying.
thanks for your time:

**** MAIN.TXT *****

Deckard's System Scanner v20071014.68
Run by D3ady on 2008-07-16 17:24:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 22.96 GiB (less than 15%) free.


-- HijackThis (run as D3ady.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:07 PM, on 16/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\D3ady\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\D3ady.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMbfb2680a] Rundll32.exe "C:\Windows\system32\wfftaotv.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 2584 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080711-192004-131 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
backup-20080711-192004-134 O1 - Hosts: ::1 localhost
backup-20080711-192004-145 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080711-192004-210 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080711-192004-288 O4 - HKLM\..\Run: [BMbfb2680a] Rundll32.exe "C:\Windows\system32\wfftaotv.dll",s
backup-20080711-192004-295 O4 - HKLM\..\Run: [bc815b96] rundll32.exe "C:\Windows\system32\jydyhylt.dll",b
backup-20080711-192004-303 O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
backup-20080711-192004-320 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20080711-192004-427 O2 - BHO: (no name) - {FE2CCF85-65F9-4B2A-97D5-F6261BF5F0D1} - C:\Windows\system32\wvUoLCRi.dll (file missing)
backup-20080711-192004-439 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080711-192004-626 O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
backup-20080711-192004-673 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080711-192004-675 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080711-192004-709 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080711-192004-733 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
backup-20080711-192004-775 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080711-192004-778 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080711-192004-779 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
backup-20080711-192004-896 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080711-192004-925 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080711-192004-941 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
backup-20080711-192004-957 O2 - BHO: {c92d569b-b5cf-de2a-e784-a20da305bd7d} - {d7db503a-d02a-487e-a2ed-fc5bb965d29c} - C:\Windows\system32\hejivm.dll
backup-20080711-192728-176 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080711-192728-201 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
backup-20080711-192728-342 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
backup-20080711-192728-404 O4 - HKLM\..\Run: [BMbfb2680a] Rundll32.exe "C:\Windows\system32\wfftaotv.dll",s
backup-20080711-192728-473 O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstrea...81/activeid.cab
backup-20080711-192728-624 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080711-192728-774 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
backup-20080711-192728-879 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.liv...NPUplden-us.cab
backup-20080711-192728-955 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 SBKUPNT - \??\c:\windows\system32\drivers\sbkupnt.sys

S3 ASPI (Advanced SCSI Programming Interface Driver) - \??\c:\windows\system32\drivers\aspi32.sys
S3 libusb0 (LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\3&267A616A&0&49
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\3&267A616A&0&49
Service:


-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-14 17:07:03 0 d--hs---- C:\found.000
2008-07-13 14:47:24 0 d-------- C:\Program Files\iPod
2008-07-13 14:46:04 0 d-------- C:\Program Files\Bonjour
2008-07-11 16:06:05 78336 --a------ C:\Windows\system32\jydyhylt.dll
2008-07-11 15:47:20 103424 --a------ C:\Windows\system32\kqpgkonq.dll
2008-07-11 15:45:26 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-07-11 15:45:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-11 15:44:58 90624 --a------ C:\Windows\system32\wfftaotv.dll
2008-07-10 12:28:02 102912 --a------ C:\Windows\system32\ytdxvyju.dll
2008-07-10 12:24:57 91648 --a------ C:\Windows\system32\smkdgtmh.dll
2008-07-09 12:52:27 102912 --a------ C:\Windows\system32\aecvzl.dll
2008-07-09 12:52:25 102912 --a------ C:\Windows\system32\onwenysx.dll
2008-07-09 12:14:09 91136 --a------ C:\Windows\system32\viqiliok.dll
2008-07-07 00:17:11 0 d-------- C:\Program Files\Alwil Software
2008-07-07 00:16:23 0 d-------- C:\Program Files\Trend Micro
2008-07-06 23:52:56 547235 --ahs---- C:\Windows\system32\iRCLoUvw.ini2
2008-07-06 18:33:00 527992 --ahs---- C:\Windows\system32\lSuFPqss.ini2
2008-07-06 17:19:32 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-06 17:18:09 0 d-------- C:\Users\All Users\Lavasoft
2008-07-06 17:18:09 0 d-------- C:\Program Files\Lavasoft
2008-07-06 16:59:56 507256 --ahs---- C:\Windows\system32\KlnVwyxx.ini2
2008-07-06 12:35:42 524526 --ahs---- C:\Windows\system32\xENWHkkj.ini2
2008-07-06 12:10:48 0 d-------- C:\Program Files\Spyware Doctor
2008-07-05 22:57:19 525728 --ahs---- C:\Windows\system32\OoXxwyay.ini2
2008-07-05 22:52:52 0 d-------- C:\Program Files\Conduit
2008-07-05 21:44:59 0 d-------- C:\Incomplete
2008-06-22 01:15:53 0 d-------- C:\Users\All Users\Viewpoint
2008-06-22 01:15:51 0 d-------- C:\Program Files\Viewpoint
2008-06-22 01:15:50 0 d-------- C:\Users\All Users\acccore
2008-06-22 01:15:28 0 d-------- C:\Users\All Users\AOL
2008-06-22 01:15:28 0 d-------- C:\Users\All Users\AOL OCP
2008-06-22 01:14:55 0 d-------- C:\Program Files\Common Files\AOL
2008-06-22 01:14:14 0 d-------- C:\Program Files\AIM6


-- Find3M Report ---------------------------------------------------------------

2008-07-13 18:28:59 0 d-------- C:\Program Files\Windows Mail
2008-07-13 14:47:37 0 d-------- C:\Program Files\iTunes
2008-07-13 14:45:40 0 d-------- C:\Program Files\QuickTime
2008-07-11 15:45:13 0 d-------- C:\Users\D3ady\AppData\Roaming\SUPERAntiSpyware.com
2008-07-07 11:05:06 4730 --a------ C:\Windows\system32\ealregsnapshot1.reg
2008-07-07 00:17:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 11:56:12 0 d-------- C:\Users\D3ady\AppData\Roaming\LimeWire
2008-07-06 11:48:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 11:48:04 0 d-------- C:\Program Files\Steam
2008-06-22 20:57:43 0 d-------- C:\Program Files\Razor
2008-06-22 01:36:30 0 d-------- C:\Users\D3ady\AppData\Roaming\acccore
2008-06-22 01:14:55 0 d-------- C:\Program Files\Common Files
2008-06-15 18:17:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-15 16:52:29 0 d-------- C:\Program Files\PokerStars
2008-06-15 11:27:54 174 --ahs---- C:\Program Files\desktop.ini
2008-06-15 02:40:28 0 d-------- C:\Program Files\Windows Sidebar
2008-06-15 02:40:28 0 d-------- C:\Program Files\Windows Calendar
2008-06-15 02:40:28 0 d-------- C:\Program Files\Movie Maker
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Journal
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Collaboration
2008-06-15 02:40:26 0 d-------- C:\Program Files\Windows Defender
2008-06-15 02:36:56 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-15 02:36:56 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-06-11 20:32:39 0 d-------- C:\Program Files\DivX
2008-05-30 19:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-28 21:15:38 0 d-------- C:\Program Files\UltraVNC
2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-22 00:15:07 0 d-------- C:\Program Files\4Musics FLAC to MP3 Converter


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2008 10:51 AM]
"BMbfb2680a"="C:\Windows\system32\wfftaotv.dll" [11/07/2008 03:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\wvUoLCRi

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012e49e5-d5a8-11db-a204-00112ff64696}]
AutoRun\command- G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79569aee-eaa6-11db-9c54-00112ff64696}]
AutoRun\command- F:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8772 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-16 17:29:55 ------------

**** EXTRA.TXT ***


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 2046.59 MiB / 1043.85 MiB
Pagefile Memory (total/avail): 4333.7 MiB / 3422.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 223.57 GiB total, 22.96 GiB free.
D: is Fixed (NTFS) - 111.78 GiB total, 23.33 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Promise 1+0 Stripe/RAID0 SCSI Disk Device - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - D:

\\.\PHYSICALDRIVE0 - Promise 2+0 Stripe/RAID0 SCSI Disk Device - 223.58 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 223.57 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: SUPERAntiSpyware v4, 15, 0, 1000 (SUPERAntiSpyware.com)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\D3ady\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D3AD
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HellgateEnv=C:\Program Files\Flagship Studios\Hellgate London\
HOMEDRIVE=C:
HOMEPATH=\Users\D3ady
LOCALAPPDATA=C:\Users\D3ady\AppData\Local
LOGONSERVER=\\D3AD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\D3ady\AppData\Local\Temp
TMP=C:\Users\D3ady\AppData\Local\Temp
USERDOMAIN=D3ad
USERNAME=D3ady
USERPROFILE=C:\Users\D3ady
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

D3ady (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
4Musics FLAC to MP3 Converter 4.3 --> "C:\Program Files\4Musics FLAC to MP3 Converter\unins000.exe"
ABC (remove only) --> C:\Program Files\ABC\Uninstall.exe
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother MFL-Pro Suite --> "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Call of Duty® 4 - Modern Warfare™ --> "C:\Program Files\InstallShield Installation Information\{F82C1FF3-4B7A-49B2-ACF7-5AE402C4C0CB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Call of Duty® 4 - Modern Warfare™ --> MsiExec.exe /X{F82C1FF3-4B7A-49B2-ACF7-5AE402C4C0CB}
Call of Juarez --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF} /Z"UNINSTALL"
Catalyst Control Center - Branding --> MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}
Company of Heroes --> "C:\Program Files\THQ\Company of Heroes\\Uninstall_English.exe"
Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CuteFTP 8 Home --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dark Messiah --> C:\Program Files\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe -runfromtemp -l0x0009 -removeonly
Dark Messiah Might and Magic Multi-Player --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2130
Dark Messiah Might and Magic Single Player --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2100
Diablo II --> C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragonshard --> MsiExec.exe /I{85DF2C7E-183B-4153-9B89-36D0E239E2CB}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EA Link --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
FreeAgent Pro Tools --> C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
Hellgate: London --> MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Indeo® software --> C:\Windows\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Just Cause 1.00.0000 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft LifeCam --> MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft LifeChat --> MsiExec.exe /X{C4C4F736-B75C-4908-A606-A6F4B65F58CC}
Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenAL --> "C:\Program Files\OpenAL\OALInst.exe" /U
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 --> "C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peggle Extreme --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
S.W.I.N.E. --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2806ECD7-D23E-45D7-A918-D6E5EA1C4D8E}\setup.exe" -l0x9 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
Stronghold Legends --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66A405D2-BA14-4594-BF36-B3B544F0754E}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sword of The New World --> "C:\Program Files\Sword of The New World\unins000.exe"
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Total Overdose --> MsiExec.exe /X{051E7B99-6D35-4905-BAF3-740893EF657A}
Transformers™ - The Game --> C:\Program Files\InstallShield Installation Information\{5645BA4F-2BF3-4F31-B3F7-710700C92456}\setup.exe -runfromtemp -l0x0409
Ultima Online: Mondain's Legacy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}\setup.exe" -l0x9 -removeonly
UltraVNC v1.0.2 --> "C:\Program Files\UltraVNC\unins000.exe"
Unreal Tournament 3 Demo --> "C:\Users\D3ady\AppData\Roaming\InstallShield Installation Information\{3266FEA9-98E9-448B-B235-DAC63D4CE781}\setup.exe" -runfromtemp -l0x0409 -removeonly
Unreal Tournament 3 Demo --> MsiExec.exe /X{3266FEA9-98E9-448B-B235-DAC63D4CE781}
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type20832 / Error
Event Submitted/Written: 07/16/2008 05:27:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application cscript.exe, version 5.7.0.18068, time stamp 0x48235878, faulting module SHLWAPI.dll, version 6.0.6001.18000, time stamp 0x4791a75c, exception code 0xc0000005, fault offset 0x0001ed6c,
process id 0x744, application start time 0xcscript.exe0.

Event Record #/Type20830 / Error
Event Submitted/Written: 07/16/2008 05:27:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application D3ady.exe, version 2.0.0.2, time stamp 0x466838c1, faulting module SHLWAPI.dll, version 6.0.6001.18000, time stamp 0x4791a75c, exception code 0xc0000005, fault offset 0x0001ed6c,
process id 0xd60, application start time 0xD3ady.exe0.

Event Record #/Type20829 / Error
Event Submitted/Written: 07/16/2008 00:21:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x00009c00,
process id 0x6cc, application start time 0xExplorer.EXE0.

Event Record #/Type20823 / Success
Event Submitted/Written: 07/16/2008 00:13:25 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type20817 / Success
Event Submitted/Written: 07/16/2008 00:13:19 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type96907 / Error
Event Submitted/Written: 07/16/2008 05:25:39 PM
Event ID/Source: 12294 / atikmdag
Event Description:
CRT invalid display type

Event Record #/Type96838 / Error
Event Submitted/Written: 07/16/2008 00:13:20 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
ASInsHelp%%2

Event Record #/Type96802 / Error
Event Submitted/Written: 07/16/2008 00:13:08 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type96800 / Error
Event Submitted/Written: 07/16/2008 00:12:55 PM
Event ID/Source: 12294 / atikmdag
Event Description:
CRT invalid display type

Event Record #/Type96793 / Error
Event Submitted/Written: 07/16/2008 00:12:43 PM
Event ID/Source: 6 / Microsoft-Windows-Kernel-Processor-Power
Event Description:




-- End of Deckard's System Scanner: finished at 2008-07-16 17:29:55 ------------
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please uninstall Viewpoint Media Player from your computer..


Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall


Regards
fenzodahl512
  • 0

#3
D3adGeek

D3adGeek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are the 2 lots. thanks alot for the help!

ComboFix 08-07-15.4 - D3ady 2008-07-17 17:58:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1183 [GMT -4:00]
Running from: C:\Users\D3ady\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\D3ady\AppData\Roaming\macromedia\Flash Player\#SharedObjects\RZ2FBCCC\www.broadcaster.com
C:\Users\D3ady\AppData\Roaming\macromedia\Flash Player\#SharedObjects\RZ2FBCCC\www.broadcaster.com\played_list.sol
C:\Users\D3ady\AppData\Roaming\macromedia\Flash Player\#SharedObjects\RZ2FBCCC\www.broadcaster.com\video_queue.sol
C:\Users\D3ady\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Users\D3ady\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Windows\system32\aecvzl.dll
C:\Windows\system32\dgjykejd.ini
C:\Windows\system32\ffdwbven.ini
C:\Windows\system32\gqnnjpro.ini
C:\Windows\System32\iRCLoUvw.ini
C:\Windows\System32\iRCLoUvw.ini2
C:\Windows\system32\jydyhylt.dll
C:\Windows\System32\KlnVwyxx.ini
C:\Windows\System32\KlnVwyxx.ini2
C:\Windows\system32\kqpgkonq.dll
C:\Windows\system32\lSuFPqss.ini
C:\Windows\System32\lSuFPqss.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\ohssrxkm.ini
C:\Windows\system32\onwenysx.dll
C:\Windows\System32\OoXxwyay.ini
C:\Windows\System32\OoXxwyay.ini2
C:\Windows\system32\qqyvpcmv.ini
C:\Windows\system32\satmgcyd.ini
C:\Windows\system32\smkdgtmh.dll
C:\Windows\system32\tlyhydyj.ini
C:\Windows\system32\viqiliok.dll
C:\Windows\system32\wfftaotv.dll
C:\Windows\system32\wrvmngxt.ini
C:\Windows\system32\xENWHkkj.ini
C:\Windows\System32\xENWHkkj.ini2
C:\Windows\system32\ycjuccds.ini
C:\Windows\system32\ytdxvyju.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-16 19:09 . 2008-07-16 19:09 <DIR> d-------- C:\VundoFix Backups
2008-07-16 17:23 . 2008-07-16 17:23 <DIR> d-------- C:\Deckard
2008-07-14 17:07 . 2008-07-14 17:07 <DIR> d--hs---- C:\found.000
2008-07-13 14:47 . 2008-07-13 14:47 <DIR> d-------- C:\Program Files\iPod
2008-07-13 14:46 . 2008-07-13 14:46 <DIR> d-------- C:\Program Files\Bonjour
2008-07-13 13:02 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-13 13:02 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-13 13:01 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-13 13:01 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-13 13:01 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-13 13:01 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-13 13:01 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-13 13:01 . 2008-05-09 23:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-13 13:01 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-13 13:01 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-13 13:00 . 2008-05-08 17:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-13 13:00 . 2008-05-08 17:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-13 13:00 . 2008-05-08 17:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-13 13:00 . 2008-05-08 17:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-13 13:00 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-13 13:00 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-13 13:00 . 2008-05-08 17:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-11 15:45 . 2008-07-11 15:45 <DIR> d-------- C:\Users\D3ady\AppData\Roaming\SUPERAntiSpyware.com
2008-07-11 15:45 . 2008-07-11 15:45 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-07-11 15:45 . 2008-07-11 15:45 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-07-11 15:45 . 2008-07-11 15:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 11:05 . 2008-07-07 11:05 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-07-07 11:05 . 2008-07-07 11:05 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-07-07 11:05 . 2008-07-07 11:05 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-07-07 11:05 . 2008-07-07 11:05 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-07-07 11:05 . 2008-07-07 11:05 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-07-07 11:05 . 2008-07-07 11:05 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-07-07 11:05 . 2008-07-07 11:05 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-07-07 11:05 . 2008-07-07 11:05 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-07-07 00:17 . 2008-07-07 00:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-07 00:16 . 2008-07-07 00:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-06 19:34 . 2008-07-06 21:56 209 --a------ C:\Windows\wininit.ini
2008-07-06 17:26 . 2008-07-06 17:26 168 --a------ C:\Windows\System32\ikhcore.cfg
2008-07-06 17:19 . 2008-07-06 19:40 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-06 17:19 . 2008-07-06 19:40 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-06 17:19 . 2008-07-11 19:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-06 17:18 . 2008-07-06 17:22 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-06 17:18 . 2008-07-06 17:22 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-06 17:18 . 2008-07-06 17:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-06 12:10 . 2008-07-10 12:13 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-05 22:52 . 2008-07-06 11:53 <DIR> d-------- C:\Program Files\Conduit
2008-07-05 21:44 . 2008-07-06 11:56 <DIR> d-------- C:\Incomplete
2008-06-22 01:36 . 2008-06-22 01:36 <DIR> d-------- C:\Users\D3ady\AppData\Roaming\acccore
2008-06-22 01:15 . 2008-06-22 01:15 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-06-22 01:15 . 2008-06-22 01:17 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-06-22 01:15 . 2008-06-22 01:15 <DIR> d-------- C:\Users\All Users\AOL
2008-06-22 01:15 . 2008-06-22 01:15 <DIR> d-------- C:\Users\All Users\acccore
2008-06-22 01:15 . 2008-06-22 01:15 <DIR> d-------- C:\ProgramData\Viewpoint
2008-06-22 01:15 . 2008-06-22 01:17 <DIR> d-------- C:\ProgramData\AOL OCP
2008-06-22 01:15 . 2008-06-22 01:15 <DIR> d-------- C:\ProgramData\AOL
2008-06-22 01:15 . 2008-06-22 01:15 <DIR> d-------- C:\ProgramData\acccore
2008-06-22 01:14 . 2008-06-22 01:14 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-06-22 01:14 . 2008-06-22 01:16 <DIR> d-------- C:\Program Files\AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 22:28 --------- d-----w C:\Program Files\Windows Mail
2008-07-13 18:47 --------- d-----w C:\Program Files\iTunes
2008-07-13 18:45 --------- d-----w C:\Program Files\QuickTime
2008-07-13 17:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-12 17:45 --------- d-----w C:\ProgramData\FLEXnet
2008-07-10 00:45 --------- d---a-w C:\ProgramData\TEMP
2008-07-07 04:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 15:56 --------- d-----w C:\Users\D3ady\AppData\Roaming\LimeWire
2008-07-06 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 15:48 --------- d-----w C:\ProgramData\PopCap Games
2008-07-06 15:48 --------- d-----w C:\Program Files\Steam
2008-06-23 00:57 --------- d-----w C:\Program Files\Razor
2008-06-16 15:07 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-15 22:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-15 20:52 --------- d-----w C:\Program Files\PokerStars
2008-06-15 15:27 174 --sha-w C:\Program Files\desktop.ini
2008-06-15 06:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-15 06:40 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-15 06:40 --------- d-----w C:\Program Files\Windows Journal
2008-06-15 06:40 --------- d-----w C:\Program Files\Windows Defender
2008-06-15 06:40 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-15 06:40 --------- d-----w C:\Program Files\Windows Calendar
2008-06-12 00:32 --------- d-----w C:\Program Files\DivX
2008-05-29 01:15 --------- d-----w C:\Program Files\UltraVNC
2008-05-22 04:15 --------- d-----w C:\Program Files\4Musics FLAC to MP3 Converter
2007-12-23 03:44 22,328 ----a-w C:\Users\D3ady\AppData\Roaming\PnkBstrK.sys
2007-04-15 23:11 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-04-15 23:11 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-04-15 23:11 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-11-02 11:18 34 --sha-r C:\Windows\System32\SH.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-07-19 08:02 2887680 C:\Program Files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a------ 2007-01-18 13:20 79416 C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2002554179-3779660203-3145262225-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AE413BF8-2007-4779-B85C-24FA7DAA872F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{446E367A-CA59-4227-A2BB-1D4ED93BC656}"= UDP:C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{CBF4D8E3-922A-4F2C-A7EE-387859DD58DC}"= TCP:C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{586BEB4A-F8D7-44B2-8458-BDAD50D94B52}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{660BF95E-BB69-47AE-88AF-013EB0D629E9}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{FC40538E-39F4-42FF-BFF1-D1363AFAFBBB}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6E4C3A4C-9329-444F-93F2-5234BAF8F644}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{03F42BEA-B546-46B6-8170-CC71DBC34964}"= UDP:C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:Stronghold Legends
"{5CD13F4E-E2AE-4D75-92E6-837E84BB773A}"= TCP:C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:Stronghold Legends
"{050903E2-59DE-474A-953F-71E964E0CA37}"= UDP:C:\Program Files\THQ\Company of Heroes - Opposing Fronts MP Beta\RelicCOH.exe:Company of Heroes - Opposing Fronts Beta
"{897AEF30-92BF-464D-8222-AF08273C27D4}"= TCP:C:\Program Files\THQ\Company of Heroes - Opposing Fronts MP Beta\RelicCOH.exe:Company of Heroes - Opposing Fronts Beta
"{F903550E-7180-4657-8D78-CD882EDEF1E8}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E2150B4D-63A9-45ED-B991-9BAE79E2FE82}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{1C86B084-8B14-4DB7-8F66-ACBE2152A09B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{FFBBC34E-6383-4F62-9365-EE7BE4D688EE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{2522E311-40B7-4A8D-A3EB-FDDDA532D05B}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{33F4D7D1-3E71-43BB-8073-CBF14DD6E3C5}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{575405E4-BA40-4E7A-AC7B-CD1F4E2336FE}C:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{5EF1DE77-A3D2-44D3-9AF7-202193710F8F}C:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"{0541F567-E941-4979-857E-FA7D2C00FDF9}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{16D6F8BB-000B-49D9-BEAF-5DD5FFA6F2AA}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{C9BFC062-7483-4F73-ADC7-1FCB18222D30}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{EB51664C-7513-4509-AF6C-C6140967DF1C}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{4804C0A8-B741-44C1-92C7-5A4A5A371C10}C:\\download\\dmt\\dmt.exe"= UDP:C:\download\dmt\dmt.exe:DMT Xavi ADSLv1 AnnexB
"UDP Query User{185A3A35-851B-4618-AFC7-867138CCD72D}C:\\download\\dmt\\dmt.exe"= TCP:C:\download\dmt\dmt.exe:DMT Xavi ADSLv1 AnnexB
"TCP Query User{E9C3B342-B728-40F4-ACCE-CC0137F29881}C:\\program files\\abc\\abc.exe"= UDP:C:\program files\abc\abc.exe:abc
"UDP Query User{3A72AABD-8FFE-45EB-9F10-2CCF5C08FB78}C:\\program files\\abc\\abc.exe"= TCP:C:\program files\abc\abc.exe:abc
"{BE4060A5-21E4-4139-A85B-F2ED99187700}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5436A54A-7D81-4690-86E4-9BC2A8C8BEA7}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{907BB036-D4F3-4F70-B9D4-CBFADF93C518}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{681B8867-3ECD-4C9C-BFD9-325FECB9D0DE}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{4B2BA9F4-6F56-4BE0-8F1D-109D8110A717}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{17AB75AA-772C-497B-8DD4-02A1E5A63FFF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{1183F959-E724-4F67-9DD2-BD5F7260761C}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6CAC6E4D-8338-41D7-97C9-266BA6586137}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A1F386A3-C475-42E8-8721-1F37964DB649}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{759883B9-3D18-4877-8CF8-F3B90C7FE9BE}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B353662A-D974-4310-A1F8-69923429B5C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{1ADA1D0E-9CAF-4FBB-8EDE-17126D505AF7}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{BCFA9893-D743-4E40-9EB8-CC48D0F556AD}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{40F80BA1-F21C-49B3-80A4-94288B89D7E2}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C3519766-A56E-498F-9125-1637402B1C41}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{21FD322A-AD59-4C55-97D0-E36B753ED650}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{4405746A-6006-49B4-98ED-CB1C123F5283}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{B06766FB-0F8F-4484-924E-E5214059C685}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{46A94C82-52EB-4F20-8C1C-8989288DFD34}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{923A7E6A-4434-4D91-8B77-D1A002EFB0A2}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{48D14A8E-EBF9-41B7-83D1-00770AB583F4}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{ADF1C277-46BF-4F7B-8C55-DAFDB8295CEC}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{ADCE1CCD-07C0-4BB4-B67A-B282FBE26464}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{7CBEA0C9-B801-42DF-96EA-A688890D8BB5}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{C23433F1-F017-4823-A5C4-DB6B6D25F1D8}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"{D36F8334-6AF8-4795-B947-AFACE38735E4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EC40D413-ED0F-482B-BE3E-4F98FF87A663}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{33E7B173-FB89-4618-8284-626D6A6F236A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{11F9CF98-40AD-4B02-863F-2F20994BD5A6}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{3E2C4BC9-4E11-48C4-9B9F-F7A54384011E}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{1E26E56C-9E6E-4B61-B422-D04D512DFF70}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3F35CD2F-4179-422C-AC4D-FF9FB07958AC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E061B617-ACAC-43DF-BE90-C6A15F6B8660}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{43BD8FE5-A389-4800-8BCF-6F302DF781A8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 14:45]
R2 SBKUPNT;SBKUPNT;C:\Windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 vnccom;vnccom;C:\Windows\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 02:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 15:20]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\Windows\system32\DRIVERS\libusb0.sys [2007-05-11 01:12]
S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-15 17:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012e49e5-d5a8-11db-a204-00112ff64696}]
\shell\AutoRun\command - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79569aee-eaa6-11db-9c54-00112ff64696}]
\shell\AutoRun\command - F:\Autorun.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-BMbfb2680a - C:\Windows\system32\wfftaotv.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 18:03:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehrecvr.exe
.
**************************************************************************
.
Completion time: 2008-07-17 18:06:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-17 22:06:35

Pre-Run: 24,567,541,760 bytes free
Post-Run: 24,396,292,096 bytes free

272 --- E O F --- 2008-07-17 21:10:14





************ HIJACKTHIS LOG ************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:18 PM, on 17/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 2605 bytes
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders. Please visit HERE if you don't know how.
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\Windows\System32\ikhcore.cfg
      C:\Windows\System32\SH.dll
  • Click on the Upload button.. You can only submit one file per round..
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#5
D3adGeek

D3adGeek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here it is:



http://virscan.org/r...1c55f184a4.html


http://virscan.org/r...155f39f0c5.html
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator


Please post the following logs in your next reply.. Please post each log in separate post..

1. Malwarebytes'
2. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512
  • 0

#7
D3adGeek

D3adGeek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the first one:

Malwarebytes' Anti-Malware 1.22
Database version: 976
Windows 6.0.6001 Service Pack 1

8:38:30 PM 21/07/2008
mbam-log-7-21-2008 (20-38-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 181844
Time elapsed: 1 hour(s), 33 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Deckard\System Scanner\backup\Users\D3ady\AppData\Local\Temp\tmp001d4e42 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Download\Apps\Alcohol_120_Percent_v1.9.6_build_4719_by_TLG\_Loader_.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Alcohol Soft\Alcohol 120\_Loader_.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\jydyhylt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\smkdgtmh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\wfftaotv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

#8
D3adGeek

D3adGeek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the Main.txt But there was no Extra.txt log!!

Deckard's System Scanner v20071014.68
Run by D3ady on 2008-07-21 21:25:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 22.71 GiB (less than 15%) free.


-- HijackThis (run as D3ady.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:14 PM, on 21/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\Users\D3ady\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\D3ady.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 2613 bytes

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-19 00:10:30 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-19 00:10:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 18:01:41 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-17 17:58:08 68096 --a------ C:\Windows\zip.exe
2008-07-17 17:58:08 49152 --a------ C:\Windows\VFind.exe
2008-07-17 17:58:08 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-17 17:58:08 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-17 17:58:08 98816 --a------ C:\Windows\sed.exe
2008-07-17 17:58:08 80412 --a------ C:\Windows\grep.exe
2008-07-17 17:58:08 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-17 17:57:52 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-16 19:09:28 0 d-------- C:\VundoFix Backups
2008-07-14 17:07:03 0 d--hs---- C:\found.000
2008-07-13 14:47:24 0 d-------- C:\Program Files\iPod
2008-07-13 14:46:04 0 d-------- C:\Program Files\Bonjour
2008-07-11 15:45:26 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-07-11 15:45:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 00:17:11 0 d-------- C:\Program Files\Alwil Software
2008-07-07 00:16:23 0 d-------- C:\Program Files\Trend Micro
2008-07-06 17:19:32 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-06 17:18:09 0 d-------- C:\Users\All Users\Lavasoft
2008-07-06 17:18:09 0 d-------- C:\Program Files\Lavasoft
2008-07-06 12:10:48 0 d-------- C:\Program Files\Spyware Doctor
2008-07-05 22:52:52 0 d-------- C:\Program Files\Conduit
2008-07-05 21:44:59 0 d-------- C:\Incomplete
2008-06-22 01:15:53 0 d-------- C:\Users\All Users\Viewpoint
2008-06-22 01:15:50 0 d-------- C:\Users\All Users\acccore
2008-06-22 01:15:28 0 d-------- C:\Users\All Users\AOL
2008-06-22 01:15:28 0 d-------- C:\Users\All Users\AOL OCP
2008-06-22 01:14:55 0 d-------- C:\Program Files\Common Files\AOL
2008-06-22 01:14:14 0 d-------- C:\Program Files\AIM6


-- Find3M Report ---------------------------------------------------------------

2008-07-19 00:10:34 0 d-------- C:\Users\D3ady\AppData\Roaming\Malwarebytes
2008-07-13 18:28:59 0 d-------- C:\Program Files\Windows Mail
2008-07-13 14:47:37 0 d-------- C:\Program Files\iTunes
2008-07-13 14:45:40 0 d-------- C:\Program Files\QuickTime
2008-07-11 15:45:13 0 d-------- C:\Users\D3ady\AppData\Roaming\SUPERAntiSpyware.com
2008-07-07 11:05:06 4730 --a------ C:\Windows\system32\ealregsnapshot1.reg
2008-07-07 00:17:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 11:56:12 0 d-------- C:\Users\D3ady\AppData\Roaming\LimeWire
2008-07-06 11:48:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 11:48:04 0 d-------- C:\Program Files\Steam
2008-06-22 20:57:43 0 d-------- C:\Program Files\Razor
2008-06-22 01:36:30 0 d-------- C:\Users\D3ady\AppData\Roaming\acccore
2008-06-22 01:14:55 0 d-------- C:\Program Files\Common Files
2008-06-15 18:17:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-15 16:52:29 0 d-------- C:\Program Files\PokerStars
2008-06-15 11:27:54 174 --ahs---- C:\Program Files\desktop.ini
2008-06-15 02:40:28 0 d-------- C:\Program Files\Windows Sidebar
2008-06-15 02:40:28 0 d-------- C:\Program Files\Windows Calendar
2008-06-15 02:40:28 0 d-------- C:\Program Files\Movie Maker
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Journal
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Collaboration
2008-06-15 02:40:26 0 d-------- C:\Program Files\Windows Defender
2008-06-15 02:36:56 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-15 02:36:56 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-06-11 20:32:39 0 d-------- C:\Program Files\DivX
2008-05-30 19:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-28 21:15:38 0 d-------- C:\Program Files\UltraVNC
2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-22 00:15:07 0 d-------- C:\Program Files\4Musics FLAC to MP3 Converter


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012e49e5-d5a8-11db-a204-00112ff64696}]
AutoRun\command- G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79569aee-eaa6-11db-9c54-00112ff64696}]
AutoRun\command- F:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-21 21:25:39 ------------
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Your log looks good.. Tell me about your computer behaviour.. In the mean time, do this..


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012e49e5-d5a8-11db-a204-00112ff64696}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79569aee-eaa6-11db-9c54-00112ff64696}
    G:\SETUP.EXE
    F:\Autorun.exe
    EmptyTemp
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Also, post a fresh DSS log in your next reply..
  • 0

#10
D3adGeek

D3adGeek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012e49e5-d5a8-11db-a204-00112ff64696} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012e49e5-d5a8-11db-a204-00112ff64696}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79569aee-eaa6-11db-9c54-00112ff64696} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79569aee-eaa6-11db-9c54-00112ff64696}\\ deleted successfully.
File/Folder G:\SETUP.EXE not found.
File/Folder F:\Autorun.exe not found.
< EmptyTemp >
File delete failed. C:\Users\D3ady\AppData\Local\Temp\~DF901F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\D3ady\AppData\Local\Temp\~DF94C7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\D3ady\AppData\Local\Temp\~DFDD61.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\D3ady\AppData\Local\Temp\~DFDD6F.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_123142

Files moved on Reboot...
File C:\Users\D3ady\AppData\Local\Temp\~DF901F.tmp not found!
File C:\Users\D3ady\AppData\Local\Temp\~DF94C7.tmp not found!
File C:\Users\D3ady\AppData\Local\Temp\~DFDD61.tmp not found!
File C:\Users\D3ady\AppData\Local\Temp\~DFDD6F.tmp not found!
  • 0

#11
D3adGeek

D3adGeek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Deckard's System Scanner v20071014.68
Run by D3ady on 2008-07-23 12:41:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 7.22 GiB (less than 15%) free.


-- HijackThis (run as D3ady.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:53 PM, on 23/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\D3ady\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\D3ady.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 2873 bytes

-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-22 12:27:42 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-07-22 12:27:42 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-07-22 12:27:42 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-07-22 12:27:41 626688 --a------ C:\Windows\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-22 12:27:41 65602 --a------ C:\Windows\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-22 12:27:40 0 d-------- C:\Program Files\VSO
2008-07-19 00:10:30 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-19 00:10:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 18:01:41 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-17 17:58:08 68096 --a------ C:\Windows\zip.exe
2008-07-17 17:58:08 49152 --a------ C:\Windows\VFind.exe
2008-07-17 17:58:08 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-17 17:58:08 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-17 17:58:08 98816 --a------ C:\Windows\sed.exe
2008-07-17 17:58:08 80412 --a------ C:\Windows\grep.exe
2008-07-17 17:58:08 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-17 17:57:52 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-13 14:47:24 0 d-------- C:\Program Files\iPod
2008-07-13 14:46:04 0 d-------- C:\Program Files\Bonjour
2008-07-11 15:45:26 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-07-11 15:45:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 00:17:11 0 d-------- C:\Program Files\Alwil Software
2008-07-07 00:16:23 0 d-------- C:\Program Files\Trend Micro
2008-07-06 17:19:32 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-06 17:18:09 0 d-------- C:\Users\All Users\Lavasoft
2008-07-06 17:18:09 0 d-------- C:\Program Files\Lavasoft
2008-07-06 12:10:48 0 d-------- C:\Program Files\Spyware Doctor
2008-07-05 22:52:52 0 d-------- C:\Program Files\Conduit
2008-07-05 21:44:59 0 d-------- C:\Incomplete


-- Find3M Report ---------------------------------------------------------------

2008-07-22 23:15:01 668 --a------ C:\Users\D3ady\AppData\Roaming\vso_ts_preview.xml
2008-07-22 23:15:01 0 d-------- C:\Users\D3ady\AppData\Roaming\Vso
2008-07-22 12:28:02 34 --a------ C:\Users\D3ady\AppData\Roaming\pcouffin.log
2008-07-22 12:27:46 7887 --a------ C:\Users\D3ady\AppData\Roaming\pcouffin.cat
2008-07-21 21:29:01 0 d-------- C:\Program Files\Sword of The New World
2008-07-19 00:10:34 0 d-------- C:\Users\D3ady\AppData\Roaming\Malwarebytes
2008-07-13 18:28:59 0 d-------- C:\Program Files\Windows Mail
2008-07-13 14:47:37 0 d-------- C:\Program Files\iTunes
2008-07-13 14:45:40 0 d-------- C:\Program Files\QuickTime
2008-07-11 15:45:13 0 d-------- C:\Users\D3ady\AppData\Roaming\SUPERAntiSpyware.com
2008-07-07 11:05:06 4730 --a------ C:\Windows\system32\ealregsnapshot1.reg
2008-07-07 00:17:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 11:56:12 0 d-------- C:\Users\D3ady\AppData\Roaming\LimeWire
2008-07-06 11:48:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 11:48:04 0 d-------- C:\Program Files\Steam
2008-06-22 20:57:43 0 d-------- C:\Program Files\Razor
2008-06-22 01:36:30 0 d-------- C:\Users\D3ady\AppData\Roaming\acccore
2008-06-22 01:16:21 0 d-------- C:\Program Files\AIM6
2008-06-22 01:14:56 0 d-------- C:\Program Files\Common Files\AOL
2008-06-22 01:14:55 0 d-------- C:\Program Files\Common Files
2008-06-15 18:17:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-15 16:52:29 0 d-------- C:\Program Files\PokerStars
2008-06-15 11:27:54 174 --ahs---- C:\Program Files\desktop.ini
2008-06-15 02:40:28 0 d-------- C:\Program Files\Windows Sidebar
2008-06-15 02:40:28 0 d-------- C:\Program Files\Windows Calendar
2008-06-15 02:40:28 0 d-------- C:\Program Files\Movie Maker
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Journal
2008-06-15 02:40:27 0 d-------- C:\Program Files\Windows Collaboration
2008-06-15 02:40:26 0 d-------- C:\Program Files\Windows Defender
2008-06-15 02:36:56 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-15 02:36:56 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-06-11 20:32:39 0 d-------- C:\Program Files\DivX
2008-05-30 19:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-28 21:15:38 0 d-------- C:\Program Files\UltraVNC
2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 03:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-23 12:42:23 ------------
  • 0

#12
D3adGeek

D3adGeek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The problem seems to be gone now. I don't get lost connections anymore with firefox or Ie.

My desktop does not crash anymore for nothing...

I think you guys did fix my problem! This is really cool. Is there anything else to do ?

Thanks alot!
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
I think you guys did fix my problem! This is really cool. Is there anything else to do ?


Actually yes.. You see, I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:



I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.



I strongly suggest you to uninstall Spybot S&D as your version is old and expired.. You already have Malwarebytes' (as antispyware) which is good enough for you..


Please post a fresh DSS log after you install ONE antivirus and ONE firewall to your computer :)


Regards
fenzodahl512
  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP