Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Am I in the clear? [RESOLVED]


  • This topic is locked This topic is locked

#1
Narsizim

Narsizim

    Member

  • Member
  • PipPip
  • 11 posts
Hi there, this is my first post here, just wanted to make sure that I am virus free, I went through the steps in the sticky tab and everything seems to be fixed.

My problems were: 1. "VIRUS THREAT" was beside my time instead of AM - PM
2. Could not get to "my computer" or use start menu.
3. When connecting to the net there would be multiple pop ups and "warning you have viruses" pages opening.
4. The "system administrator" shut down a ton of programs and things that I was allowed to do.

Thankfully I had bell sympatico anit virus and it took care of a few things to allow me to access the net and download programs in the sticky post. Here are the results. Also please excuse the computers name, was in a weird mood when I got my pc all those years ago :)
________________________________________________________________________________
____________________________________________________________
This is the test for my C:\

Malwarebytes' Anti-Malware 1.22
Database version: 976
Windows 5.1.2600 Service Pack 2

5:41:15 PM 21/07/2008
mbam-log-7-21-2008 (17-41-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 95726
Time elapsed: 1 hour(s), 56 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 15
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\byXRhEUL.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\xctujwli.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rqRHaYom.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\dbpivb.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{304daa56-d63a-4aab-bb07-3aad3bbfd123} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{304daa56-d63a-4aab-bb07-3aad3bbfd123} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bddaa182-910a-4723-b2fd-93c403bb2b5e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bddaa182-910a-4723-b2fd-93c403bb2b5e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f000c640-5da4-4b69-9392-9b0d850e6ce1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f000c640-5da4-4b69-9392-9b0d850e6ce1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhayom (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94f2c44a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f000c640-5da4-4b69-9392-9b0d850e6ce1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrheul -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrheul -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\byXRhEUL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\LUEhRXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LUEhRXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbpivb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xctujwli.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ilwjutcx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRHaYom.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C914E6A1-85EF-4F5B-B1B7-259DDB26FBA9}\RP522\A0246319.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\erms.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obbmmdbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stdwurbn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcBspPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjqurf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric's [bleep]\Local Settings\Temporary Internet Files\Content.IE5\YXOUI106\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
________________________________________________________________________________
____________________________________________________________

I then did the same test on my D:\
Malwarebytes' Anti-Malware 1.22
Database version: 976
Windows 5.1.2600 Service Pack 2

7:42:41 PM 21/07/2008
mbam-log-7-21-2008 (19-42-41).txt

Scan type: Full Scan (D:\|)
Objects scanned: 116110
Time elapsed: 48 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 14
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{386ca4fa-9800-4955-9d64-574caa8c5166} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8c6aacdd-4862-496c-ba20-d712ad679760} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a4a71b0-36d2-4674-87af-288f60e3ec71} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a74cd9a1-9348-4b3f-87a4-4852c2ce802e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{812ae34e-162c-4c94-baa1-a2c0431aec84} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{812ae34e-162c-4c94-baa1-a2c0431aec84} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0011903-00100) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\byXRhEUL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LUEhRXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRHaYom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\kgxmotapktx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I dont know how or why it scanned C:\ but thankfully it did :)
________________________________________________________________________________
____________________________________________________________

Last but not least here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:43 PM, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SMSC\Seticon.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\GraviSense\GraviSense.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8945 bytes


Like I said everything seems to be back to normal, however I just want to make sure its not hiding out waiting to strike again :)

Thanks!
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello and welcome to Geekstogo.. Your HijackThis log looks good.. Lets do another scans just to make sure..


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.






Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



You should have three logs.. DSS main.txt, extra.txt and Kaspersky.. Post each log in separate post..


Regards
fenzodahl512
  • 0

#3
Narsizim

Narsizim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is my main.txt


Deckard's System Scanner v20071014.68
Run by Eric's [bleep] on 2008-07-22 17:33:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
65: 2008-07-22 21:28:53 UTC - RP523 - Deckard's System Scanner Restore Point
64: 2008-07-21 08:16:44 UTC - RP522 - Last known good configuration
63: 2008-07-21 08:16:34 UTC - RP521 - System Checkpoint
62: 2008-07-21 08:16:34 UTC - RP520 - Installed DirectX
61: 2008-07-21 08:16:34 UTC - RP519 - Installed AGEIA PhysX Processor Driver


-- First Restore Point --
1: 2008-07-21 08:16:17 UTC - RP459 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Eric's [bleep].exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:46 PM, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SMSC\Seticon.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\GraviSense\GraviSense.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\findstr.exe
C:\Documents and Settings\Eric's [bleep]\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ERIC'S~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8990 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 d346bus - c:\windows\system32\drivers\d346bus.sys
R0 d346prt - c:\windows\system32\drivers\d346prt.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Stlth317 - c:\windows\system32\drivers\stlth317.sys <Not Verified; Generic; STEALTH>
R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R1 atitray - c:\program files\radeon omega drivers\v3.8.421\ati tray tools\atitray.sys
R1 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; >
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1200>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows ® 2000 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows ® 2000 DDK provider; OSA int15 Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; >
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 NETMNT (Acer NetMonitor Protocol) - c:\windows\system32\drivers\netmnt.sys
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S4 sptd - c:\windows\system32\drivers\sptd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AWService (AdminWorks Agent X6) - "c:\acer\empowering technology\admserv.exe" <Not Verified; Avocent Inc.; Acer Empowering framework>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

S2 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-21 20:48:16 120 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-21 19:52:18 0 d-------- C:\Program Files\Trend Micro
2008-07-21 15:43:13 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Malwarebytes
2008-07-21 15:42:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 15:42:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 15:42:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-21 15:22:00 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Uniblue
2008-07-21 15:21:52 0 d-------- C:\Program Files\Uniblue
2008-07-21 15:09:07 92672 -----n--- C:\WINDOWS\system32\xctujwli.dll
2008-07-21 15:07:45 116864 -----n--- C:\WINDOWS\system32\dbpivb.dll
2008-07-21 04:04:33 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\TmpRecentIcons
2008-07-16 20:07:24 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Sierra Entertainment
2008-07-14 16:14:35 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Mount&Blade
2008-07-05 01:11:33 4 -r-hs---- C:\WINOS.SYS


-- Find3M Report ---------------------------------------------------------------

2008-07-21 17:21:05 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-21 15:42:39 0 d-------- C:\Program Files\Common Files
2008-07-20 20:31:43 0 d-------- C:\Program Files\Steam
2008-07-16 20:05:22 0 d-------- C:\Program Files\AGEIA Technologies
2008-07-16 20:05:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 19:48:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 18:03:09 58564 --a------ C:\WINDOWS\War3Unin.dat
2008-07-11 19:52:23 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\uTorrent
2008-07-02 23:28:58 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 01:56 AM C:\WINDOWS\system32\bthprops.cpl]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/01/2005 05:17 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/01/2005 05:16 PM]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [28/04/2004 03:02 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 06:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 06:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 06:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 06:00 AM]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [24/10/2005 05:45 PM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 07:22 PM]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [09/05/2006 12:54 PM]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [08/05/2006 07:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [01/12/2005 06:57 PM]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [24/01/2006 07:00 PM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [19/10/2005 09:30 AM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [06/04/2006 08:22 PM]
"AGRSMMSG"="AGRSMMSG.exe" [14/10/2005 02:29 PM C:\WINDOWS\AGRSMMSG.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [11/06/2005 07:51 PM]
"AtiPTA"="atiptaxx.exe" [21/02/2006 09:05 PM C:\WINDOWS\system32\atiptaxx.exe]
"GraviSense"="C:\Acer\GraviSense\GraviSense.exe" [14/03/2006 12:33 PM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [12/03/2004 11:43 PM]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [27/03/2007 10:33 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [09/05/2007 12:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 04:45 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=C:\WINDOWS\pss\Acer VCM.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetAssistant.lnk
backup=C:\WINDOWS\pss\NetAssistant.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]
"C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
"C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\voip phone charger]
"C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"BthServ"=2 (0x2)
"btwdins"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - INT15.SYS



-- End of Deckard's System Scanner: finished at 2008-07-22 17:35:08 ------------
  • 0

#4
Narsizim

Narsizim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2500 @ 2.00GHz
CPU 1: Genuine Intel® CPU T2500 @ 2.00GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2046.04 MiB / 1544.63 MiB
Pagefile Memory (total/avail): 3937.23 MiB / 3594.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.8 MiB

C: is Fixed (NTFS) - 53.7 GiB total, 26.65 GiB free.
D: is Fixed (NTFS) - 54.19 GiB total, 20.39 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 3.9 GiB
\PARTITION1 (bootable) - Installable File System - 53.7 GiB - C:
\PARTITION2 - Installable File System - 54.19 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Sympatico Security Manager Firewall v6.0.0 (Bell Sympatico (b1xxxxxx))
AV: Sympatico Security Manager Anti-Virus v6.0.0 (Bell Sympatico (b1xxxxxx))

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Games\\freespace2\\FS2.exe"="D:\\Games\\freespace2\\FS2.exe:*:Enabled:FreeSpace"
"D:\\Games\\COH\\RelicCOH.exe"="D:\\Games\\COH\\RelicCOH.exe:*:Enabled:RelicCOH"
"D:\\Games\\quake3\\quake3.exe"="D:\\Games\\quake3\\quake3.exe:*:Enabled:quake3"
"D:\\Games\\Gunbound\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="D:\\Games\\Gunbound\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"D:\\Games\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"="D:\\Games\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Games\\The Ship\\ship.exe"="D:\\Games\\The Ship\\ship.exe:*:Enabled:ship"
"\\\\elpresidente\\Snes\\ZSNESW.exe"="\\\\elpresidente\\Snes\\ZSNESW.exe:*:Enabled:ZSNESW.exe"
"D:\\Games\\Warhammer\\Warhammer.exe"="D:\\Games\\Warhammer\\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Games\\UnrealTournament\\System\\UnrealTournament.exe"="D:\\Games\\UnrealTournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"D:\\Games\\dominions3\\dom3.exe"="D:\\Games\\dominions3\\dom3.exe:*:Enabled:dom3"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"D:\\Games\\Toblo\\Toblo 1.1.exe"="D:\\Games\\Toblo\\Toblo 1.1.exe:*:Enabled:Toblo 1.1"
"D:\\Games\\Command N Conquer\\Command & Conquer Renegade™\\Renegade\\Game.exe"="D:\\Games\\Command N Conquer\\Command & Conquer Renegade™\\Renegade\\Game.exe:*:Enabled:Renegade"
"D:\\Games\\Magic - The Gathering\\Magic\\Manalink.exe"="D:\\Games\\Magic - The Gathering\\Magic\\Manalink.exe:*:Enabled:manalink"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\\Games\\Railroad Pioneer\\Bin\\Railroad.exe"="D:\\Games\\Railroad Pioneer\\Bin\\Railroad.exe:*:Enabled:Railroad Pioneer"
"D:\\Games\\Heroes of Might and Magic V\\bin\\H5_Game.exe"="D:\\Games\\Heroes of Might and Magic V\\bin\\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"D:\\Games\\ArmA\\arma.exe"="D:\\Games\\ArmA\\arma.exe:*:Disabled:ArmA"
"D:\\Games\\moon\\Moonbase.exe"="D:\\Games\\moon\\Moonbase.exe:*:Enabled:sputm90r"
"D:\\Games\\Stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="D:\\Games\\Stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\\Games\\Stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="D:\\Games\\Stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\\Games\\Alpha\\terran.exe"="D:\\Games\\Alpha\\terran.exe:*:Enabled:terran"
"D:\\Games\\Xfire\\xfire.exe"="D:\\Games\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe:*:Enabled:lotroclient.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\\Games\\Dawn Of Magic\\DawnOfMagic.exe"="D:\\Games\\Dawn Of Magic\\DawnOfMagic.exe:*:Enabled:DawnOfMagic"
"D:\\Games\\TrackMania Nations ESWC\\TmNationsESWC.exe"="D:\\Games\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\\Games\\Die By The Sword\\windie.exe"="D:\\Games\\Die By The Sword\\windie.exe:*:Enabled:windie"
"D:\\Games\\Gangsters 2\\Gangsters2.exe"="D:\\Games\\Gangsters 2\\Gangsters2.exe:*:Enabled:Gangsters 2"
"D:\\Games\\AGE OF WONDERS 2\\AoW2.exe"="D:\\Games\\AGE OF WONDERS 2\\AoW2.exe:*:Enabled:Age of Wonders 2"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"D:\\Games\\Old school games\\Snes\\ZSNESW.exe"="D:\\Games\\Old school games\\Snes\\ZSNESW.exe:*:Enabled:ZSNESW"
"D:\\Games\\The guild 2\\The Guild 2 - Pirates of the European Seas\\GuildII.exe"="D:\\Games\\The guild 2\\The Guild 2 - Pirates of the European Seas\\GuildII.exe:*:Enabled:GuildII"
"D:\\Games\\[PC] Shadowrun XP + VISTA [RIP] [dopeman]\\Shadowrun\\Shadowrun.exe"="D:\\Games\\[PC] Shadowrun XP + VISTA [RIP] [dopeman]\\Shadowrun\\Shadowrun.exe:*:Enabled:Shadowrun"
"D:\\Games\\[PC] Shadowrun XP + VISTA [RIP] [dopeman]\\SR\\Shadowrun\\Shadowrun.exe"="D:\\Games\\[PC] Shadowrun XP + VISTA [RIP] [dopeman]\\SR\\Shadowrun\\Shadowrun.exe:*:Enabled:Shadowrun"
"D:\\Games\\RiseofNations\\rise.exe"="D:\\Games\\RiseofNations\\rise.exe:*:Enabled:Rise of Nations"
"D:\\Games\\RiseofNations\\nations.exe"="D:\\Games\\RiseofNations\\nations.exe:*:Enabled:Rise of Nations"
"D:\\Games\\Startopia\\Startopia\\startopia.exe"="D:\\Games\\Startopia\\Startopia\\startopia.exe:*:Enabled:StarTopia"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"D:\\Games\\Overlord\\Overlord.exe"="D:\\Games\\Overlord\\Overlord.exe:*:Enabled:Overlord"
"D:\\Games\\Lost Planet\\LostPlanetDx9.exe"="D:\\Games\\Lost Planet\\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Games\\C&C\\RetailExe\\1.0\\cnc3game.dat"="D:\\Games\\C&C\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"D:\\Games\\C&C\\RetailExe\\1.8\\cnc3game.dat"="D:\\Games\\C&C\\RetailExe\\1.8\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Steam\\steamapps\\stratz123\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\stratz123\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"H:\\Work\\Marketing\\Warcraft III\\Warcraft III.exe"="H:\\Work\\Marketing\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Kyle Work Folder\\Warcraft III\\Warcraft III.exe"="C:\\Kyle Work Folder\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Steam\\steamapps\\stratz123\\portal\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\stratz123\\portal\\hl2.exe:*:Enabled:hl2"
"H:\\Work\\Bio\\Lab 1 - Photosynthesis\\Warcraft III\\Warcraft III.exe"="H:\\Work\\Bio\\Lab 1 - Photosynthesis\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Games\\supreme commander\\GPGNet\\GPG.Multiplayer.Client.exe"="D:\\Games\\supreme commander\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Games\\Defcon\\Defcon\\defcon.exe"="D:\\Games\\Defcon\\Defcon\\defcon.exe:*:Enabled:Defcon"
"D:\\Games\\Defcon\\defcon.exe"="D:\\Games\\Defcon\\defcon.exe:*:Enabled:Defcon"
"D:\\Games\\War World\\War World - Tactical Combat 1.09\\War World.exe"="D:\\Games\\War World\\War World - Tactical Combat 1.09\\War World.exe:*:Enabled:War World"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"D:\\Games\\Loki\\Loki.exe"="D:\\Games\\Loki\\Loki.exe:*:Enabled:Loki"
"D:\\Games\\Loki\\Autorun\\AutoRun.exe"="D:\\Games\\Loki\\Autorun\\AutoRun.exe:*:Enabled:Loki - AutoRun"
"D:\\Games\\SpellForce2\\spellforce2.exe"="D:\\Games\\SpellForce2\\spellforce2.exe:*:Enabled:spellforce2"
"D:\\Games\\DungeonLords\\dlords.exe"="D:\\Games\\DungeonLords\\dlords.exe:*:Enabled:dlords"
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"="C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe:*:Enabled:Comrade"
"D:\\Games\\Free Lancer\\EXE\\Freelancer.exe"="D:\\Games\\Free Lancer\\EXE\\Freelancer.exe:*:Enabled:Freelancer"
"D:\\Games\\Free Lancer\\EXE\\flserver.exe"="D:\\Games\\Free Lancer\\EXE\\flserver.exe:*:Enabled:Freelancer"
"D:\\Games\\Homeworld2\\Bin\\Release\\Homeworld2.exe"="D:\\Games\\Homeworld2\\Bin\\Release\\Homeworld2.exe:*:Enabled:Homeworld2"
"D:\\Games\\Civ4\\Civilization4.exe"="D:\\Games\\Civ4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\\Games\\Civ4\\Warlords\\Civ4Warlords.exe"="D:\\Games\\Civ4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\\Games\\Civ4\\Warlords\\Civ4Warlords_PitBoss.exe"="D:\\Games\\Civ4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\\Games\\Civ4\\Beyond the Sword\\Civ4BeyondSword.exe"="D:\\Games\\Civ4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\\Games\\Civ4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="D:\\Games\\Civ4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"D:\\Games\\Space Force\\Captains.exe"="D:\\Games\\Space Force\\Captains.exe:*:Disabled:Captains"
"C:\\Chaos\\Chaos Overlords.exe"="C:\\Chaos\\Chaos Overlords.exe:*:Enabled:Chaos Overlords Application"
"D:\\Games\\Callofduty4\\iw3mp.exe"="D:\\Games\\Callofduty4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"D:\\Games\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="D:\\Games\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"D:\\Games\\NWN2\\nwn2main.exe"="D:\\Games\\NWN2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\\Games\\NWN2\\nwn2main_amdxp.exe"="D:\\Games\\NWN2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\\Games\\NWN2\\nwupdate.exe"="D:\\Games\\NWN2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\\Games\\NWN2\\nwn2server.exe"="D:\\Games\\NWN2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"D:\\Games\\Far Gate\\FarGate.exe"="D:\\Games\\Far Gate\\FarGate.exe:*:Enabled:Far Gate"
"D:\\Games\\Dos Box!\\DOSBox-0.70\\dosbox.exe"="D:\\Games\\Dos Box!\\DOSBox-0.70\\dosbox.exe:*:Enabled:dosbox"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Games\\Lost\\LostEmpire.exe"="D:\\Games\\Lost\\LostEmpire.exe:*:Enabled:Lost Empire - Immortals"
"D:\\Games\\EE3\\EE3.exe"="D:\\Games\\EE3\\EE3.exe:*:Enabled:Empire Earth III"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Eric's [bleep]\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NARSIZIM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Eric's [bleep]
LOGONSERVER=\\NARSIZIM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\CA\PPRT\bin;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ERIC'S~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ERIC'S~1\LOCALS~1\Temp
USERDOMAIN=NARSIZIM
USERNAME=Eric's [bleep]
USERPROFILE=C:\Documents and Settings\Eric's [bleep]
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Eric's [bleep] (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
--> MsiExec.exe /I{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
5 IN 1 Card Reader --> MsiExec.exe /I{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}
Acer eDataSecurity Management 1.00.23 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x9 -removeonly
Acer eLock Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management --> C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GraviSense --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEBCBBF8-25D5-48D1-9D2E-D162C6B1BBF7}\Setup.exe" -l0x9
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Acer OrbiCam Driver --> "C:\Program Files\Common Files\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Acer OrbiCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\setup.exe" -l0x9
Acer USB Card Reader x86 Software --> MsiExec.exe /I{560C4155-BFC7-42E3-98FF-DBEFD5CC4DCB}
Acer VCM --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\Setup.exe" -l0x9
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Agere Systems HDA Modem --> agrsmdel
Allok AVI to DVD SVCD VCD Converter 1.5.4 --> "C:\Program Files\Allok AVI to DVD SVCD VCD Converter\unins000.exe"
Ashampoo Burning Studio 6 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver (Omega 3.8.421) --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.2 Patch --> C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch --> C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
CodeBaby Player (Remove Only) 1.0.2.19 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\codebaby.1.0.2.19.inf,DefaultUninstall,5
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Company of Heroes --> "D:\Games\coh\Uninstall_English.exe"
Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
DAEMON Tools --> MsiExec.exe /I{A05C7AF7-8F89-42EF-BC3A-8F3D2B5E319B}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dominions 3 (remove only) --> "G:\games\dominions3\uninstall.exe"
Empire Earth III --> C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
eMule --> "D:\eMule\Uninstall.exe"
Europa 1400 - Gold Edition --> D:\Games\EUROPA~1\UNWISE.EXE D:\Games\EUROPA~1\INSTALL.LOG
Freelancer --> "D:\Games\Free Lancer\UNINSTAL.EXE" /runtemp /addremove
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld2 --> D:\Games\Homeworld2\uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
K-Lite Codec Pack 3.5.7 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LimeWire 4.16.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic DVD Ripper V3.6 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft XNA Framework Redistributable 1.0 Refresh --> MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
Mid2Abc --> MsiExec.exe /I{7F256326-76D6-4F89-8487-FE411C52B50C}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
O2Micro Smartcard Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9D56AFAF-F1AE-4157-9813-C46112DAC4EC} /l1033
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Radeon Omega Drivers v3.8.421 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.421\Omega Uninstall.xml"
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RPS Ad Blocker --> MsiExec.exe /I{F7E57A5A-7987-41A6-B3B9-FF50D77A77A3}
RPS AntiFraud --> MsiExec.exe /I{470A7B9D-18E4-47BA-BD99-4A33E895B632}
RPS AntiSpyware --> MsiExec.exe /I{F8D4781A-6A2E-49C5-B6D2-D0142E33163E}
RPS AntiVirus --> MsiExec.exe /I{50AC3A46-935F-4C95-97AB-B76475252710}
RPS App Detector --> MsiExec.exe /I{8494BACD-7F1D-48B3-A231-3047CC455BEF}
RPS AsRealtime --> MsiExec.exe /I{A50108F7-1096-4770-896A-92C44E2DA77F}
RPS Backup --> MsiExec.exe /I{66C95F5A-CAC5-42FC-9745-B8B9D2FE8CA6}
RPS Burn --> MsiExec.exe /I{D6AB7AA1-8421-4FBC-A544-DA4346F903C2}
RPS Diagnostic Utility --> MsiExec.exe /I{2FFE5DE2-E5E2-49B7-A607-26B445C3C4D9}
RPS Firewall --> MsiExec.exe /I{34FA5E91-1730-4482-94A3-BA123A95958A}
RPS ParentalControl --> MsiExec.exe /I{15252CCA-6D83-4A7B-AE04-C112F7A804E2}
RPS Performance Tool --> MsiExec.exe /I{BBF6C6A8-ED28-4F2D-9264-2E9BFFCCED0C}
RPS PopupBlocker --> MsiExec.exe /I{AD507710-1640-4D5C-990F-36394F7E0BB3}
RPS Privacy Manager --> MsiExec.exe /I{572A527F-D4A4-4C49-B16E-5C425AB60F77}
RPS RpsCore --> MsiExec.exe /I{0CCECA0A-5417-410D-8815-2ACCB9C482E3}
RPS Security Cleanup --> MsiExec.exe /I{79CFDAF3-7FF3-4999-AF32-EFA37A4E7FB5}
RPS Zip --> MsiExec.exe /I{A3872D23-1686-4B2D-9F3C-32A6BB8D6508}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Sins of a Solar Empire --> "C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire --> C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sympatico Security Advisor 1.5.11 --> "C:\Program Files\Bell\Sympatico Security Advisor\unins000.exe"
Sympatico Security Manager --> C:\Program Files\InstallShield Installation Information\{9BD0412D-2C8B-448B-AAB1-F62BFC248549}\Setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2 --> "C:\Kyle Work Folder\Teamspeak2_RC2\unins000.exe"
The Guild 2 - Pirates of the European Seas --> D:\Games\The Guild 2 - Pirates of the European Seas\uninstall.exe
Toribash 3.1 --> "D:\Games\Toribash-3.1\unins000.exe"
Ultra AVI Converter 2.2.2 --> "C:\Program Files\Ultra AVI Converter\unins000.exe"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VoIP Phone Charger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B85B4400-C4E3-48CB-BB5C-1D15CED1CC57}\Setup.exe" -l0x9
VP3 Codec for Video for Windows --> C:\WINDOWS\system32\Uninstal.exe
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPhlash --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Phoenix Technologies Ltd\WinPhlash\Uninst.isu"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type15505 / Success
Event Submitted/Written: 07/21/2008 08:45:00 PM
Event ID/Source: 17 / PDAgent
Event Description:
Defragmentation on drive D:\ was canceled because of loss of AC power.

Event Record #/Type15504 / Success
Event Submitted/Written: 07/21/2008 08:45:00 PM
Event ID/Source: 17 / PDAgent
Event Description:
Defragmentation on drive C:\ was canceled because of loss of AC power.

Event Record #/Type15503 / Success
Event Submitted/Written: 07/21/2008 08:44:52 PM
Event ID/Source: 17 / PDAgent
Event Description:
Defragmentation on drive D:\ was canceled because of loss of AC power.

Event Record #/Type15502 / Success
Event Submitted/Written: 07/21/2008 08:44:52 PM
Event ID/Source: 17 / PDAgent
Event Description:
Defragmentation on drive C:\ was canceled because of loss of AC power.

Event Record #/Type15501 / Success
Event Submitted/Written: 07/21/2008 08:43:53 PM
Event ID/Source: 17 / PDAgent
Event Description:
Defragmentation on drive D:\ was canceled because of loss of AC power.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type41113 / Error
Event Submitted/Written: 07/22/2008 05:31:41 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.

Event Record #/Type41091 / Error
Event Submitted/Written: 07/22/2008 05:25:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The osaio service failed to start due to the following error:
%%32

Event Record #/Type41090 / Error
Event Submitted/Written: 07/22/2008 05:25:32 PM
Event ID/Source: 610 / SCardSvr
Event Description:
Smart Card Reader 'O2Micro PCMCIA Reader 0' rejected IOCTL POWER: The smart card is not responding to a reset.
Here is the extra.txt


Event Record #/Type41089 / Error
Event Submitted/Written: 07/22/2008 05:25:32 PM
Event ID/Source: 0 / OZSCR
Event Description:
IOCTL POWER failed with status 0xc0000014

Event Record #/Type41088 / Error
Event Submitted/Written: 07/22/2008 05:25:32 PM
Event ID/Source: 610 / SCardSvr
Event Description:
Smart Card Reader 'O2Micro PCMCIA Reader 0' rejected IOCTL POWER: The smart card is not responding to a reset.



-- End of Deckard's System Scanner: finished at 2008-07-22 17:35:08 ------------
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
well I see some bad files, do you run Kaspersky Webscanner now? If yes, then I'll wait for the result first..
  • 0

#6
Narsizim

Narsizim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I am currently at work, Kaspers is installed and apparently (so my girlfriend says has found a virus already) so i will get teh logs and send them when im done, which should be in about 12 hours :)
  • 0

#7
Narsizim

Narsizim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the Kaspers Log

Wednesday, July 23, 2008 7:28:34 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/07/2008
Kaspersky Anti-Virus database records: 985939


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 155564
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 01:35:07

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\20080722173344\backup\DOCUME~1\ERIC'S~1\LOCALS~1\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped

C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Logs\FirewallService07-22-2008--17-25-29.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Application Data\Bell\Sympatico Security Advisor\client_gateway.log Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Application Data\ApplicationHistory\GraviSense.exe.45ce77f8.ini.inuse Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Temp\~robqxnw.tmp\errdbg.cf Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Temp\~robqxnw.tmp\extra.txt Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Temp\~robqxnw.tmp\main.txt Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Eric's [bleep]\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\CA\PPRT\logs\2008-07-22.csv Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{C914E6A1-85EF-4F5B-B1B7-259DDB26FBA9}\RP523\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_298.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{C914E6A1-85EF-4F5B-B1B7-259DDB26FBA9}\RP523\change.log Object is locked skipped

Scan process completed.

There was no option to delete or fix so I just closed out of Kaspers, hope that was the right thing to do.
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\xctujwli.dll
    C:\WINDOWS\system32\dbpivb.dll
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Post OTMoveIt2 log along with a fresh DSS log (after OTMoveIt2 step) in your next reply..


fenzodahl512
  • 0

#9
Narsizim

Narsizim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok,

I ran the thing through start run, it had two fixes, now it shows no errors when scanning,

Here is the log for OT moveit

Explorer killed successfully
LoadLibrary failed for C:\WINDOWS\system32\xctujwli.dll
C:\WINDOWS\system32\xctujwli.dll NOT unregistered.
C:\WINDOWS\system32\xctujwli.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\dbpivb.dll
C:\WINDOWS\system32\dbpivb.dll NOT unregistered.
C:\WINDOWS\system32\dbpivb.dll moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\ERIC'S~1\LOCALS~1\Temp\~robqxnw.tmp\errdbg.cf scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ERIC'S~1\LOCALS~1\Temp\~robqxnw.tmp\extra.txt scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ERIC'S~1\LOCALS~1\Temp\~robqxnw.tmp\main.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_298.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_123734

Files moved on Reboot...
C:\DOCUME~1\ERIC'S~1\LOCALS~1\Temp\~robqxnw.tmp\errdbg.cf moved successfully.
C:\DOCUME~1\ERIC'S~1\LOCALS~1\Temp\~robqxnw.tmp\extra.txt moved successfully.
C:\DOCUME~1\ERIC'S~1\LOCALS~1\Temp\~robqxnw.tmp\main.txt moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_298.dat moved successfully.
  • 0

#10
Narsizim

Narsizim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the newest dss log after the movite was run.

Deckard's System Scanner v20071014.68
Run by Eric's [bleep] on 2008-07-23 12:48:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Eric's [bleep].exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:46 PM, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SMSC\Seticon.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\GraviSense\GraviSense.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric's [bleep]\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ERIC'S~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9245 bytes

-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-22 17:37:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-22 17:37:19 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-21 19:52:18 0 d-------- C:\Program Files\Trend Micro
2008-07-21 15:43:13 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Malwarebytes
2008-07-21 15:42:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 15:42:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 15:42:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-21 15:22:00 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Uniblue
2008-07-21 15:21:52 0 d-------- C:\Program Files\Uniblue
2008-07-21 04:04:33 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\TmpRecentIcons
2008-07-16 20:07:24 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Sierra Entertainment
2008-07-14 16:14:35 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Mount&Blade
2008-07-05 01:11:33 4 -r-hs---- C:\WINOS.SYS


-- Find3M Report ---------------------------------------------------------------

2008-07-21 17:21:05 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-21 15:42:39 0 d-------- C:\Program Files\Common Files
2008-07-20 20:31:43 0 d-------- C:\Program Files\Steam
2008-07-16 20:05:22 0 d-------- C:\Program Files\AGEIA Technologies
2008-07-16 20:05:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 19:48:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 18:03:09 58564 --a------ C:\WINDOWS\War3Unin.dat
2008-07-11 19:52:23 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\uTorrent
2008-07-02 23:28:58 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 01:56 AM C:\WINDOWS\system32\bthprops.cpl]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/01/2005 05:17 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/01/2005 05:16 PM]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [28/04/2004 03:02 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 06:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 06:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 06:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 06:00 AM]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [24/10/2005 05:45 PM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 07:22 PM]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [09/05/2006 12:54 PM]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [08/05/2006 07:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [01/12/2005 06:57 PM]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [24/01/2006 07:00 PM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [19/10/2005 09:30 AM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [06/04/2006 08:22 PM]
"AGRSMMSG"="AGRSMMSG.exe" [14/10/2005 02:29 PM C:\WINDOWS\AGRSMMSG.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [11/06/2005 07:51 PM]
"AtiPTA"="atiptaxx.exe" [21/02/2006 09:05 PM C:\WINDOWS\system32\atiptaxx.exe]
"GraviSense"="C:\Acer\GraviSense\GraviSense.exe" [14/03/2006 12:33 PM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [12/03/2004 11:43 PM]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [27/03/2007 10:33 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [09/05/2007 12:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 04:45 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=C:\WINDOWS\pss\Acer VCM.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetAssistant.lnk
backup=C:\WINDOWS\pss\NetAssistant.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]
"C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
"C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\voip phone charger]
"C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"BthServ"=2 (0x2)
"btwdins"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - INT15.SYS



-- End of Deckard's System Scanner: finished at 2008-07-23 12:49:03 ----------
  • 0

#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Log looks great!.. So, how is your computer doing?.. Do this by the way..

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis

Then tell me about your computer.. Also post a fresh DSS log for my final review
  • 0

#12
Narsizim

Narsizim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Did as ordered, computer seems to running perfectly, however DSS did crash the first time after running HJT and deleting the 03 missing .dll thing. I alt Ctrl Deleted it, retried and it worked no problem.

I will reset and try a few of my games later on tonight. I have not played since starting this fourm and am dying because of it, hehe.

I have already noticed that my computer is starting up alot quicker ( like it did when it was new ). Probably because it does not have to load 50 trojans and virus lol.

Also if I am all fixed now, would you be so kind as to direct me to the donations page ( if there is one ), if I would have had to take my pc in to be fixed it would have cost me hundreds.

Thanks again! :) :) :)



Deckard's System Scanner v20071014.68
Run by Eric's [bleep] on 2008-07-23 18:18:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Eric's [bleep].exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:00 PM, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SMSC\Seticon.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\GraviSense\GraviSense.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\findstr.exe
C:\Documents and Settings\Eric's [bleep]\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ERIC'S~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9021 bytes

-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-22 17:37:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-22 17:37:19 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-21 19:52:18 0 d-------- C:\Program Files\Trend Micro
2008-07-21 15:43:13 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Malwarebytes
2008-07-21 15:42:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 15:42:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 15:42:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-21 15:22:00 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Uniblue
2008-07-21 15:21:52 0 d-------- C:\Program Files\Uniblue
2008-07-21 04:04:33 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\TmpRecentIcons
2008-07-16 20:07:24 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Sierra Entertainment
2008-07-14 16:14:35 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\Mount&Blade
2008-07-05 01:11:33 4 -r-hs---- C:\WINOS.SYS


-- Find3M Report ---------------------------------------------------------------

2008-07-21 17:21:05 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-21 15:42:39 0 d-------- C:\Program Files\Common Files
2008-07-20 20:31:43 0 d-------- C:\Program Files\Steam
2008-07-16 20:05:22 0 d-------- C:\Program Files\AGEIA Technologies
2008-07-16 20:05:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 19:48:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 18:03:09 58564 --a------ C:\WINDOWS\War3Unin.dat
2008-07-11 19:52:23 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\uTorrent
2008-07-02 23:28:58 0 d-------- C:\Documents and Settings\Eric's [bleep]\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 01:56 AM C:\WINDOWS\system32\bthprops.cpl]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/01/2005 05:17 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/01/2005 05:16 PM]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [28/04/2004 03:02 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 06:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 06:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 06:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 06:00 AM]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [24/10/2005 05:45 PM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 07:22 PM]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [09/05/2006 12:54 PM]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [08/05/2006 07:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [01/12/2005 06:57 PM]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [24/01/2006 07:00 PM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [19/10/2005 09:30 AM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [06/04/2006 08:22 PM]
"AGRSMMSG"="AGRSMMSG.exe" [14/10/2005 02:29 PM C:\WINDOWS\AGRSMMSG.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [11/06/2005 07:51 PM]
"AtiPTA"="atiptaxx.exe" [21/02/2006 09:05 PM C:\WINDOWS\system32\atiptaxx.exe]
"GraviSense"="C:\Acer\GraviSense\GraviSense.exe" [14/03/2006 12:33 PM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [12/03/2004 11:43 PM]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [27/03/2007 10:33 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [09/05/2007 12:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 04:45 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=C:\WINDOWS\pss\Acer VCM.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetAssistant.lnk
backup=C:\WINDOWS\pss\NetAssistant.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]
"C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
"C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\voip phone charger]
"C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"BthServ"=2 (0x2)
"btwdins"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - INT15.SYS



-- End of Deckard's System Scanner: finished at 2008-07-23 18:19:18 ------------
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Great! Your log looks clean to my eyes.. About donations, errr.. Lets forget about it.. Maybe I should have my own donation page :)


Please download OTCleanIt and save it to Desktop.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#14
Narsizim

Narsizim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey there, might have a problem :)

I ran that last test and it requested I rebooted my computer. So i did.

I had to run away while the reboot was happening. When I retured everything seemed normal but the wireless icon appeared not connected, however I could access the net.

So I rebooted once again, this error came up. ( attatched file ).

Incase the file does not work it says.

Unexpected error

An unexpected error has occured and this application cannot recover from it

Exception code: 3221225477
Exception address: 7C918FEA

Only option is to press "ok" button.

Everything else appears to be fine, however still no time to play games :) hehe.


Ok i tried several times to upload the picture and it would not let me, says you have not selected a file, yet I have...

Anywho hope that makes sence

*EDIT: I wanted to add that I have been on my PC now for a couple of hours and it seems to be working great, I have not got that unexpected error again, and have reset my computer multiple times, lets hope that unexpected error was the virus dying once and for all!!! :) lol.

Edited by Narsizim, 24 July 2008 - 12:14 AM.

  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP