[Ben_H]

Hey there

First off my names Ben.

I have for some time been experiencing major slow downs on my computer, when i run task manager i sometimes sit on 55% computer usage simply using windows with MSN, i have AVG and have found the trojan Download.Generic7.rwi and have been unable to delete it, i downloaded search and destroy as directed by a friend which found only cookies and trackers and what not, which didn't fix the problem

I followed the steps as lsited in the "read before posting" and tried to remove it that way but still receive problems, as far as i have found out this Trojan infects all of my .exe files.

I have gotten my hijackthis log for you and posted it below, i may have missed something in the initial steps as listed and apologize in advance.




Hijackthis Log ________________________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:41 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Computer_Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205641224843
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4546 bytes

________________________________________________________________________________



I thank you in advance for reading this post and eagerly await a response.

Ben

Edited by Ben_H, 22 July 2008 - 05:46 AM.

[Advertisements]

Hi Ben,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
• Double-click on DSS.exe to run it, and follow the prompts.
• The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:

• main.txt and extra.txt from DSS

[Stamper19]

Hi Ben,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
• Double-click on DSS.exe to run it, and follow the prompts.
• The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:

• main.txt and extra.txt from DSS

[Ben_H]

Hey Stamper

Thanks for the reply, iv completed that step so heres the logs.

Main.txt

_______________________________________________________________________________

Deckard's System Scanner v20071014.68
Run by Ben on 2008-07-25 01:40:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-07-24 15:40:47 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-07-24 09:26:09 UTC - RP4 - System Checkpoint
3: 2008-07-23 07:30:07 UTC - RP3 - Installed Microsoft Calculator Plus
2: 2008-07-23 07:21:56 UTC - RP2 - Installed Adobe Reader 9.
1: 2008-07-22 08:29:46 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ben.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:02 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ben\Desktop\dss.exe
D:\COMPUT~1\Ben.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205641224843
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4599 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>

S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "d:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
S4 Beefraverte -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-31 05:01:00 256 --a------ C:\WINDOWS\Tasks\Shutdown.job


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-23 17:30:07 0 d-------- C:\Program Files\Microsoft Calculator Plus
2008-07-22 18:32:34 0 d-------- C:\Documents and Settings\Ben\Application Data\Malwarebytes
2008-07-22 18:32:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 18:32:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 18:32:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-22 17:56:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-14 22:51:34 0 d-------- C:\Program Files\Disc2Phone
2008-07-14 18:38:02 0 d-------- C:\Documents and Settings\Ben\Application Data\Shareaza
2008-06-30 15:50:20 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 15:50:20 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-06-30 15:50:19 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-06-30 04:55:47 26422 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-30 04:55:45 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-30 04:55:45 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-28 16:47:34 0 d-------- C:\Program Files\Marvell
2008-06-28 16:31:11 0 d-------- C:\Program Files\Support Tools
2008-06-28 15:56:33 0 dr-h----- C:\$VAULT$.AVG
2008-06-28 15:42:45 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT


-- Find3M Report ---------------------------------------------------------------

2008-07-24 15:03:16 0 d-------- C:\Documents and Settings\Ben\Application Data\nView_Wallpaper
2008-07-24 15:01:28 0 --a------ C:\WINDOWS\TempFile
2008-07-23 17:26:02 0 d-------- C:\Documents and Settings\Ben\Application Data\Adobe
2008-07-23 17:23:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-23 11:25:40 0 d-------- C:\Documents and Settings\Ben\Application Data\uTorrent
2008-07-22 18:32:15 0 d-------- C:\Program Files\Common Files
2008-07-22 18:12:52 0 d-------- C:\Documents and Settings\Ben\Application Data\AVG7
2008-07-03 14:50:51 0 d-------- C:\Documents and Settings\Ben\Application Data\U3
2008-06-28 16:35:21 0 d-------- C:\Program Files\Windows NT
2008-06-23 23:05:17 0 d-------- C:\Documents and Settings\Ben\Application Data\Skype
2008-06-23 18:32:49 0 d-------- C:\Documents and Settings\Ben\Application Data\skypePM
2008-06-18 21:49:33 0 d-------- C:\Program Files\Common Files\3DO Shared
2008-06-18 21:48:00 0 d-------- C:\Program Files\3DO
2008-06-16 00:39:40 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-04 00:20:25 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-29 21:02:38 0 d-------- C:\Program Files\Adobe Media Player
2008-05-29 21:02:35 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-27 02:30:43 0 --a------ C:\Documents and Settings\Ben\Application Data\AVSDVDPlayer.m3u
2008-05-27 02:21:00 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-05-27 02:20:33 0 d-------- C:\Program Files\AVSMedia
2008-05-18 01:01:39 295 --a------ C:\WINDOWS\EReg072.dat
2008-05-06 02:12:00 626688 --a------ C:\WINDOWS\system32\ykx32ncu.dll <Not Verified; Marvell; Marvell NCU Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 12:41 AM]
"Logitech Utility"="Logi_MwX.Exe" [11/08/2002 07:50 PM C:\WINDOWS\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [12/05/2007 12:41 AM C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 05:56 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 07:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/12/2007 2:43:38 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [12/12/2007 2:00:58 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18f793e2-a866-11dc-8b7e-806d6172696f}]
AutoRun\command- G:\start.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8828 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-25 01:42:44 -----------








_______________________________________________________________________________




Extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6400 @ 2.13GHz
CPU 1: Intel® Core™2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 16%
Physical Memory (total/avail): 3070.42 MiB / 2573.99 MiB
Pagefile Memory (total/avail): 4445.98 MiB / 4141.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 47.33 GiB total, 32.08 GiB free.
D: is Fixed (NTFS) - 185.55 GiB total, 11.05 GiB free.
E: is Fixed (NTFS) - 111.79 GiB total, 34.23 GiB free.
F: is CDROM (No Media)
G: is CDROM (CDFS)
H: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250310AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 47.33 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 185.55 GiB - D:

\\.\PHYSICALDRIVE1 - WDC WD12 00JB-00G SCSI Disk Device - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.526 v7.5.526 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Battlefield 1942\\BF1942.exe"="D:\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"D:\\Mythos\\bin\\Mythos.exe"="D:\\Mythos\\bin\\Mythos.exe:*:Enabled:Mythos"
"D:\\Heroes of Might and Magic V - Tribes of the East\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe"="D:\\Heroes of Might and Magic V - Tribes of the East\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"="C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe:*:Enabled:Maya"
"D:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"="D:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe:*:Enabled:hl2"
"D:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2\\hl2.exe"="D:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2\\hl2.exe:*:Enabled:hl2"
"D:\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"="D:\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander Application"
"D:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"="D:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\3DO\\Heroes of Might and Magic IV\\heroes4.exe"="D:\\3DO\\Heroes of Might and Magic IV\\heroes4.exe:*:Enabled:Heroes of Might and Magic® IV: Winds of War™"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"E:\\Counter-Strike\\cstrike.exe"="E:\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"E:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="E:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:BF2"
"E:\\Empire Earth\\Empire Earth.exe"="E:\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"D:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"="D:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ben\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MOLEMAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ben
LOGONSERVER=\\MOLEMAN
MythosEnv=D:\Mythos\
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\Program Files\Autodesk\Maya8.5\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Support Tools\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ben\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ben\LOCALS~1\Temp
USERDOMAIN=MOLEMAN
USERNAME=Ben
USERPROFILE=C:\Documents and Settings\Ben
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ben (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Age of Conan - Hyborian Adventures --> "D:\Age of Conan\unins000.exe"
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DirectConnect 2.0 --> MsiExec.exe /I{28C74612-2C48-4421-BF67-3949CD90748E}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AV VoizGame 4.0 --> D:\PROGRA~1\AVVOIZ~1\UNWISE.EXE D:\PROGRA~1\AVVOIZ~1\INSTALL.LOG
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVS DVD Player version 2.4 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Setup.exe" -l0x9
Battlefield 1942: Secret Weapons of WWII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\Setup.exe" -l0x9
Battlefield 1942: The Road To Rome --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\Setup.exe" -l0x9
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer Red Alert 2 --> D:\RA2\Uninstll.EXE
Command && Conquer Red Alert 2 - Yuri's Revenge --> D:\RA2\Uninstll.EXE
Counter-Strike --> "D:\Program Files\Steam\steam.exe" steam://uninstall/10
dBpoweramp Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DesertCombat 0.7 --> C:\WINDOWS\iun6002.exe "D:\Battlefield 1942\DesertCombat.ini"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dungeon Keeper 2 --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Dungeon Keeper 2\Uninst.isu" -c"D:\Program Files\Dungeon Keeper 2\uninst.dll"
Dungeon Keeper Gold --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\SYSTEM\KEEPER\DeIsL1.isu
DVD X Player 4.1 Standard --> "C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard\unins000.exe"
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
Fraps (remove only) --> "D:\Fraps\uninstall.exe"
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Half-Life 2 --> "D:\Program Files\Steam\steam.exe" steam://uninstall/220
Heroes of Might and Magic II --> C:\WINDOWS\uninst.exe -fD:\Heroes2\DeIsL1.isu
Heroes of Might and Magic IV: Winds of War --> C:\WINDOWS\IsUninst.exe -f"D:\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Heroes of Might and Magic V - Tribes of the East --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x9
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "D:\Computer_Downloads\HijackThis.exe" /uninstall
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Network Configuration Utility --> MsiExec.exe /X{7A351AAA-E651-41B1-89B6-972A676FF78B}
Maya 8.5 --> MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}
Maya 8.5 Documentation (en_US) --> MsiExec.exe /I{81525B87-9344-4834-883C-C6A9D78EA1DF}
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mythos --> MsiExec.exe /I{A2453998-F3D8-426D-B96F-0777B120E388}
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers --> C:\WINDOWS\System32\nvuninst.exe UninstallGUI
Portal --> D:\Portal\uninstall.exe
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Real Alternative 1.7.0 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SeaTools for Windows --> MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Shareaza --> D:\Program Files\Shareaza Applications\Shareaza\UninstallSurvey.exe D:\PROGRA~1\SHAREA~1\Shareaza\UNWISE.EXE D:\PROGRA~1\SHAREA~1\Shareaza\INSTALL.LOG
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Source SDK Base --> "D:\Program Files\Steam\steam.exe" steam://uninstall/215
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xiph QuickTime Components --> "C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"
ZBrush3 --> MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}


-- Application Event Log -------------------------------------------------------

Event Record #/Type224804 / Error
Event Submitted/Written: 07/25/2008 01:02:16 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type224803 / Error
Event Submitted/Written: 07/25/2008 01:01:36 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type224802 / Error
Event Submitted/Written: 07/25/2008 01:00:53 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type224801 / Error
Event Submitted/Written: 07/25/2008 01:00:15 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type224800 / Error
Event Submitted/Written: 07/25/2008 00:58:17 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type90580 / Error
Event Submitted/Written: 07/24/2008 09:50:25 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type90579 / Error
Event Submitted/Written: 07/24/2008 09:50:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type90578 / Error
Event Submitted/Written: 07/24/2008 09:50:04 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type90577 / Error
Event Submitted/Written: 07/24/2008 09:49:53 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type90570 / Error
Event Submitted/Written: 07/24/2008 03:04:27 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}



-- End of Deckard's System Scanner: finished at 2008-07-25 01:42:44 ------------






End of Logs.

[Stamper19]

Hi Ben,

Happy to help out

First, I see that you are running, or have previously installed, uTorrent. Although this application is not malware itself, the files downloaded with it are often a major source of infection. Hence, I strongly advise that it be removed. If you choose to do so, go to the Add/Remove Programs option in the Control Panel, and Uninstall uTorrent.

----------------------------------------------------------------

We need to fix some file associations

Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%Userprofile%\Desktop\dss.exe" /daft

Accept the disclaimer, and click the "Scan" button. Place a checkmark next to everything that appears and press "Fix". Afterwards, close the window.

----------------------------------------------------------------

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

----------------------------------------------------------------

Information to include in your next post:

• ComboFix Log

[Ben_H]

Hey again

I think i will be getting rid of utorrent then, as with shareazaa, too much trouble for their worth.

Heres the logs.



Combofix Log



ComboFix 08-07-24.1 - Ben 2008-07-25 13:49:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2538 [GMT 10:00]
Running from: E:\Ben\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-25 01:39 . 2008-07-25 01:39 <DIR> d-------- C:\Deckard
2008-07-23 17:30 . 2008-07-23 17:30 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
2008-07-22 18:32 . 2008-07-22 18:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 18:32 . 2008-07-22 18:32 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-22 18:32 . 2008-07-22 18:32 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Malwarebytes
2008-07-22 18:32 . 2008-07-22 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 18:32 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 18:32 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-22 17:56 . 2008-07-23 17:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 17:56 . 2008-07-22 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 20:34 . 2008-07-20 20:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-20 20:34 . 2008-07-20 20:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 22:51 . 2008-07-14 22:51 <DIR> d-------- C:\Program Files\Disc2Phone
2008-07-14 18:38 . 2008-07-14 18:38 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Shareaza
2008-07-14 18:19 . 2008-07-14 18:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-14 18:18 . 2008-07-14 18:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-30 15:50 . 2008-06-30 15:50 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 15:50 . 2008-06-30 15:50 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-06-30 15:50 . 2008-06-30 15:50 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-06-30 04:55 . 2008-06-30 04:55 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-30 04:55 . 2008-06-30 16:04 26,422 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-30 04:55 . 2008-06-30 04:55 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-28 16:47 . 2008-06-28 16:47 <DIR> d-------- C:\Program Files\Marvell
2008-06-28 16:31 . 2008-06-28 16:31 <DIR> d-------- C:\Program Files\Support Tools
2008-06-28 15:56 . 2008-07-22 18:46 <DIR> dr-h----- C:\$VAULT$.AVG
2008-06-28 15:42 . 2008-06-28 15:42 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 03:45 --------- d-----w C:\Documents and Settings\Ben\Application Data\nView_Wallpaper
2008-07-23 07:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-23 01:25 --------- d-----w C:\Documents and Settings\Ben\Application Data\uTorrent
2008-07-22 08:12 --------- d-----w C:\Documents and Settings\Ben\Application Data\AVG7
2008-07-03 04:50 --------- d-----w C:\Documents and Settings\Ben\Application Data\U3
2008-06-23 13:05 --------- d-----w C:\Documents and Settings\Ben\Application Data\Skype
2008-06-23 08:32 --------- d-----w C:\Documents and Settings\Ben\Application Data\skypePM
2008-06-18 11:49 --------- d-----w C:\Program Files\Common Files\3DO Shared
2008-06-18 11:48 --------- d-----w C:\Program Files\3DO
2008-06-15 14:39 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-15 14:37 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-03 14:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-29 11:02 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-29 11:02 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-26 16:21 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-26 16:20 --------- d-----w C:\Program Files\AVSMedia
2008-05-15 00:11 62,976 ----a-w C:\WINDOWS\system32\yk51x32v.dll
2008-05-15 00:11 46,592 ----a-w C:\WINDOWS\system32\yk51x32l.dll
2008-05-15 00:11 11,264 ----a-w C:\WINDOWS\system32\ykx32coinst.dll
2008-05-05 16:12 626,688 ----a-w C:\WINDOWS\system32\ykx32ncu.dll
2008-01-02 00:40 5,737 ----a-w C:\Program Files\install.log
2007-12-20 08:07 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 17:56 1667584]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 19:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2007-12-05 00:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-07 01:26 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-12 14:43:38 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-12 14:00:58 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Battlefield 1942\\BF1942.exe"=
"D:\\Mythos\\bin\\Mythos.exe"=
"D:\\Heroes of Might and Magic V - Tribes of the East\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"D:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"=
"D:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2\\hl2.exe"=
"D:\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"D:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"D:\\3DO\\Heroes of Might and Magic IV\\heroes4.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Counter-Strike\\cstrike.exe"=
"E:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"E:\\Empire Earth\\Empire Earth.exe"=
"D:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\WINDOWS\system32\DRIVERS\yk51x32l.sys [2008-05-15 10:11]
S3 SkVlanProtocol;Marvell VLAN Protocol;C:\WINDOWS\system32\DRIVERS\yk51x32v.sys [2008-05-15 10:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 19:01:00 C:\WINDOWS\Tasks\Shutdown.job"
- C:\WINDOWS\system32\shutdown.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 13:52:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-25 13:53:37
ComboFix-quarantined-files.txt 2008-07-25 03:53:09

Pre-Run: 34,358,431,744 bytes free
Post-Run: 34,369,531,904 bytes free

143





Hijackthis Log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:09 PM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
E:\Ben\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205641224843
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5082 bytes

[Stamper19]

Hi Ben,

Smart move getting rid of the peer-to-peer programs

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

----------------------------------------------------------------

Please submit the following files for analysis.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  
  • C:\WINDOWS\system32\yk51x32v.dll
• Click on the submit button
  
• Please post the results in your next reply.

Please note that if you are submitting more than one file they will have to be entered one at a time.

----------------------------------------------------------------

Please clean out your temp files.

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu..

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

----------------------------------------------------------------

Information to include in your next post:

• Jotti Log
• Kapersky Scan Log

[Ben_H]

Hey there

Sorry for the quite lengthy reply, been away and quite preoccupied.

I had some trouble with the java file, and only managed to get jdk-6u7-windows-i586-p
so when i went to kapersky it asked me to download some java updates after i already removed all exsisting java, and installed the new one, so i went ahead and downloaded those so i was able to use kapersky.

So here are the results.

Online Maleware scan

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


Kapersky Scan


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 29, 2008 14:00:52
Records in database: 1022697
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 160890
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 05:57:53


File name / Threat name / Threats count
C:\Deckard\System Scanner\20080725134735\backup\DOCUME~1\Ben\LOCALS~1\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
D:\Ben Related\Downloads\wowmodelview-0.5.08.zip Infected: not-a-virus:AdWare.Win32.AdMedia.ay 1
D:\Media\Non-Media\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_121b_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe Infected: Backdoor.Win32.Hupigon.bmoq 1

The selected area was scanned.

[Stamper19]

Lets delete some ill mannered files.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  D:\Ben Related\Downloads\wowmodelview-0.5.08.zip
  D:\Media\Non-Media\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_121b_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Also, let me know how the computer is running.

[Ben_H]

Ok moved those files.

At some points my computer still seems to be running rather sluggy, what mostly got me onto finding out what was wrong is that it takes sometimes minutes for my computer to get past the windows loading stage where it used to take 10-15 seconds.

the other was when it was running sluggy the sound would be slowed and computerized and all forms of sound and video would start handling very badly, as well as normal functions.



Update: The general computer handelling is going better still getting the sound slow problem every now and then, but it still takes a long time to load windows.

[Stamper19]

Hi Ben,

Do you have the OTMoveIt 2 log? It should be in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Im not totally convinced the issues you are describing are software issues, but lets see what we can do speed things up a bit.

Let's try to speed your system.

Prefetch is clickable for more information

• Click Start then Run, type prefetch then press ENTER, click Edit then select all (all files will highlight), right click any file, click Delete, confirm,
• Click Start then All Programs, Accessories, System Tools to run Disc Cean Up
• Reboot
• Click Start then All Programs, Accessories, System Tools to run Defragmenter

Now we'll run Tune Up

• Download, install and run Tune Up 2007 Trial
• Run Tune Up disc clean up
• Run Tune Up registry clean up
• Disable your AntiVirus program, then click Optimize and Improve to run Reg Defrag, the screen will lose color during the process which can take a few minutes and then needs a reboot
• Check to make sure your AntiVirus is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

• Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot
• After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.
• After the reboot, click optimize then system optimizer to run system advisor.

Edited by Stamper19, 31 July 2008 - 07:45 AM.

[Stamper19]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.