Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spyware trouble [RESOLVED]


  • This topic is locked This topic is locked

#1
mamaloney

mamaloney

    Member

  • Member
  • PipPip
  • 26 posts
i got a virus that tells me to download a fake anti-spyware program.
it locked up my computer and i need help fixing this.
thanks! :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24: VIRUS ALERT!, on 7/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\LClock\lclock.exe
C:\program files\steam\steam.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E156AAE-FA60-44A1-8E69-2E0E0030F1F6} - C:\WINDOWS\system32\iifgEvVo.dll
O2 - BHO: QXK Olive - {A008E854-351C-4CFD-BFFF-C1C4D6FF5BBD} - C:\WINDOWS\nfavxwdbgfw.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: fdkowvbp - {4BFE09E6-C0C4-4F43-9972-EF6747259D82} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,[email protected]
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Microsoft Windows Express] Microsoft Update
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunServices: [Microsoft Windows Express] Microsoft Update
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: iifgEvVo - C:\WINDOWS\SYSTEM32\iifgEvVo.dll
O21 - SSODL: eqvwamkl - {443672E4-528D-47DB-8472-7546576B2ACA} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {38DDCFE2-044B-4777-B0A3-9A3ED41E3FC2} - C:\WINDOWS\wnslvxtf.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8711 bytes

Attached Thumbnails

  • 1.JPG

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello mamaloney

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
mamaloney

mamaloney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Deckard's System Scanner v20071014.68
Run by michael maloney on 2008-07-24 16:31:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-07-24 23:34:14 UTC - RP25 - Deckard's System Scanner Restore Point
9: 2008-07-24 21:30:21 UTC - RP24 - Restore Operation
8: 2008-07-24 21:13:04 UTC - RP23 - Installed TuneUp Utilities 2008
7: 2008-07-24 20:42:53 UTC - RP22 - Installed ESET NOD32 Antivirus
6: 2008-07-24 06:02:57 UTC - RP21 - Removed ESET Smart Security


-- First Restore Point --
1: 2008-07-17 04:55:11 UTC - RP16 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as michael maloney.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38: VIRUS ALERT!, on 7/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\LClock\lclock.exe
C:\program files\steam\steam.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\michael maloney\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\michael maloney.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E156AAE-FA60-44A1-8E69-2E0E0030F1F6} - C:\WINDOWS\system32\iifgEvVo.dll
O2 - BHO: QXK Olive - {A008E854-351C-4CFD-BFFF-C1C4D6FF5BBD} - C:\WINDOWS\nfavxwdbgfw.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: fdkowvbp - {4BFE09E6-C0C4-4F43-9972-EF6747259D82} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,[email protected]
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Microsoft Windows Express] Microsoft Update
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunServices: [Microsoft Windows Express] Microsoft Update
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: iifgEvVo - C:\WINDOWS\SYSTEM32\iifgEvVo.dll
O21 - SSODL: eqvwamkl - {443672E4-528D-47DB-8472-7546576B2ACA} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {38DDCFE2-044B-4777-B0A3-9A3ED41E3FC2} - C:\WINDOWS\wnslvxtf.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8731 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,54
.chm - chm.file - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,65
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.hlp - hlpfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,12
.inf - inffile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,46
.ini - inifile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,46
.js - JSFile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,83
.reg - regfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,64
.txt - txtfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,56
.vbs - VBSFile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\astek\MB-AesTeK.icl,66


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S2 RPCT (Remote Procedure Call (TPM)) - c:\program files\netmeeting\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 15:30:04 0 d-------- C:\VundoFix Backups
2008-07-24 15:22:59 0 d-------- C:\Program Files\Trend Micro
2008-07-24 14:15:22 32640 --a------ C:\WINDOWS\system32\iifgEvVo.dll
2008-07-24 14:15:22 32640 --a------ C:\WINDOWS\system32\byXNecAT.dll
2008-07-24 14:15:14 0 d-------- C:\WINDOWS\privacy_danger
2008-07-24 14:15:09 0 d-------- C:\Documents and Settings\michael maloney\Application Data\TmpRecentIcons
2008-07-24 14:14:40 229376 --a------ C:\WINDOWS\wnslvxtf.dll
2008-07-24 14:14:40 380928 --a------ C:\WINDOWS\nfavxwdbgfw.dll
2008-07-24 14:14:40 86016 --a------ C:\WINDOWS\grswptdl.exe
2008-07-24 14:14:40 192512 --a------ C:\WINDOWS\fdkowvbp.dll
2008-07-24 14:14:40 94208 --a------ C:\WINDOWS\eskx.exe
2008-07-24 14:14:40 180224 --a------ C:\WINDOWS\eqvwamkl.dll
2008-07-24 14:10:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL
2008-07-24 13:46:06 159847 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-07-24 13:46:06 0 d-------- C:\Program Files\Marsu-Fix
2008-07-16 19:11:50 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-16 17:24:50 0 d-------- C:\Documents and Settings\michael maloney\Application Data\Nexon
2008-07-16 07:28:39 230306 --a------ C:\WINDOWS\uninstall cats_on_.exe
2008-07-16 07:28:37 5665450 --a------ C:\WINDOWS\cats_on_.scr
2008-07-07 14:37:43 0 d-------- C:\Program Files\YouTube Downloader
2008-07-05 10:36:11 0 d-------- C:\Documents and Settings\michael maloney\Application Data\Opera
2008-07-05 10:36:03 0 d-------- C:\Program Files\Opera
2008-07-04 12:57:55 0 d-------- C:\Program Files\Valve
2008-07-03 15:32:56 0 d-------- C:\Nexon
2008-07-03 15:32:55 0 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-02 10:37:36 0 d-------- C:\Downloads
2008-07-01 18:30:40 0 d-------- C:\Program Files\Microsoft Works
2008-07-01 18:30:00 0 d-------- C:\Program Files\MSBuild
2008-07-01 18:27:06 0 d-------- C:\Program Files\Microsoft.NET
2008-07-01 18:13:30 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-01 18:12:36 0 d-------- C:\WINDOWS\SHELLNEW
2008-07-01 18:11:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-01 18:10:14 0 dr-h----- C:\MSOCache
2008-06-30 08:13:42 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-30 08:13:42 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-30 08:13:36 0 d-------- C:\Program Files\Cheat Engine
2008-06-29 08:48:23 187392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-06-28 11:00:22 0 d-a------ C:\Documents and Settings\michael maloney\Client
2008-06-27 21:36:47 76404 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 21:36:46 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-27 21:36:46 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-27 21:34:09 0 d-------- C:\Program Files\Warcraft III
2008-06-27 21:32:54 0 dr-h----- C:\Documents and Settings\michael maloney\Recent
2008-06-27 21:22:21 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-27 21:16:57 0 d-------- C:\Documents and Settings\michael maloney\Application Data\DAEMON Tools
2008-06-27 18:57:18 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-07-24 16:32:16 0 d-------- C:\Documents and Settings\michael maloney\Application Data\uTorrent
2008-07-24 15:07:32 0 d-------- C:\Program Files\Hunt Virus Utilities
2008-07-24 14:52:15 0 d-------- C:\Program Files\Steam
2008-07-24 14:51:58 0 d-------- C:\Program Files\Lx_cats
2008-07-24 14:11:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 06:16:06 0 d-------- C:\Program Files\LogMeIn
2008-07-16 19:11:50 0 d-------- C:\Program Files\Common Files
2008-07-11 19:37:41 0 d-------- C:\Documents and Settings\michael maloney\Application Data\PlayFirst
2008-07-10 22:23:58 0 d-------- C:\Program Files\PowerCmd
2008-06-29 09:30:20 4361216 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-29 08:49:41 0 d-------- C:\Program Files\Stardock
2008-06-28 11:16:07 0 d-------- C:\Documents and Settings\michael maloney\Application Data\Hamachi
2008-06-19 08:22:58 0 d-------- C:\Program Files\ProcessGuard
2008-06-18 09:02:31 73040 --a------ C:\WINDOWS\system32\pguard.dat
2008-06-18 09:02:24 32852 --a------ C:\WINDOWS\system32\pghash.dat
2008-06-17 18:02:24 0 d-------- C:\Program Files\ReaConverter 5.5 Pro
2008-06-16 17:04:14 0 d-------- C:\Program Files\wally
2008-06-12 07:36:24 0 d-------- C:\Documents and Settings\michael maloney\Application Data\Help
2008-06-11 16:28:55 0 d-------- C:\Program Files\Hamachi
2008-06-09 18:26:20 0 d-------- C:\Documents and Settings\michael maloney\Application Data\Desktopicon
2008-06-09 11:16:24 0 d-------- C:\Program Files\poison ivy
2008-06-09 09:35:50 0 d-------- C:\Program Files\M3U Creator
2008-06-08 22:57:03 0 d-------- C:\Program Files\Lexmark 1400 Series
2008-06-08 17:43:23 0 d-------- C:\Program Files\MagicISO
2008-06-06 16:05:29 0 d-------- C:\Program Files\Peter
2008-06-05 16:53:07 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-04 15:00:12 0 d-------- C:\Documents and Settings\michael maloney\Application Data\WNR
2008-06-03 12:07:53 0 d-------- C:\Program Files\MSXML 4.0
2008-06-03 12:04:29 0 d-------- C:\Program Files\Microsoft Games
2008-06-02 22:09:31 0 d-------- C:\Program Files\Alcohol Soft
2008-06-02 12:57:39 0 d-------- C:\Documents and Settings\michael maloney\Application Data\Media Player Classic
2008-06-02 12:24:28 0 d-------- C:\Program Files\TechSmith
2008-06-02 07:58:03 2625 --a------ C:\Documents and Settings\michael maloney\Application Data\.googlewebacchosts
2008-06-01 14:14:11 0 d-------- C:\Documents and Settings\michael maloney\Application Data\Macromedia
2008-05-30 20:49:05 0 d-------- C:\Program Files\Google
2008-05-27 11:10:39 0 d-------- C:\Program Files\Screensaver Factory 4 Enterprise
2008-05-27 11:10:10 0 d-------- C:\Documents and Settings\michael maloney\Application Data\Blumentals
2008-05-27 11:08:57 0 d-------- C:\Program Files\Screensaver Wonder 4
2008-05-27 11:04:06 0 d-------- C:\Program Files\Easy GIF Animator
2008-05-26 23:26:03 0 d-------- C:\Documents and Settings\michael maloney\Application Data\ESET
2008-05-26 22:42:12 0 d-------- C:\Program Files\Diner Dash 3-in-1
2008-05-26 16:37:52 0 d-------- C:\Program Files\GCFScape
2008-05-26 16:30:14 0 d-------- C:\Program Files\Valve Hammer Editor
2008-05-26 15:35:57 0 d-------- C:\Program Files\Hometown Hero
2008-05-21 17:22:13 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-20 22:04:45 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-20 21:54:00 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 21:24:27 0 -rahs---- C:\MSDOS.SYS
2008-05-20 21:24:27 0 -rahs---- C:\IO.SYS
2008-05-20 21:24:27 0 --a------ C:\CONFIG.SYS
2008-05-20 21:24:27 0 --a------ C:\AUTOEXEC.BAT
2008-05-20 21:20:22 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-20 13:55:05 62 --ahs---- C:\Documents and Settings\michael maloney\Application Data\desktop.ini
2008-05-18 04:16:08 28672 --a------ C:\WINDOWS\system32\setupold.exe <Not Verified; iLE d.o.p.; >
2008-05-18 04:16:08 3127 --a------ C:\WINDOWS\system32\presetup.cmd
2008-05-18 04:03:48 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 04:03:05 36864 --a------ C:\WINDOWS\system32\qfecheck.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 04:03:05 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2008-05-18 04:02:01 16384 --a------ C:\WINDOWS\system32\lcid.exe <Not Verified; Microsoft; lcid>
2008-05-18 04:01:24 9728 --a------ C:\WINDOWS\system32\7zSplit.exe <Not Verified; Oleg N. Scherbakov; 7ZSplit>
2008-05-18 04:01:22 98304 --a------ C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:59:38 200 --a------ C:\WINDOWS\system32\nlite.cmd
2008-05-18 03:39:16 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:39:16 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:39:13 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:39:12 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:39:12 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:39:12 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:39:12 99840 --a------ C:\WINDOWS\system32\wmpshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:39:01 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:39:01 242688 --a------ C:\WINDOWS\system32\wmpasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:44 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:43 157184 --a------ C:\WINDOWS\system32\wmidx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:43 227328 --a------ C:\WINDOWS\system32\wmerror.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:43 37376 --a------ C:\WINDOWS\system32\wmdmps.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-05-18 03:38:43 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-05-18 03:38:42 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:41 757248 --a------ C:\WINDOWS\system32\wmadmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:39 211456 --a------ C:\WINDOWS\system32\qasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:38 321536 --a------ C:\WINDOWS\system32\mswmdm.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-05-18 03:38:38 414208 --a------ C:\WINDOWS\system32\msscp.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-05-18 03:38:38 175616 --a------ C:\WINDOWS\system32\mspmsp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-05-18 03:38:37 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-05-18 03:38:37 179712 --a------ C:\WINDOWS\system32\msnetobj.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-05-18 03:38:37 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:37 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:37 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:37 100864 --a------ C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:37 11264 --a------ C:\WINDOWS\system32\laprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:37 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-05-18 03:38:36 229376 --a------ C:\WINDOWS\system32\cewmdm.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-05-18 03:38:36 542720 --a------ C:\WINDOWS\system32\blackbox.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-05-18 03:38:35 316416 --a------ C:\WINDOWS\system32\wudfx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:35 55808 --a------ C:\WINDOWS\system32\wudfsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:35 165376 --a------ C:\WINDOWS\system32\wudfplatform.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:35 7168 --a------ C:\WINDOWS\system32\asferror.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:34 146432 --a------ C:\WINDOWS\system32\wudfhost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:34 356352 --a------ C:\WINDOWS\system32\WPDSp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:34 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:34 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:33 38400 --a------ C:\WINDOWS\system32\wpdshextres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:33 2603008 --a------ C:\WINDOWS\system32\wpdshext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:31 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:29 656896 --a------ C:\WINDOWS\system32\wmvxencd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:29 767488 --a------ C:\WINDOWS\system32\wmvsencd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:28 1382912 --a------ C:\WINDOWS\system32\wmvsdecd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:27 1574912 --a------ C:\WINDOWS\system32\wmvencod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:26 1543680 --a------ C:\WINDOWS\system32\wmvdecod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:24 4096 --a------ C:\WINDOWS\system32\wmvadve.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:24 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:24 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:24 130048 --a------ C:\WINDOWS\system32\wmpps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:24 613376 --a------ C:\WINDOWS\system32\wmpmde.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:23 1661440 --a------ C:\WINDOWS\system32\WMPEncEn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:22 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:22 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-05-18 03:38:21 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:21 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:20 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:20 4096 --a------ C:\WINDOWS\system32\wdfapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:20 8704 --a------ C:\WINDOWS\system32\uWDF.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:20 199168 --a------ C:\WINDOWS\system32\portabledevicewmdrm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:20 132096 --a------ C:\WINDOWS\system32\portabledevicewiacompat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:20 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:20 101888 --a------ C:\WINDOWS\system32\portabledeviceclassextension.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:20 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:19 259072 --a------ C:\WINDOWS\system32\mpg4decd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:19 317440 --a------ C:\WINDOWS\system32\mp4sdecd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:18 259072 --a------ C:\WINDOWS\system32\mp43decd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:18 212992 --a------ C:\WINDOWS\system32\mfplat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:17 249856 --a------ C:\WINDOWS\system32\drmupgds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 03:38:17 276992 --a------ C:\WINDOWS\system32\audiodev.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-16 16:17:46 2746880 --a------ C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-16 15:54:41 2710016 --a------ C:\WINDOWS\system32\winntbbu.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 07:37:34 2765312 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:36:56 153088 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 06:02:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 23:52:30 2121235 --a------ C:\WINDOWS\system32\x264vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E156AAE-FA60-44A1-8E69-2E0E0030F1F6}]
07/24/2008 14:15: VIRUS ALERT! 32640 --a------ C:\WINDOWS\system32\iifgEvVo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A008E854-351C-4CFD-BFFF-C1C4D6FF5BBD}]
07/24/2008 10:30: VIRUS ALERT! 380928 --a------ C:\WINDOWS\nfavxwdbgfw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/14/2008 05:00: VIRUS ALERT!]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/14/2008 05:00: VIRUS ALERT!]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/14/2008 05:00: VIRUS ALERT!]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/01/2008 21:15: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28: VIRUS ALERT!]
"RegistryMechanic"="" []
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [03/05/2007 19:40: VIRUS ALERT!]
"LXDJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [02/09/2007 16:21: VIRUS ALERT!]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [02/28/2008 15:31: VIRUS ALERT!]
"LogonStudio"="C:\Program Files\Stardock\LogonStudio\logonstudio.exe" [09/03/2002 18:38: VIRUS ALERT!]
"Microsoft Windows Express"="Microsoft Update" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47: VIRUS ALERT!]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [03/13/2008 16:48: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 13:58: VIRUS ALERT!]
"LClock"="C:\Program Files\LClock\lclock.exe" [09/19/2004 11:27: VIRUS ALERT!]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:00: VIRUS ALERT!]
"Steam"="c:\program files\steam\steam.exe" [05/21/2008 09:16: VIRUS ALERT!]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [02/19/2008 15:59: VIRUS ALERT!]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/22/2008 04:30: VIRUS ALERT!]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 02:39: VIRUS ALERT!]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/22/2008 22:18: VIRUS ALERT!]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [07/23/2008 23:13: VIRUS ALERT!]
"s9201"="C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" [07/24/2008 14:10: VIRUS ALERT!]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Windows Express"=Microsoft Update

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe"
"LClock"=C:\Program Files\LClock\LClock.exe

C:\Documents and Settings\michael maloney\Start Menu\Programs\Startup\
Styler.lnk - C:\Documents and Settings\michael maloney\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [5/20/2008 9:47:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7E156AAE-FA60-44A1-8E69-2E0E0030F1F6}"= C:\WINDOWS\system32\iifgEvVo.dll [07/24/2008 14:15: VIRUS ALERT! 32640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"= {443672E4-528D-47DB-8472-7546576B2ACA} - C:\WINDOWS\eqvwamkl.dll [07/24/2008 10:30: VIRUS ALERT! 180224]
"wnslvxtf"= {38DDCFE2-044B-4777-B0A3-9A3ED41E3FC2} - C:\WINDOWS\wnslvxtf.dll [07/24/2008 10:30: VIRUS ALERT! 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgEvVo]
iifgEvVo.dll 07/24/2008 14:15: VIRUS ALERT! 32640 C:\WINDOWS\system32\iifgEvVo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32: VIRUS ALERT! 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 05/12/2008 10:49: VIRUS ALERT! 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\autoplay.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register



-- End of Deckard's System Scanner: finished at 2008-07-24 16:39:59 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 447.48 MiB / 200.07 MiB
Pagefile Memory (total/avail): 1057.88 MiB / 707.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.84 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 117.7 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is CDROM (No Media)
N: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-22GUA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALKY=C:\Program Files\Alky for Applications\Libraries\
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\michael maloney\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAMALONEY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\michael maloney
LOGONSERVER=\\MAMALONEY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Alky for Applications\Libraries\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp
USERDOMAIN=MAMALONEY
USERNAME=michael maloney
USERPROFILE=C:\Documents and Settings\michael maloney
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

michael maloney (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
AccessDiver v4.402 --> "C:\Program Files\Accessdiver\unins000.exe"
Alky for Applications (Windows XP) --> MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
cats on mars --> "C:\WINDOWS\uninstall cats_on_.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.4 --> "C:\Program Files\Cheat Engine\unins000.exe"
Combat Arms --> "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Condition Zero --> "C:\Program Files\Steam\steam.exe" steam://uninstall/80
Condition Zero Deleted Scenes --> "C:\Program Files\Steam\steam.exe" steam://uninstall/100
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
CursorFX --> "C:\Documents and Settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe" REMOVE=TRUE MODIFY=FALSE
CursorFX --> C:\Documents and Settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Deathmatch Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/40
Diner Dash 3-in-1 --> "C:\WINDOWS\Diner Dash 3-in-1\uninstall.exe" "/U:C:\Program Files\Diner Dash 3-in-1\Uninstall\uninstall.xml"
DriverAgent by TouchStone Software --> RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Easy GIF Animator 4.6 Pro --> "C:\Program Files\Easy GIF Animator\unins000.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Gadget Installer --> MsiExec.exe /I{3F3733A5-8322-454D-A638-3B74E1C83752}
GCFScape 1.6.7 --> "C:\Program Files\GCFScape\unins000.exe"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Half-Life --> "C:\Program Files\Valve\Half-Life\unins000.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HashTab 2.0.8 --> C:\Program Files\HashTab Shell Extension\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hometown Hero --> C:\Program Files\Hometown Hero\Uninstal.exe
Hunt Virus Utilities --> "C:\WINDOWS\Hunt Virus Utilities\uninstall.exe" "/U:C:\Program Files\Hunt Virus Utilities\Uninstall\uninstall.xml"
IconPackager --> C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 3.9.5 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kels' CPL Bonus Pack! --> rundll32.exe advpack.dll,LaunchINFSection CPLBonus.inf,uninstall
LClock --> C:\Program Files\LClock\Uninstall.exe
Lexmark 1400 Series --> C:\Program Files\Lexmark 1400 Series\Install\x86\Uninst.exe
LogMeIn --> MsiExec.exe /I{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}
LogonStudio --> C:\PROGRA~1\Stardock\LOGONS~1\UNWISE.EXE C:\PROGRA~1\Stardock\LOGONS~1\INSTALL.LOG
M3U Creator 1.0 --> "C:\Program Files\M3U Creator\Uninstall.exe"
Magic ISO Maker v5.5 (build 0261) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MapleStory --> MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
Marsu-Fix --> C:\WINDOWS\Marsu-Fix Uninstaller.exe
Microsoft Office 2007 Recent Documents Gadget --> MsiExec.exe /X{90120000-008A-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 SP1 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304 --> MsiExec.exe /X{C9B26742-06BE-3B75-B1DE-7B91B5956A04}
Mozilla Firefox (2.0.0.16) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET Smart Security\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.51 --> MsiExec.exe /X{1219497F-FA96-4D8E-9571-9C27A2A66B38}
PowerCmd 1.9 --> "C:\Program Files\PowerCmd\unins000.exe"
Quick Batch File Compiler 3.16 --> "C:\Program Files\Quick Batch File Compiler\unins000.exe"
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Ricochet --> "C:\Program Files\Steam\steam.exe" steam://uninstall/60
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Screensaver Factory 4 Enterprise --> "C:\Program Files\Screensaver Factory 4 Enterprise\unins000.exe"
Screensaver Wonder 4.7 --> "C:\Program Files\Screensaver Wonder 4\unins000.exe"
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Styler --> MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
Unlocker 1.8.7 --> C:\Program Files\Unlocker\uninst.exe
Valve Hammer Editor --> C:\PROGRA~1\VALVEH~1\UNWISE.EXE C:\PROGRA~1\VALVEH~1\INSTALL.LOG
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WebVideo Support --> C:\WINDOWS\grswptdl.exe
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Sidebar --> RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type222 / Error
Event Submitted/Written: 07/23/2008 11:05:08 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The server name or address could not be resolved

Event Record #/Type219 / Error
Event Submitted/Written: 07/22/2008 06:46:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application diner dash - hometown hero.exe, version 1.1.0.410, faulting module diner dash - hometown hero.exe, version 1.1.0.410, fault address 0x000e2870.
Processing media-specific event for [diner dash - hometown hero.exe!ws!]

Event Record #/Type214 / Error
Event Submitted/Written: 07/16/2008 07:06:50 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.62306, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00011669.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type212 / Warning
Event Submitted/Written: 07/14/2008 09:27:26 AM
Event ID/Source: 2002 / LoadPerf
Event Description:
The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi it appears that you are running a cracked version of NOD. > NOD32 v3.x FiX 1.1 by TemDono running cracked software such as this will Always lead to infection this is more than likely the origination of the infection.
First uninstall that program then do the following.
==================================
I will need you to Download ONE of these anti-virus programs and install it.
These are free.
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
or
Antivir
or
Avast
as long as you only install one.
=======================
Then::
Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /daft then hit ok.
Place a check next to everything and click on fix.
Rescan again and it should say all associations ok.
===================================
Then::
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
  • 0

#5
mamaloney

mamaloney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
the infection was something completley different from the av. i opened the .exe of the virus.
the virus took the run option off the start menu.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

the infection was something completley different from the av. i opened the .exe of the virus

Either way it is still illegal software and can lead to infection most of the time cracks are bundled with malware.

If the run option is gone then do this for the first set of instuctions.
Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.
=============
If you cannot uninstall the NOD program for now leave it.
then go on to the combofix instructions.
  • 0

#7
mamaloney

mamaloney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
there was nothing to tick, and no fix thing.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
ok then please proceed to combofix
  • 0

#9
mamaloney

mamaloney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
what about the run thing?
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Do not worry with that for now.
The daft program was the same thing just without the run option.
If you ran that as instructed and nothing was there in red after you click on Scan then it is fine.
The run box will re appear after running Combofix.
So go ahead with combofix.
It is one of the requirements to install the Recovery Console.
Please make sure to do this.
The instructions for that are on the Combofix site see the link I gave in my previous post on how to use Combofix.
  • 0

Advertisements


#11
mamaloney

mamaloney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
i ran combofix, and the spyware seems to be gone.
there was no recovery console for service pack 3.
the log from combofix:


ComboFix 08-07-24.1 - michael maloney 2008-07-24 18:14:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.141 [GMT -7:00]
Running from: C:\Documents and Settings\michael maloney\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724141231140.log
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724143401187.log
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724145210859.log
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
C:\Documents and Settings\michael maloney\Desktop\Error Cleaner.url
C:\Documents and Settings\michael maloney\Desktop\Privacy Protector.url
C:\Documents and Settings\michael maloney\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\michael maloney\Favorites\Error Cleaner.url
C:\Documents and Settings\michael maloney\Favorites\Privacy Protector.url
C:\Documents and Settings\michael maloney\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\eskx.exe
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\nfavxwdbgfw.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\byXNecAT.dll
C:\WINDOWS\system32\iifgEvVo.dll
C:\WINDOWS\wnslvxtf.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 18:18 . 2008-07-24 18:18 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-24 18:18 . 2008-07-24 18:18 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-24 16:31 . 2008-07-24 16:31 <DIR> d-------- C:\Deckard
2008-07-24 15:30 . 2008-07-24 15:30 <DIR> d-------- C:\VundoFix Backups
2008-07-24 15:22 . 2008-07-24 15:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 14:15 . 2008-07-24 14:15 <DIR> d-------- C:\Documents and Settings\michael maloney\Application Data\TmpRecentIcons
2008-07-24 14:14 . 2008-07-24 10:30 86,016 --a------ C:\WINDOWS\grswptdl.exe
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\Marsu-Fix
2008-07-24 13:46 . 2008-07-24 13:46 159,847 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-07-16 19:11 . 2008-07-16 19:11 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-16 17:24 . 2008-07-16 17:24 <DIR> d-------- C:\Documents and Settings\michael maloney\Application Data\Nexon
2008-07-16 07:28 . 2008-07-16 07:28 5,665,450 --a------ C:\WINDOWS\cats_on_.scr
2008-07-16 07:28 . 2008-07-16 07:28 230,306 --a------ C:\WINDOWS\uninstall cats_on_.exe
2008-07-07 14:37 . 2008-07-07 14:37 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-07-05 10:36 . 2008-07-05 10:36 <DIR> d-------- C:\Program Files\Opera
2008-07-04 12:57 . 2008-07-04 12:57 <DIR> d-------- C:\Program Files\Valve
2008-07-03 15:32 . 2008-07-16 17:20 <DIR> d-------- C:\Nexon
2008-07-03 15:32 . 2008-07-03 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-02 10:37 . 2008-07-02 10:37 <DIR> d-------- C:\Downloads
2008-07-01 18:34 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-01 18:30 . 2008-07-01 18:30 <DIR> d-------- C:\Program Files\MSBuild
2008-07-01 18:30 . 2008-07-01 18:30 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-01 18:27 . 2008-07-01 18:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-01 18:13 . 2008-07-01 18:13 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-01 18:12 . 2008-07-01 18:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-01 18:11 . 2008-07-01 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-01 18:10 . 2008-07-01 18:10 <DIR> dr-h----- C:\MSOCache
2008-06-30 08:13 . 2008-06-30 08:13 <DIR> d-------- C:\Program Files\Cheat Engine
2008-06-30 08:13 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-30 08:13 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-06-29 08:50 . 2008-07-24 18:19 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-06-29 08:48 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-06-28 11:00 . 2007-12-25 18:27 <DIR> d-a------ C:\Documents and Settings\michael maloney\Client
2008-06-27 21:36 . 2008-06-27 22:02 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-06-27 21:36 . 2008-06-27 22:04 76,404 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 21:36 . 2008-06-27 22:02 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-27 21:34 . 2008-07-03 16:36 <DIR> d-------- C:\Program Files\Warcraft III
2008-06-27 21:22 . 2008-06-27 21:22 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-27 21:16 . 2008-06-27 21:16 <DIR> d-------- C:\Documents and Settings\michael maloney\Application Data\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 01:20 --------- d-----w C:\Program Files\Lx_cats
2008-07-25 01:19 --------- d-----w C:\Program Files\Steam
2008-07-25 01:17 --------- d-----w C:\Documents and Settings\michael maloney\Application Data\uTorrent
2008-07-24 22:07 --------- d-----w C:\Program Files\Hunt Virus Utilities
2008-07-24 21:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 20:42 --------- d-----w C:\Program Files\ESET
2008-07-24 13:16 --------- d-----w C:\Program Files\LogMeIn
2008-07-12 02:37 --------- d-----w C:\Documents and Settings\michael maloney\Application Data\PlayFirst
2008-07-12 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-11 05:23 --------- d-----w C:\Program Files\PowerCmd
2008-06-29 15:49 --------- d-----w C:\Program Files\Stardock
2008-06-28 18:16 --------- d-----w C:\Documents and Settings\michael maloney\Application Data\Hamachi
2008-06-28 04:34 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-06-28 04:16 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-19 15:22 --------- d-----w C:\Program Files\ProcessGuard
2008-06-18 01:02 --------- d-----w C:\Program Files\ReaConverter 5.5 Pro
2008-06-17 00:04 --------- d-----w C:\Program Files\wally
2008-06-11 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-11 23:28 --------- d-----w C:\Program Files\Hamachi
2008-06-11 23:27 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-10 01:26 --------- d-----w C:\Documents and Settings\michael maloney\Application Data\Desktopicon
2008-06-09 18:16 --------- d-----w C:\Program Files\poison ivy
2008-06-09 16:35 --------- d-----w C:\Program Files\M3U Creator
2008-06-09 05:57 --------- d-----w C:\Program Files\Lexmark 1400 Series
2008-06-09 00:43 --------- d-----w C:\Program Files\MagicISO
2008-06-06 23:05 --------- d-----w C:\Program Files\Peter
2008-06-05 23:53 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-04 22:00 --------- d-----w C:\Documents and Settings\michael maloney\Application Data\WNR
2008-06-03 19:07 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-03 19:04 --------- d-----w C:\Program Files\Microsoft Games
2008-06-03 18:57 --------- d-----w C:\Program Files\Unlocker
2008-06-03 05:09 --------- d-----w C:\Program Files\Alcohol Soft
2008-06-03 04:52 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}
2008-06-02 19:57 --------- d-----w C:\Documents and Settings\michael maloney\Application Data\Media Player Classic
2008-06-02 19:24 --------- d-----w C:\Program Files\TechSmith
2008-06-02 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-31 03:49 --------- d-----w C:\Program Files\Google
2008-05-27 18:10 --------- d-----w C:\Program Files\Screensaver Factory 4 Enterprise
2008-05-27 18:10 --------- d-----w C:\Documents and Settings\michael maloney\Application Data\Blumentals
2008-05-27 18:08 --------- d-----w C:\Program Files\Screensaver Wonder 4
2008-05-27 18:04 --------- d-----w C:\Program Files\Easy GIF Animator
2008-05-27 06:26 --------- d-----w C:\Documents and Settings\michael maloney\Application Data\ESET
2008-05-27 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-05-27 05:42 --------- d-----w C:\Program Files\Diner Dash 3-in-1
2008-05-26 23:37 --------- d-----w C:\Program Files\GCFScape
2008-05-26 23:30 --------- d-----w C:\Program Files\Valve Hammer Editor
2008-05-26 22:35 --------- d-----w C:\Program Files\Hometown Hero
2008-05-18 11:03 524,288 ----a-w C:\WINDOWS\opuc.dll
.

------- Sigcheck -------

2008-05-18 04:03 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\tcpip.sys

2008-05-10 05:49 2350208 46391325b9159057fffafca37a39a669 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 11:27 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-21 09:16 1271032]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-19 15:59 418632]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 04:30 217544]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 02:39 486856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 22:18 1271808]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-07-23 23:13 267056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 05:00 455168]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-01 21:15 15872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-05 19:40 20480]
"LXDJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 16:21 102400]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"LogonStudio"="C:\Program Files\Stardock\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 11:27 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\michael maloney\Start Menu\Programs\Startup\
Styler.lnk - C:\Documents and Settings\michael maloney\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-05-20 21:47:06 15086]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-05-12 10:49 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 08:21]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
S2 RPCT;Remote Procedure Call (TPM);C:\Program Files\NetMeeting\mstinit.exe [2005-08-12 21:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\autoplay.exe

*Newly Created Service* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{4BFE09E6-C0C4-4F43-9972-EF6747259D82} - C:\WINDOWS\fdkowvbp.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-s9201 - C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
HKLM-Run-RegistryMechanic - (no file)
SSODL-eqvwamkl-{443672E4-528D-47DB-8472-7546576B2ACA} - C:\WINDOWS\eqvwamkl.dll
SSODL-wnslvxtf-{38DDCFE2-044B-4777-B0A3-9A3ED41E3FC2} - C:\WINDOWS\wnslvxtf.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 18:20:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Styler\Styler.exe
.
**************************************************************************
.
Completion time: 2008-07-24 18:24:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 01:24:13

Pre-Run: 126,078,164,992 bytes free
Post-Run: 126,115,942,400 bytes free

243 --- E O F --- 2008-06-11 06:05:53

Edited by mamaloney, 25 July 2008 - 11:10 PM.

  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Recovery Console could be used for Service Pack 2 it is one of the requirements for running Combofix.

We will not be needing it anymore so let's continue.
First uninstall NOD and download one of the below antivirus programs.
These are free.
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
or
Antivir
or
Avast
as long as you only install one.
======================
Then do the following:
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#13
mamaloney

mamaloney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
my os is service pack 3.
  • 0

#14
mamaloney

mamaloney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Malwarebytes' Anti-Malware 1.23
Database version: 994
Windows 5.1.2600 Service Pack 3

9:43:49 AM 7/26/2008
mbam-log-7-26-2008 (09-43-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 81721
Time elapsed: 35 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\fdkowvbp.bgrv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarerefer...=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Deckard\System Scanner\backup\DOCUME~1\MICHAE~1\LOCALS~1\Temp\bindsrv2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\DOCUME~1\MICHAE~1\LOCALS~1\Temp\smchk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\michael maloney\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\eskx.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNecAT.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifgEvVo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{143D1904-49BF-4877-87A1-5812CE21428B}\RP26\A0005692.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{143D1904-49BF-4877-87A1-5812CE21428B}\RP36\A0006153.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#15
mamaloney

mamaloney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Malwarebytes' Anti-Malware 1.23
Database version: 994
Windows 5.1.2600 Service Pack 3

9:43:49 AM 7/26/2008
mbam-log-7-26-2008 (09-43-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 81721
Time elapsed: 35 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\fdkowvbp.bgrv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarerefer...=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Deckard\System Scanner\backup\DOCUME~1\MICHAE~1\LOCALS~1\Temp\bindsrv2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\DOCUME~1\MICHAE~1\LOCALS~1\Temp\smchk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\michael maloney\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\eskx.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNecAT.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifgEvVo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{143D1904-49BF-4877-87A1-5812CE21428B}\RP26\A0005692.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{143D1904-49BF-4877-87A1-5812CE21428B}\RP36\A0006153.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP