Righty then
Here is the sdfix one..
SDFix: Version 1.208 Run by Beckett on 27/07/2008 at 10:30
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Beckett\Desktop\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\EODA.EXE - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk - Deleted
C:\Documents and Settings\Beckett\Local Settings\Temp\ubi5.tmp.exe - Deleted
C:\Documents and Settings\Beckett\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk - Deleted
C:\Documents and Settings\Beckett\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Beckett\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Beckett\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Beckett\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Beckett\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Beckett\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\Program Files\Antivirus 2008 PRO\vscan.tsi - Deleted
C:\Program Files\Antivirus 2008 PRO\zlib.dll - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.tt7C.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.tt8B.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.tt8D.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.tt90.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.tt92.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.tt95.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.tt97.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.tt9F.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.ttA1.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.ttA4.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.ttA6.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.ttA9.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.ttAB.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.ttB3.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\.ttB5.tmp - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\dssc32.exe.bat - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\scksexde.exe.bat - Deleted
C:\WINDOWS\nfavxwdblwf.dll - Deleted
C:\Documents and Settings\Beckett\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\removalfile.bat - Deleted
C:\DOCUME~1\Beckett\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\WINDOWS\eqvwamkl.dll - Deleted
C:\WINDOWS\fdkowvbp.dll - Deleted
C:\WINDOWS\grswptdl.exe - Deleted
C:\WINDOWS\system32\WinCtrl32.dl_ - Deleted
C:\WINDOWS\wnslvxtf.dll - Deleted
Could Not Remove C:\WINDOWS\system32\WinCtrl32.dll
Folder C:\Documents and Settings\Beckett\Start Menu\Programs\Antivirus 2008 PRO - Removed
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 - Removed
Folder C:\Program Files\Antivirus 2008 PRO - Removed
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-27 10:33:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e5,4e,72,38,e5,dd,1c,c2,37,65,54,a7,5a,ba,e2,ce,48,11,5f,e3,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,41,c8,fb,9a,fe,c6,4c,0c,f1,e7,54,2e,9f,05,26,8d,87,..
"khjeh"=hex:4c,f2,f1,b2,8a,e9,01,f1,1b,85,e8,bc,e8,0f,f5,16,98,03,e5,4b,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,03,00,e8,18,41,00,82,96,a6,55,f8,ff,ff,ff,b8,2e,41,00,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cd,9f,f2,f4,e9,58,43,b2,fc,ad,77,3d,15,9b,46,ee,f0,57,e9,62,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:92db3548
"s2"=dword:8bdbfc63
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:89,a0,5a,1a,67,8c,60,f6,ff,24,5e,ee,38,80,f3,be,b6,b4,ed,b9,a8,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:43,85,64,7b,dc,41,a7,62,a4,81,3c,55,cb,18,f7,66,e5,ef,65,e8,8a,..
"a0"=hex:20,01,00,00,7f,63,1a,32,44,90,67,c0,13,7e,6f,06,41,c0,57,10,e1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b0,c0,23,b2,d0,24,7b,d6,b5,d8,fd,39,62,ab,a4,60,5a,45,ba,b8,bb,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d9,fa,6a,90,9e,03,c9,7f,83,63,c2,36,b9,0c,00,1e,4b,62,dd,01,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:89,a0,5a,1a,67,8c,60,f6,ff,24,5e,ee,38,80,f3,be,b6,b4,ed,b9,a8,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:43,85,64,7b,dc,41,a7,62,a4,81,3c,55,cb,18,f7,66,e5,ef,65,e8,8a,..
"a0"=hex:20,01,00,00,7f,63,1a,32,44,90,67,c0,13,7e,6f,06,41,c0,57,10,e1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b0,c0,23,b2,d0,24,7b,d6,b5,d8,fd,39,62,ab,a4,60,5a,45,ba,b8,bb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d9,fa,6a,90,9e,03,c9,7f,83,63,c2,36,b9,0c,00,1e,4b,62,dd,01,b4,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\planetsidee\\LaunchPad.exe"="D:\\planetsidee\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Genesis Rising Beta\\bin\\GenesisRisingBeta.exe"="D:\\Genesis Rising Beta\\bin\\GenesisRisingBeta.exe:*:Enabled:GenesisRisingBeta"
"D:\\BFME2\\game.dat"="D:\\BFME2\\game.dat:*:Enabled:The Battle for Middle-earth II"
"D:\\batts4midds\\game.dat"="D:\\batts4midds\\game.dat:*:Enabled:The Battle for Middle-earth II"
"D:\\battle2\\game.dat"="D:\\battle2\\game.dat:*:Enabled:The Battle for Middle-earth II"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\mir2\\Mir2Patch.exe"="D:\\mir2\\Mir2Patch.exe:*:Enabled:Mir2Patch"
"D:\\SupremeCommander\\Supreme Commander\\bin\\SupremeCommander.exe"="D:\\SupremeCommander\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"D:\\SupremeCommander\\GPGNet\\GPG.Multiplayer.Client.exe"="D:\\SupremeCommander\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"D:\\TitanQuest\\Titan Quest.exe"="D:\\TitanQuest\\Titan Quest.exe:*:Enabled:Titan Quest"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\2142demo\\BF2142.exe"="D:\\2142demo\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\settlers6\\base\\bin\\Settlers6.exe"="D:\\settlers6\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"D:\\uaw\\UAWEA.exe"="D:\\uaw\\UAWEA.exe:*:Enabled:Universe at War Earth Assault"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
C:\WINDOWS\system32\WinCtrl32.dll Found
File Backups: - C:\DOCUME~1\Beckett\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 26 Jul 2008 279 A.SHR --- "C:\BOOT.BAK"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT1.tmp"
Tue 29 Jan 2008 165,232 A..H. --- "C:\Documents and Settings\Beckett\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"
Finished!Smitfraud report is as follows....
SmitFraudFix v2.331
Scan done at 10:36:16.32, 27/07/2008
Run from C:\Documents and Settings\Beckett\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Beckett\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Beckett
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Beckett\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Beckett\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Virtual Machine Network Services Driver
DNS Server Search Order: 192.168.11.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B2E6124-E42C-4DB1-BD31-9FA1DE4AF6A2}: DhcpNameServer=192.168.11.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B2E6124-E42C-4DB1-BD31-9FA1DE4AF6A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3B2E6124-E42C-4DB1-BD31-9FA1DE4AF6A2}: DhcpNameServer=192.168.11.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B2E6124-E42C-4DB1-BD31-9FA1DE4AF6A2}: DhcpNameServer=192.168.11.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.11.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.11.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.11.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Deckards reports are as follows...
Main.txt..
Deckard's System Scanner v20071014.68
Run by Beckett on 2008-07-27 10:38:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
47: 2008-07-27 09:38:21 UTC - RP374 - Deckard's System Scanner Restore Point
46: 2008-07-26 14:37:02 UTC - RP373 - Software Distribution Service 3.0
45: 2008-07-26 09:21:52 UTC - RP372 - Restore Operation
44: 2008-07-26 08:05:41 UTC - RP371 - Last known good configuration
43: 2008-07-26 08:04:21 UTC - RP370 - System Checkpoint
-- First Restore Point --
1: 2008-07-26 08:02:26 UTC - RP328 - Removed 9Dragons.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Beckett.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:12, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Beckett\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Beckett.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.sweetim.comO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {543F50E5-816B-492D-A71A-2EDA501A0C6C} - C:\WINDOWS\system32\jkkIYoME.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [lphc7hfj0e7bv] C:\WINDOWS\system32\lphc7hfj0e7bv.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RSDLUpdater.exe.lnk = C:\WINDOWS\explorer.exe
O8 - Extra context menu item: &Search -
http://edits.mywebse...?p=ZJxdm172YYGBO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewi...oOnlineScan.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfar...etup1.0.1.0.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www1.snapfish...shUKActivia.cabO16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) -
http://www.antivirus...irusremover.dllO16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -
http://update.videoe...ggPublisher.exeO20 - Winlogon Notify: ljJBsSLB - ljJBsSLB.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6148 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Winou16 - c:\windows\system32\drivers\winou16.sys
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 atitray - c:\program files\ray adams\ati tray tools\atitray.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 catchme - c:\docume~1\beckett\locals~1\temp\catchme.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 npkcrypt - d:\lineage 2 c6\system\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 npkcusb - d:\lineage\system\npkcusb.sys (file missing)
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {FEB8D079-0681-11D4-9531-0060089ABC08}
Description: Accessories Interface
Device ID: ROOT\USB\0000
Manufacturer: Motorola Inc
Name: Accessories Interface
PNP Device ID: ROOT\USB\0000
Service: P2k
Class GUID: {FEB8D079-0681-11D4-9531-0060089ABC08}
Description: Accessories Interface
Device ID: ROOT\USB\0001
Manufacturer: Motorola Inc
Name: Accessories Interface
PNP Device ID: ROOT\USB\0001
Service: P2k
-- Scheduled Tasks -------------------------------------------------------------
2008-07-26 17:37:06 1550 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
2008-06-22 07:11:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-27 and 2008-07-27 -----------------------------
2008-07-27 10:36:20 2012 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-27 10:36:01 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-27 10:36:01 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-27 10:36:00 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-27 10:36:00 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-27 10:36:00 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-27 10:36:00 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-07-27 10:36:00 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-27 10:36:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-27 10:32:32 16384 -----n--- C:\WINDOWS\system32\WinCtrl32.dll
2008-07-27 10:28:31 0 d-------- C:\WINDOWS\ERUNT
2008-07-27 09:38:03 0 d-------- C:\Program Files\Trend Micro
2008-07-27 04:28:34 0 d-------- C:\Program Files\rhc3hfj0e7bv
2008-07-27 04:27:21 35328 --a------ C:\WINDOWS\system32\lphc7hfj0e7bv.exe
2008-07-26 22:41:17 0 d-------- C:\VundoFix Backups
2008-07-26 19:23:36 0 d-------- C:\Documents and Settings\Beckett\Application Data\True Sword
2008-07-26 19:20:05 0 d-------- C:\Program Files\True Sword 4
2008-07-26 17:37:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-26 17:35:26 0 d-------- C:\Documents and Settings\Beckett\Application Data\Webroot
2008-07-26 17:35:25 0 d-------- C:\Program Files\Webroot
2008-07-26 17:35:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-26 17:20:05 164 --a------ C:\install.dat
2008-07-26 11:54:36 0 d-------- C:\$WIN_NT$.~BT
2008-07-26 11:25:12 0 d-------- C:\Documents and Settings\Beckett\.housecall6.6
2008-07-26 10:29:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-26 10:00:50 0 d-------- C:\Program Files\Enigma Software Group
2008-07-26 09:53:41 0 d-------- C:\Program Files\Common Files\PC Tools
2008-07-26 09:09:28 0 dr-h----- C:\$VAULT$.AVG
2008-07-26 09:04:37 4698112 --a------ C:\Documents and Settings\Beckett\ntuser.dat
2008-07-26 09:04:35 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-26 09:02:09 231873 --ahs---- C:\WINDOWS\system32\EMoYIkkj.ini2
2008-07-26 08:56:08 0 d-------- C:\Documents and Settings\Beckett\Application Data\TmpRecentIcons
2008-07-25 17:30:01 0 d-------- C:\Program Files\Driving Test HPT Express
2008-07-25 17:25:53 32768 --a------ C:\WINDOWS\system32\REGTOOL5.DLL <Not Verified; Microsoft Corporation; Registry Access Functions>
2008-07-25 17:25:42 0 d-------- C:\Program Files\Driving Theory Test Express
2008-07-09 17:38:59 0 d-------- C:\WINDOWS\system32\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-07-27 09:37:46 0 d-------- C:\Program Files\Spyware Doctor
2008-07-27 02:50:31 0 d-------- C:\Documents and Settings\Beckett\Application Data\AVG7
2008-07-26 19:12:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-26 15:48:34 0 d-------- C:\Program Files\Norton Security Scan
2008-07-26 10:30:00 0 d-------- C:\Program Files\Google
2008-07-26 09:53:41 0 d-------- C:\Program Files\Common Files
2008-07-19 20:37:19 0 d-------- C:\Program Files\LimeWire
2008-07-15 17:35:26 0 d-------- C:\Documents and Settings\Beckett\Application Data\Adobe
2008-05-29 19:36:46 0 d-------- C:\Program Files\Apex
2008-05-29 19:20:53 0 d-------- C:\Program Files\Boilsoft AVI Converter
2008-05-29 19:02:16 0 d-------- C:\Program Files\ImTOO
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{543F50E5-816B-492D-A71A-2EDA501A0C6C}]
C:\WINDOWS\system32\jkkIYoME.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [23/11/2005 15:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [31/08/2007 13:01]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 19:49]
"lphc7hfj0e7bv"="C:\WINDOWS\system32\lphc7hfj0e7bv.exe" [27/07/2008 04:27]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [04/01/2008 20:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/07/2008 10:30]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RSDLUpdater.exe.lnk - C:\WINDOWS\explorer.exe [04/08/2004 13:00:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{040BA7F9-CDC9-4F2A-BAFD-5B13501B2DAD}"= C:\WINDOWS\system32\ljJBsSLB.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBsSLB]
ljJBsSLB.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 27/07/2008 10:32 16384 C:\WINDOWS\system32\WinCtrl32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkIYoME
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winou16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
"C:\Program Files\Kontiki\KHost.exe" -all
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
"C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools\daemon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe -all
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"C:\Program Files\ASUS\Ai Booster\OverClk.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\system32\LXSUPMON.EXE RUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"LexBceS"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
-- End of Deckard's System Scanner: finished at 2008-07-27 10:39:52 ------------
Extra.txt is as follows......
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 Processor 3800+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1023.48 MiB / 563.61 MiB
Pagefile Memory (total/avail): 2461.23 MiB / 2044.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.11 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 97.65 GiB total, 87.27 GiB free.
D: is Fixed (NTFS) - 195.32 GiB total, 58.31 GiB free.
E: is Fixed (NTFS) - 174.55 GiB total, 145.53 GiB free.
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - NVIDIA STRIPE 467.52G - 467.52 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 97.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 369.87 GiB - D: - E:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Spy Sweeper with AntiVirus v5.5.7.124 (Webroot Software Inc)
DisabledAV: AVG 7.5.516 v7.5.516 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\planetsidee\\LaunchPad.exe"="D:\\planetsidee\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Genesis Rising Beta\\bin\\GenesisRisingBeta.exe"="D:\\Genesis Rising Beta\\bin\\GenesisRisingBeta.exe:*:Enabled:GenesisRisingBeta"
"D:\\BFME2\\game.dat"="D:\\BFME2\\game.dat:*:Enabled:The Battle for Middle-earth II"
"D:\\batts4midds\\game.dat"="D:\\batts4midds\\game.dat:*:Enabled:The Battle for Middle-earth II"
"D:\\battle2\\game.dat"="D:\\battle2\\game.dat:*:Enabled:The Battle for Middle-earth II"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\mir2\\Mir2Patch.exe"="D:\\mir2\\Mir2Patch.exe:*:Enabled:Mir2Patch"
"D:\\SupremeCommander\\Supreme Commander\\bin\\SupremeCommander.exe"="D:\\SupremeCommander\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"D:\\SupremeCommander\\GPGNet\\GPG.Multiplayer.Client.exe"="D:\\SupremeCommander\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"D:\\TitanQuest\\Titan Quest.exe"="D:\\TitanQuest\\Titan Quest.exe:*:Enabled:Titan Quest"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\2142demo\\BF2142.exe"="D:\\2142demo\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\settlers6\\base\\bin\\Settlers6.exe"="D:\\settlers6\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"D:\\uaw\\UAWEA.exe"="D:\\uaw\\UAWEA.exe:*:Enabled:Universe at War Earth Assault"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Beckett\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BECK
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Beckett
LOGONSERVER=\\BECK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Beckett\LOCALS~1\Temp
TMP=C:\DOCUME~1\Beckett\LOCALS~1\Temp
USERDOMAIN=BECK
USERNAME=Beckett
USERPROFILE=C:\Documents and Settings\Beckett
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Beckett
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
ABBYY FineReader 4.0 Sprint --> C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Ai Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\setup.exe" -l0x9
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apex Video to MP3 WMA WAV Converter Free 4.25 --> "C:\Program Files\Apex\Apex Video to MP3 WMA WAV Converter Free\unins000.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Archlord --> "D:\Archlord\unins000.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Battlefield 2142 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD347316-609E-4149-983C-84B40338D38A}\setup.exe" -l0x9 -removeonly
Biosfear --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B51834E4-95D2-4E8D-B45F-F94F36F8CAD2}\Setup.exe" -l0x9
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Boilosft AVI to VCD SVCD DVD Converter 3.61 --> "C:\Program Files\Boilsoft AVI Converter\unins000.exe"
Catz (remove only) --> "D:\Catz!\Catz\uninstall.exe" 1033
Crush'Em 2.0 --> C:\WINDOWS\Crush'Em 2.0\UNWISE.EXE C:\WINDOWS\Crush'Em 2.0