Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

   
 
 Closed TopicStart new topic
> [Resolved] Cannot get rid of Virtuemonde, malware removal
giappino
post Jul 23 2008, 04:15 AM
Post #1


New Member
*

Group: New Member
Posts: 5
Joined: 23-July 08
Member No.: 80,447
Operating System: Windows XP Professional
Can you please help me to get rid of Virtuemonde? I have read through many forums and nothing I've learned from there has worked. I have run Spybot S&D and it reports the problem fixed but it is not. I also run Avast 4.8 professional and it deletes several files but still no solution. The problems I'm experiencing are primarily popups and I cannot use Windows Update or Windows Malicious Software Removal Tool.

I have a HijackThis log and C:\vundofix.txt below.

I just ran VundoFix and it indicates no files were found, here are the contents of C:\vundofix.txt:

[color="#FF0000"]VundoFix V7.0.5

Scan started at 6:20:39 PM 5/06/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.6

Scan started at 3:19:05 AM 23/07/2008

Listing files found while scanning....

C:\Windows\system32\dcwrosct.dll
C:\Windows\system32\ewgtiscr.dll
C:\Windows\system32\rcsitgwe.ini
C:\Windows\system32\yfhijk.dll

Beginning removal...

Attempting to delete C:\Windows\system32\dcwrosct.dll
C:\Windows\system32\dcwrosct.dll Has been deleted!

Attempting to delete C:\Windows\system32\ewgtiscr.dll
C:\Windows\system32\ewgtiscr.dll Has been deleted!

Attempting to delete C:\Windows\system32\rcsitgwe.ini
C:\Windows\system32\rcsitgwe.ini Has been deleted!

Attempting to delete C:\Windows\system32\yfhijk.dll
C:\Windows\system32\yfhijk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V7.0.6

Scan started at 4:51:42 AM 23/07/2008

Listing files found while scanning....

No infected files were found.


Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 05:08:14, on 23/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\garage\Desktop\VundoFix.exe
C:\Program Files\Hijackthis\HijackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: RSS Feeds Toolbar - {4A5BE5EE-CFAD-11D9-8FAD-0007E9AA247E} - C:\Program Files\RSS Feeds Toolbar\RSS.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: (no name) - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [cc576071] rundll32.exe "C:\WINDOWS\system32\ewgtiscr.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://mr.lodge.de/java/IpixViewer.jar
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: kvxqmtre - {41020F9E-A81F-4EF7-B963-4E613076117E} - (no file)
O21 - SSODL: evgratsm - {4391844C-C20A-4306-84D5-E3BAD9FE7948} - C:\WINDOWS\evgratsm.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

Thank you for any help you can provide!
Go to the top of the page
 
+Quote Post
Rorschach112
post Jul 23 2008, 06:13 AM
Post #2


SuperMember
*****

Group: Visiting Teacher
Posts: 2,100
Joined: 29-September 07
Member No.: 73,164
Operating System: Windows XP
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to the top of the page
 
+Quote Post
giappino
post Jul 23 2008, 09:04 AM
Post #3


New Member
*

Group: New Member
Posts: 5
Joined: 23-July 08
Member No.: 80,447
Operating System: Windows XP Professional
Thank you for your reply! I have the information from both programs.

1) SDfix report.txt:


SDFix: Version 1.207
Run by garage on Wed 23/07/2008 at 09:50

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

disk not found C:\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ćTorrent"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Sun 27 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Sun 27 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Sun 27 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 9 Jun 2008 54 A..H. --- "C:\WINDOWS\system32\t3zgarage.sys"
Wed 2 Jul 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 22 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 12 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Mon 2 Jun 2008 0 ...H. --- "C:\Documents and Settings\garage\Application Data\Microsoft\Word\~WRL3012.tmp"

Finished!



2) Deckard's System Scanner main.txt and extra.txt respectively:

Deckard's System Scanner v20071014.68
Run by garage on 2008-07-23 09:55:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-07-23 14:55:16 UTC - RP164 - Deckard's System Scanner Restore Point
66: 2008-07-23 13:47:23 UTC - RP163 - Installed Windows Live installer
65: 2008-07-23 13:33:43 UTC - RP162 - Removed Microsoft Visual C++ 2005 Redistributable
64: 2008-07-23 13:33:09 UTC - RP161 - Removed Microsoft Silverlight
63: 2008-07-23 13:32:05 UTC - RP160 - Removed Windows Live Toolbar


-- First Restore Point --
1: 2008-07-23 13:28:31 UTC - RP98 - Installed Partition Manager 9.0 Professional


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as garage.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-23 09:55:46
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Documents and Settings\garage\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {EF71354C-A649-42B2-9E6C-F4A14118404E} - C:\WINDOWS\system32\ssqQhgHX.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/4.../OGAControl.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} () - http://mr.lodge.de/java/IpixViewer.jar
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe


--
End of file - 7762 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080723-064900-394 O4 - HKLM\..\Run: [cc576071] rundll32.exe "C:\WINDOWS\system32\ewgtiscr.dll",b

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R2 UltraMonUtility (UltraMon Utility Driver) - c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys <Not Verified; Realtime Soft; UltraMon>
R3 AR5211 (Belkin Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys <Not Verified; Realtime Soft; UltraMon>

S4 sptd - c:\windows\system32\drivers\sptd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&51
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\44B03D60C3A0
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\44B03D60C3A0
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&90
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&90
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-23 02:30:12 424 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0FB465F2-F88C-4E9F-9EA2-58D61C4C6135}.job


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 09:49:26 0 d-------- C:\WINDOWS\ERUNT
2008-07-23 07:55:45 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-23 07:08:34 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-23 07:08:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-23 07:08:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-23 07:08:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 07:08:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-23 07:08:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-23 07:08:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-23 07:08:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-23 06:52:38 0 d-------- C:\Documents and Settings\garage\Application Data\Malwarebytes
2008-07-23 06:52:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-23 06:52:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 03:42:11 3270 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 03:19:05 0 d-------- C:\VundoFix Backups
2008-07-22 22:17:30 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-22 22:00:04 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-22 21:49:45 323648 -----n--- C:\WINDOWS\system32\ssqQhgHX.dll
2008-07-22 21:48:49 0 d-------- C:\Documents and Settings\garage\Application Data\Babylon
2008-07-22 21:48:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-07-22 01:08:05 0 d-------- C:\Documents and Settings\garage\Application Data\MozillaControl
2008-07-22 01:01:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Fenrir & Co
2008-07-22 01:00:13 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-07-22 00:59:02 0 d-------- C:\Program Files\Fenrir & Co
2008-07-22 00:31:49 0 d-------- C:\Documents and Settings\garage\Application Data\PCF-VLC
2008-07-22 00:22:18 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-07-21 15:51:15 0 d-------- C:\Documents and Settings\garage\Application Data\PCF-VLC(2)
2008-07-19 02:48:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-19 02:48:08 0 d-------- C:\Program Files\Mozilla Firefox(2)
2008-07-18 22:37:45 7012352 --a------ C:\Documents and Settings\garage\ntuser.dat
2008-07-17 21:46:23 0 d-------- C:\Program Files\UltraMon
2008-07-17 21:46:23 0 d-------- C:\Program Files\Common Files\Realtime Soft
2008-07-17 21:46:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-07-13 00:56:02 0 d-------- C:\Program Files\IntelliWebSearch
2008-07-09 22:32:50 0 d-------- C:\Documents and Settings\garage\Application Data\Google
2008-07-09 21:45:35 0 d-------- C:\Program Files\Adobe Media Player
2008-07-09 21:45:31 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-09 21:43:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-06 22:49:37 0 d-------- C:\Program Files\Rainbow Technologies
2008-07-06 21:13:35 0 d-------- C:\Program Files\7-Zip
2008-07-06 21:11:13 0 d-------- C:\Documents and Settings\garage\Application Data\gtk-2.0
2008-07-06 21:10:42 0 d-------- C:\Documents and Settings\garage\.thumbnails
2008-07-06 21:00:21 0 d-------- C:\Program Files\Eltima Software
2008-07-06 20:41:00 0 d-------- C:\Documents and Settings\garage\.gimp-2.4
2008-07-06 20:40:36 0 d-------- C:\Program Files\GIMP-2.0
2008-07-06 20:35:43 0 d-------- C:\Program Files\Notepad++
2008-07-06 20:35:43 0 d-------- C:\Documents and Settings\garage\Application Data\Notepad++
2008-07-06 02:14:32 0 d-------- C:\Documents and Settings\garage\Application Data\Shareaza
2008-07-03 23:56:30 0 d-------- C:\Program Files\Acronis
2008-07-03 23:56:29 0 d-------- C:\Program Files\Common Files\Acronis
2008-07-03 23:50:46 0 d-------- C:\Program Files\Acronis Disk Director Suite 10 build 2160
2008-07-03 22:54:48 0 d-------- C:\Partition holding zone
2008-07-03 17:37:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-03 08:25:03 0 d-------- C:\Program Files\eXpress CheckSum Calculator
2008-07-03 07:57:41 0 d-------- C:\Program Files\MSECACHE
2008-07-01 00:55:19 0 d-------- C:\Documents and Settings\garage\Application Data\Realtime Soft
2008-06-29 23:48:37 0 d-------- C:\Program Files\PowerQuest
2008-06-29 22:49:58 0 d-------- C:\Program Files\MSBuild
2008-06-29 22:49:54 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-29 22:49:49 0 d-------- C:\Program Files\Reference Assemblies
2008-06-29 22:14:12 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2008-06-29 22:10:48 0 d-------- C:\Program Files\PowerQuest(2)
2008-06-26 02:58:23 0 d-ah----- C:\VB
2008-06-24 18:02:23 0 d-------- C:\WINDOWS\ie8updates


-- Find3M Report ---------------------------------------------------------------

2008-07-23 09:20:30 0 d-------- C:\Program Files\Common Files
2008-07-23 09:18:23 0 d-------- C:\Documents and Settings\garage\Application Data\StumbleUpon
2008-07-23 08:32:22 0 d-------- C:\Program Files\Windows Live Toolbar
2008-07-23 07:59:15 0 d-------- C:\Documents and Settings\garage\Application Data\uTorrent
2008-07-23 03:10:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-22 05:34:11 1 --a------ C:\Documents and Settings\garage\Application Data\Lion.schleinzer.df
2008-07-19 02:48:47 0 d-------- C:\Program Files\Soulseek
2008-07-19 02:48:17 0 d-------- C:\Documents and Settings\garage\Application Data\Mozilla
2008-07-11 00:13:38 0 d-------- C:\Program Files\IEPro
2008-07-10 12:19:51 0 d-------- C:\Program Files\Google
2008-07-09 21:45:40 0 d-------- C:\Documents and Settings\garage\Application Data\Adobe
2008-06-26 01:37:48 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-06-21 22:57:12 0 d-------- C:\Program Files\UNILEX
2008-06-21 22:56:11 0 d-------- C:\Documents and Settings\garage\Application Data\InstallShield
2008-06-21 22:40:33 0 d-------- C:\Program Files\HERA
2008-06-21 22:38:03 0 d-------- C:\Program Files\Schaefer
2008-06-21 22:34:40 0 d-------- C:\Program Files\Zahn
2008-06-21 22:32:28 0 d-------- C:\Program Files\Zahn Data
2008-06-20 19:01:22 0 d-------- C:\Program Files\uTorrent
2008-06-18 14:08:53 0 d-------- C:\Program Files\Microsoft Works
2008-06-18 13:41:09 0 d-------- C:\Program Files\Common Files\L&H
2008-06-18 13:40:56 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 13:39:49 0 d-------- C:\Program Files\Microsoft.NET
2008-06-18 11:23:16 0 d-------- C:\Documents and Settings\garage\Application Data\Kybtec Software
2008-06-18 11:16:45 0 d-------- C:\Documents and Settings\garage\Application Data\MipKukSoft
2008-06-18 11:08:14 0 d-------- C:\Program Files\BitComet
2008-06-10 23:05:19 22144 --a------ C:\Documents and Settings\garage\Application Data\GDIPFONTCACHEV1.DAT
2008-06-09 09:45:47 54 --ah----- C:\WINDOWS\system32\t3zgarage.sys
2008-06-09 09:45:33 0 d-------- C:\Program Files\AIT
2008-06-09 09:43:26 0 d-------- C:\Documents and Settings\garage\Application Data\MiniDm
2008-06-07 03:56:04 0 d-------- C:\Documents and Settings\garage\Application Data\IEPro
2008-06-06 08:17:28 0 d-------- C:\Documents and Settings\garage\Application Data\Participatory Culture Foundation
2008-06-06 08:16:56 0 d-------- C:\Program Files\Participatory Culture Foundation
2008-06-05 08:47:35 0 d-------- C:\Documents and Settings\garage\Application Data\Acronis
2008-06-05 08:35:43 0 d-------- C:\Program Files\Free Download Manager
2008-06-05 06:37:32 0 d-------- C:\Program Files\Movie Maker
2008-06-05 06:36:31 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-05 06:36:31 72166 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-06-05 06:36:31 5372 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-05 06:08:42 0 d-------- C:\Program Files\StumbleUpon
2008-06-05 05:20:49 0 d-------- C:\Program Files\Messenger
2008-06-05 05:19:04 0 d-------- C:\Program Files\Windows NT
2008-06-05 03:45:28 0 d-------- C:\Program Files\Alwil Software
2008-06-05 02:28:30 0 d-------- C:\Program Files\Conduit
2008-06-05 02:27:42 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-05 01:55:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-05 01:40:15 0 d-------- C:\Documents and Settings\garage\Application Data\SUPERAntiSpyware.com
2008-06-04 13:52:07 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-06-04 13:51:30 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-04 03:03:07 0 d-------- C:\Program Files\Sidebar
2008-05-30 22:49:54 0 d-------- C:\Program Files\LucasArts
2008-05-28 15:01:29 0 d-------- C:\Program Files\Motorola Phone Tools
2008-05-28 15:00:50 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-05-28 14:54:02 0 d-------- C:\Program Files\MSXML 4.0
2008-05-27 18:32:27 0 d-------- C:\Program Files\Langenscheidt
2008-05-26 12:18:37 0 d-------- C:\Program Files\Babylon
2008-05-25 16:17:10 0 d-------- C:\Program Files\Prey
2008-05-25 01:24:28 0 d-------- C:\Documents and Settings\garage\Application Data\Diodia
2008-05-25 01:24:22 0 d-------- C:\Program Files\RSS Feeds Toolbar
2008-05-21 03:23:10 62 --ahs---- C:\Documents and Settings\garage\Application Data\desktop.ini
2008-05-20 17:57:38 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-20 17:40:56 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-20 17:29:54 0 -rahs---- C:\MSDOS.SYS
2008-05-20 17:29:54 0 -rahs---- C:\IO.SYS
2008-05-20 17:29:54 0 --a------ C:\CONFIG.SYS
2008-05-20 17:29:54 0 --a------ C:\AUTOEXEC.BAT
2008-05-20 17:27:48 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF71354C-A649-42B2-9E6C-F4A14118404E}]
22/07/2008 21:49 323648 --------- C:\WINDOWS\system32\ssqQhgHX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [30/01/2007 21:54 C:\WINDOWS\RTHDCPL.exe]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [22/01/2007 02:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [26/12/2007 17:35]
"nwiz"="nwiz.exe" [26/12/2007 17:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [26/12/2007 17:35]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 16:22]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [22/02/2007 19:53]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [30/10/2007 20:06]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [30/10/2007 20:11]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [30/10/2007 20:07]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [12/10/2006 21:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [13/04/2008 19:12]

C:\Documents and Settings\garage\Start Menu\Programs\Startup\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [1/06/2005 2:41:18 PM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [21/05/2006 2:43:08 AM]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [21/05/2006 2:43:14 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [12/02/2001 10:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc576071]
rundll32.exe "C:\WINDOWS\system32\iwcpmiyh.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliWebSearch]
C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-07-23 09:56:01 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2046.46 MiB / 1595.73 MiB
Pagefile Memory (total/avail): 3938.55 MiB / 3604.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.58 MiB

C: is Fixed (NTFS) - 102.04 GiB total, 54.68 GiB free.
D: is CDROM (No Media)
F: is Fixed (NTFS) - 5.35 GiB total, 5.32 GiB free.
O: is Fixed (NTFS) - 20.35 GiB total, 20.25 GiB free.
P: is Fixed (NTFS) - 10.27 GiB total, 10.18 GiB free.
R: is Fixed (NTFS) - 20.21 GiB total, 20.14 GiB free.
T: is Fixed (NTFS) - 8.27 GiB total, 7.83 GiB free.
U: is Fixed (NTFS) - 66.4 GiB total, 66.22 GiB free.

\\.\PHYSICALDRIVE0 - ST3250410AS - 232.88 GiB - 7 partitions
\PARTITION0 (bootable) - Installable File System - 102.04 GiB
\PARTITION1 - Extended Partition - 130.85 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\garage\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GIAPPINO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\garage
LOGONSERVER=\\GIAPPINO
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\garage\LOCALS~1\Temp
TMP=C:\DOCUME~1\garage\LOCALS~1\Temp
ULTRAMON_LANGDIR=C:\Program Files\UltraMon\Resources\en
USERDOMAIN=GIAPPINO
USERNAME=garage
USERPROFILE=C:\Documents and Settings\garage
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

garage (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Color Picker --> "C:\Program Files\Eltima Software\Absolute Color Picker\uninstall Absolute Color Picker\unins000.exe"
Acolada UniLex --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\UNILEX\ColUxuninst.isu"
Acolada UniLex Update 09.2007 --> C:\Program Files\InstallShield Installation Information\{48BF6E09-26D8-473D-BE6B-95B4E3499001}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Acronis Disk Director Suite 10 build 2160 --> C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
Acronis Disk Director Suite --> MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Acronis True Image Home --> MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player --> msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BECKLex Dietl/Lorenz --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\UNILEX\DLUxuninst.isu"
Brandstetter EP UniLex --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\UNILEX\EEUninst.isu"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
e-Dictionaries --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}\setup.exe" anythinganything
GIMP 2.4.6 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
HP Scan-to-Web Wizard --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Scan-To-Web.isu"
Hyperbook --> C:\WINDOWS\unin0407.exe -f"C:\Program Files\Schaefer\Hyperbook4\DeIsL1.isu" -c"C:\Program Files\Schaefer\Hyperbook4\_ISREG32.DLL"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Miro - Deutsche Welle Player --> C:\Program Files\Participatory Culture Foundation\Miro\uninstall.exe
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Prey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
retroDIC2002 --> C:\WINDOWS\unin0407.exe -f"C:\Program Files\HERA\retroDIC2002\DeIsL1.isu" -c"C:\Program Files\HERA\retroDIC2002\_ISREG32.DLL"
RSS Feeds Toolbar --> C:\WINDOWS\system32\msinfhlp.exe ;uninstall; ;C:\Program Files\RSS Feeds Toolbar\RSS Feeds Toolbar.dat;
Sentinel System Driver 5.41.1 (32-bit) --> MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StumbleUpon IE Toolbar --> C:\Program Files\StumbleUpon\uninstall.exe
Translation Office 3000, Version 9.0 --> "C:\Program Files\AIT\Translation Office 3000 Version 9.0\unins000.exe"
UltraMon --> MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type16476 / Warning
Event Submitted/Written: 07/21/2008 03:54:44 PM
Event ID/Source: 2006 / LoadPerf
Event Description:
LastCounter and LastHelp values of performance registry is corrupted and
needs to be updated. The first and second DWORDs in Data Section are the
original values while the third and forth DWORDs in Data Section are the
updated new values.

Event Record #/Type16474 / Error
Event Submitted/Written: 07/17/2008 02:49:50 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : WINWORD: Shared heap exhausted or damaged, process ID 9e0, total alloc:3c208...

Event Record #/Type16473 / Error
Event Submitted/Written: 07/17/2008 00:36:53 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 736876844.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type16472 / Error
Event Submitted/Written: 07/16/2008 02:32:54 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : OUTLOOK: Shared heap exhausted or damaged, process ID 3f0, total alloc:3c848...

Event Record #/Type16471 / Error
Event Submitted/Written: 07/16/2008 02:32:54 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : OUTLOOK: Shared heap exhausted or damaged, process ID 3f0, total alloc:3c848...



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5378 / Warning
Event Submitted/Written: 07/23/2008 09:52:33 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0012176C2DAD. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5374 / Error
Event Submitted/Written: 07/23/2008 09:49:08 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type5373 / Error
Event Submitted/Written: 07/23/2008 09:49:03 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type5372 / Error
Event Submitted/Written: 07/23/2008 09:48:50 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
aswSP
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type5371 / Error
Event Submitted/Written: 07/23/2008 09:48:50 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-23 09:56:01 ------------

Thanks for your help
Go to the top of the page
 
+Quote Post
Rorschach112
post Jul 23 2008, 11:19 AM
Post #4


SuperMember
*****

Group: Visiting Teacher
Posts: 2,100
Joined: 29-September 07
Member No.: 73,164
Operating System: Windows XP
Hello

Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.



  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\system32\t3zgarage.sys

  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    [kill explorer]
    C:\WINDOWS\system32\ssqQhgHX.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc576071
    C:\WINDOWS\system32\iwcpmiyh.dll
    purity
    EmptyTemp
    [start explorer]

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Also post a new DSS log
Go to the top of the page
 
+Quote Post
giappino
post Jul 23 2008, 06:58 PM
Post #5


New Member
*

Group: New Member
Posts: 5
Joined: 23-July 08
Member No.: 80,447
Operating System: Windows XP Professional
Here is

1) VirScan.txt:

VirSCAN.org Scanned Report :
Scanned time : 2008/07/23 15:23:19 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : t3zgarage.sys
File Size : 54 byte
File Type : ASCII text, with CRLF line terminators
MD5 : d2525bd3ffa97859bd97ae131cdd63fb
SHA1 : edb0c8b1867694c960e0cdae05159fea7d68b8f7
Online report : http://virscan.org/report/067bd2ed4bb8e353...f52b3d6ecf.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.22 2008-07-22 2.33 -
AhnLab V3 2008.07.24.00 2008.07.24 2008-07-24 0.84 -
AntiVir 7.8.1.11 7.0.5.159 2008-07-23 2.11 -
Arcavir 1.0.5 200807231811 2008-07-23 1.16 -
AVAST! 3.0.1 080723-0 2008-07-23 0.65 -
AVG 7.5.51.442 270.5.5/1569 2008-07-23 1.48 -
BitDefender 7.60825.1383267 7.20165 2008-07-24 2.58 -
CA (VET) 9.0.0.143 31.6.5976 2008-07-23 0.57 -
ClamAV 0.93.3 7800 2008-07-24 0.00 -
Comodo 2.11 2.0.0.594 2008-07-23 0.40 -
CP Secure 1.1.0.715 2008.07.24 2008-07-24 5.35 -
Dr.Web 4.44.0.9170 2008.07.23 2008-07-23 2.99 -
ewido 4.0.0.2 2008.07.23 2008-07-23 2.35 -
F-Prot 4.4.4.56 20080722 2008-07-22 0.96 -
F-Secure 5.51.6100 2008.07.23.08 2008-07-23 0.03 -
Fortinet 2.81-3.11 9.349 2008-07-23 1.61 -
ViRobot 20080723 2008.07.23 2008-07-23 0.41 -
Ikarus T3.1.01.34 2008.07.23.71146 2008-07-23 3.35 -
JiangMin 11.0.706 2008.07.23 2008-07-23 1.12 -
Kaspersky 5.5.10 2008.07.23 2008-07-23 0.02 -
KingSoft 2008.1.14.15 2008.7.23.17 2008-07-23 0.64 -
McAfee 5.2.00 5344 2008-07-22 2.10 -
Microsoft 1.3704 2008.07.23 2008-07-23 4.50 -
mks_vir 2.01 2008.07.23 2008-07-23 2.40 -
Norman 5.93.01 5.93.00 2008-07-23 4.53 -
Panda 9.05.01 2008.07.23 2008-07-23 1.89 -
Trend Micro 8.700-1004 5.426.05 2008-07-23 0.02 -
Quick Heal 9.50 2008.07.22 2008-07-22 1.54 -
Rising 20.0 20.54.22.00 2008-07-23 0.23 -
Sophos 2.75.4 4.31 2008-07-24 1.85 -
Sunbelt 3.1.1536.1 2156 2008-07-18 0.38 -
Symantec 1.3.0.24 20080723.009 2008-07-23 0.20 -
nProtect 2008-07-23.01 1697661 2008-07-23 3.10 -
The Hacker 6.2.96 v00387 2008-07-22 0.37 -
VBA32 3.12.8.1 20080723.1000 2008-07-23 1.09 -
VirusBuster 4.5.11.10 10.82.20/596404 2008-07-23 0.77 -


2) OTMoveIt2 log:


Explorer killed successfully
File/Folder C:\WINDOWS\system32\ssqQhgHX.dll not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc576071 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc576071\\ not found.
File/Folder C:\WINDOWS\system32\iwcpmiyh.dll not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\garage\LOCALS~1\Temp\~DF123C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\garage\LOCALS~1\Temp\~DF830A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_195145

Files moved on Reboot...
File C:\DOCUME~1\garage\LOCALS~1\Temp\~DF123C.tmp not found!
File C:\DOCUME~1\garage\LOCALS~1\Temp\~DF830A.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat not found!


3) DSS main.txt:

Deckard's System Scanner v20071014.68
Run by garage on 2008-07-23 19:57:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as garage.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-23 19:57:52
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\garage\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.live.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EF71354C-A649-42B2-9E6C-F4A14118404E} - C:\WINDOWS\system32\ssqQhgHX.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: RSS Feeds Toolbar - {4A5BE5EE-CFAD-11D9-8FAD-0007E9AA247E} - C:\Program Files\RSS Feeds Toolbar\RSS.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/4.../OGAControl.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} () - http://mr.lodge.de/java/IpixViewer.jar
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -