Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Virtumonde, Registry Changes Causing Pop Ups

Started by Fahad , Sep 05 2007 07:02 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 Fahad

Fahad

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 05 September 2007 - 07:02 PM

hey i downloaded a p2p software which downloaded this virtumonded popups which is impossible to get rid of, my windows defender finds it and removes it and asks me to restart the pc, but once i restart the computer it comes right back, please help heres my log


Logfile of HijackThis v1.99.1
Scan saved at 8:47:04 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\uxbgyaau.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://host1.telecha...stall/setup.exe
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186323802359
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...ine/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://www.lightspe...lude/msxml4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

    Advertisements

Register to Remove

#2 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 06 September 2007 - 10:46 AM

Hello Fahad :)

Please follow the steps below exactly in the order they are written:

Step #1

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES


Click on this link:
http://www.bleepingcomputer.com/submit-malware.php?channel=29
and fill in the required fields, then Browse for this filename: C:\WINDOWS\system32\uxbgyaau.dll
Click on the Send File button.

Thank you!

Step #2

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
In your next post please include the following reports:
  • VundoFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.


Regards,
SNOWHITE
Posted Image

#3 Fahad

Fahad

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 06 September 2007 - 03:48 PM

hey, the vundofix fixed the buggs, so i cant post a reply for it, but heres the new hijackreport and the dss. report


Logfile of HijackThis v1.99.1
Scan saved at 5:37:52 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5AD26C3C-A2DF-4F3A-9D42-36FB8AF4B7D6} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148} - C:\WINDOWS\system32\awturrq.dll (file missing)
O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - C:\WINDOWS\system32\mbbknfnf.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\uxbgyaau.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://host1.telecha...stall/setup.exe
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186323802359
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...ine/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://www.lightspe...lude/msxml4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe




[DSS REPORT


Deckard's System Scanner v20070905.67
Run by Owner on 2007-09-06 17:38:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2007-09-06 21:38:29 UTC - RP83 - Deckard's System Scanner Restore Point
82: 2007-09-06 01:23:14 UTC - RP82 - Windows Defender Checkpoint
81: 2007-09-06 00:00:17 UTC - RP81 - Windows Defender Checkpoint
80: 2007-09-05 03:35:14 UTC - RP80 - Windows Defender Checkpoint
79: 2007-09-05 03:27:01 UTC - RP79 - Windows Defender Checkpoint


-- First Restore Point --
1: 2007-08-03 22:51:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:38:56 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5AD26C3C-A2DF-4F3A-9D42-36FB8AF4B7D6} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148} - C:\WINDOWS\system32\awturrq.dll (file missing)
O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - C:\WINDOWS\system32\mbbknfnf.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\uxbgyaau.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://host1.telecha...stall/setup.exe
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186323802359
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...ine/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://www.lightspe...lude/msxml4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\106E36D10DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\106E36D10DC00
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-09-06 13:12:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-09-04 22:54:55 352 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-09-04 22:54:55 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-09-01 02:00:00 394 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (OWNER-61A4B3243-Owner).job


-- Files created between 2007-08-06 and 2007-09-06 -----------------------------

2007-09-06 06:06:48 70208 --a------ C:\WINDOWS\system32\mbbknfnf.dll
2007-09-05 22:31:29 90176 --a------ C:\WINDOWS\system32\dmkbrxwe.dll
2007-09-05 22:29:07 70208 --a------ C:\WINDOWS\system32\pnvutsxl.dll
2007-09-05 22:29:06 1901629 ---hs---- C:\WINDOWS\system32\tvvwa.bak1
2007-09-05 20:48:50 70208 --a------ C:\WINDOWS\system32\iepnpqgg.dll
2007-09-05 20:46:30 90176 --a------ C:\WINDOWS\system32\uxbgyaau.dll
2007-09-05 20:46:26 1901669 ---hs---- C:\WINDOWS\system32\lmllm.bak1
2007-09-05 07:07:56 70208 --a------ C:\WINDOWS\system32\dcciyori.dll
2007-09-05 07:05:35 74816 --a------ C:\WINDOWS\system32\miiigbqr.dll
2007-09-05 07:05:33 1901675 ---hs---- C:\WINDOWS\system32\bbeeg.bak2
2007-09-04 23:34:33 74816 --a------ C:\WINDOWS\system32\evjuwnur.dll
2007-09-04 23:34:32 1901635 ---hs---- C:\WINDOWS\system32\rstwa.bak1
2007-09-04 22:55:41 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-09-04 22:55:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-09-04 22:55:38 0 d-------- C:\Program Files\SiteAdvisor
2007-09-04 22:55:38 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-09-04 22:55:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-09-04 22:54:41 0 d-------- C:\Program Files\McAfee
2007-09-04 22:54:29 0 d-------- C:\Program Files\Common Files\McAfee
2007-09-04 22:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-04 22:42:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2007-09-04 07:06:46 70208 --a------ C:\WINDOWS\system32\ctkgkvan.dll
2007-09-04 07:06:45 1901635 ---hs---- C:\WINDOWS\system32\fgjlm.bak1
2007-09-04 06:05:18 70208 --a------ C:\WINDOWS\system32\trfodroi.dll
2007-09-04 06:05:10 1901635 ---hs---- C:\WINDOWS\system32\ycbeg.bak1
2007-09-04 04:55:37 70208 --a------ C:\WINDOWS\system32\fhxxlsxo.dll
2007-09-04 04:55:35 1901675 ---hs---- C:\WINDOWS\system32\ddeeg.bak1
2007-09-03 23:00:24 74816 --a------ C:\WINDOWS\system32\erhhrjcx.dll
2007-09-03 22:58:02 70208 --a------ C:\WINDOWS\system32\ettacuup.dll
2007-09-03 22:58:01 1901635 ---hs---- C:\WINDOWS\system32\jjllm.bak1
2007-09-03 21:50:33 70208 --a------ C:\WINDOWS\system32\pbwrrvct.dll
2007-09-03 21:50:25 1901675 ---hs---- C:\WINDOWS\system32\jlnmp.bak1
2007-09-03 20:36:30 74816 --a------ C:\WINDOWS\system32\lbbixdfs.dll
2007-09-03 20:36:26 70208 --a------ C:\WINDOWS\system32\qnyqcwrn.dll
2007-09-03 20:36:20 1901635 ---hs---- C:\WINDOWS\system32\ijjlm.bak1
2007-09-03 20:05:50 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-03 19:27:11 0 d-------- C:\VundoFix Backups
2007-09-03 19:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-03 17:43:49 70208 --a------ C:\WINDOWS\system32\iakxbwiu.dll
2007-09-03 17:43:48 1901635 ---hs---- C:\WINDOWS\system32\ghkmp.bak1
2007-09-03 17:33:22 0 d-------- C:\Program Files\DIFX
2007-09-03 17:33:18 0 d-------- C:\Program Files\Common Files\ComponentOne
2007-09-03 17:33:15 0 d-------- C:\Program Files\Zune
2007-09-03 17:33:06 0 d-------- C:\a6810c78728d7a3a2b7798b3dbb199
2007-09-03 17:32:37 0 d-------- C:\710884b742176b403701
2007-09-03 17:32:26 0 d-------- C:72158e9b5baf7c68f84c7c0307ae728
2007-09-03 17:20:37 0 d-------- C:\WINDOWS\Performance
2007-09-03 16:14:27 0 d-------- C:\Program Files\Windows Defender
2007-09-03 16:06:42 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-09-03 15:18:22 0 d-------- C:\Program Files\Lavasoft
2007-09-03 14:35:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-09-03 13:45:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-03 03:42:05 70208 --a------ C:\WINDOWS\system32\oxwjcrpp.dll
2007-09-02 15:39:42 1901073 ---hs---- C:\WINDOWS\system32\qtvwa.bak1
2007-09-02 15:34:19 0 d-------- C:\Program Files\LimeWire Turbo Accelerator
2007-08-26 15:11:37 0 d-------- C:\Program Files\Common Files\xing shared
2007-08-24 23:58:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-08-19 22:24:06 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2007-08-19 22:24:06 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-08-19 22:19:43 0 d-------- C:\Program Files\CyberLink
2007-08-19 21:03:11 720896 --a------ C:\WINDOWS\iun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-08-19 21:03:05 0 d-------- C:\Program Files\الموسوعة القرآنية الشاملة
2007-08-19 20:59:27 0 d-------- C:\Program Files\DAEMON Tools
2007-08-19 20:57:29 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-19 12:54:47 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-08-16 09:25:39 0 d-------- C:\Program Files\Skype
2007-08-16 09:25:39 0 d-------- C:\Program Files\Common Files\Skype
2007-08-15 05:47:45 0 d-------- C:\Program Files\MSXML 6.0
2007-08-14 16:39:20 0 d-------- C:\Documents and Settings\Owner\ContentWatch
2007-08-14 16:37:02 0 d-------- C:\Program Files\Evidence-Blaster 2007
2007-08-14 16:33:18 0 d-------- C:\Program Files\WinClear
2007-08-14 16:23:29 0 d-------- C:\Documents and Settings\LocalService\ContentWatch
2007-08-14 16:22:44 2048000 --a------ C:\WINDOWS\system32\python25.dll <Not Verified; Python Software Foundation; Python>
2007-08-14 16:22:43 40960 --a------ C:\WINDOWS\system32\SPORDER.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2007-08-14 16:22:43 11264 --a------ C:\WINDOWS\system32\SPORDER.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2007-08-14 16:22:43 151552 --a------ C:\WINDOWS\system32\libexpat.dll
2007-08-14 16:22:43 336384 --a------ C:\WINDOWS\system32\cwalsp.dll <Not Verified; ContentWatch, Inc.; Alta>
2007-08-14 16:22:43 1789952 --a------ C:\WINDOWS\system32\AltaRecovery.exe
2007-08-14 16:22:42 516096 --a------ C:\WINDOWS\system32\wxmsw28u_xrc_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-08-14 16:22:42 110592 --a------ C:\WINDOWS\system32\wxmsw28u_media_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-08-14 16:22:42 495616 --a------ C:\WINDOWS\system32\wxmsw28u_html_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-08-14 16:22:42 2899968 --a------ C:\WINDOWS\system32\wxmsw28u_core_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-08-14 16:22:42 712704 --a------ C:\WINDOWS\system32\wxmsw28u_adv_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-08-14 16:22:42 135168 --a------ C:\WINDOWS\system32\wxbase28u_xml_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-08-14 16:22:42 1220608 --a------ C:\WINDOWS\system32\wxbase28u_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-08-14 16:22:42 135168 --a------ C:\WINDOWS\system32\wxbase28u_net_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-08-14 16:22:40 0 d-------- C:\Program Files\ContentWatch
2007-08-14 16:22:40 0 d-------- C:\Documents and Settings\All Users\Application Data\ContentWatch
2007-08-08 18:01:36 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-08 18:00:53 0 d-------- C:\WINDOWS\SHELLNEW
2007-08-08 18:00:41 0 d-------- C:\Program Files\Microsoft.NET
2007-08-07 23:26:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-07 19:40:34 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-08-07 19:13:39 0 d-------- C:\Program Files\DivX
2007-08-07 01:31:31 0 d-------- C:\Program Files\Islamasoft Solutions
2007-08-07 01:23:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Paltalk
2007-08-07 01:23:43 0 d-------- C:\WINDOWS\Paltalk Messenger
2007-08-07 01:23:43 0 d-------- C:\Program Files\Paltalk Messenger
2007-08-06 21:52:40 0 d-------- C:\Documents and Settings\Owner\Contacts
2007-08-06 21:50:26 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-06 21:49:59 0 d-------- C:\Program Files\MSN Messenger
2007-08-06 12:03:32 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2007-08-06 12:03:32 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>


-- Find3M Report ---------------------------------------------------------------

2007-09-06 10:27:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-09-06 09:08:24 0 d-------- C:\Program Files\Blackwood
2007-09-06 09:08:06 0 d-------- C:\Program Files\eSignal
2007-09-04 23:28:59 0 d-------- C:\Program Files\McAfee.com
2007-09-04 22:54:29 0 d-------- C:\Program Files\Common Files
2007-09-03 18:57:21 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2007-08-26 15:11:31 0 d-------- C:\Program Files\Common Files\Real
2007-08-19 22:20:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-15 17:20:29 0 d-------- C:\Program Files\LightSpeed
2007-08-07 12:40:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-08-06 14:53:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2007-08-06 12:04:59 0 d--h----- C:\Program Files\Creative Installation Information
2007-08-06 12:01:19 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-08-06 12:01:19 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2007-08-05 21:53:00 0 d-------- C:\Program Files\uTorrent
2007-08-05 13:54:03 0 d-------- C:\Program Files\Creative
2007-08-05 13:53:55 0 d-------- C:\Program Files\Common Files\Creative
2007-08-05 12:15:10 0 d-------- C:\Program Files\MSI
2007-08-05 10:27:12 0 d-------- C:\Program Files\Trade-Ideas
2007-08-05 10:24:25 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-05 05:44:23 0 d-------- C:\Program Files\Winamp
2007-08-05 05:42:34 0 d-------- C:\Program Files\Real
2007-08-05 00:53:21 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-08-04 20:37:22 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-04 20:12:56 0 d-------- C:\Program Files\MSXML 4.0
2007-08-04 19:51:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Logitech
2007-08-04 19:49:53 0 d-------- C:\Program Files\Common Files\Logitech
2007-08-04 19:49:49 0 d-------- C:\Program Files\Logitech
2007-08-04 19:23:50 0 d-------- C:\Program Files\Hewlett-Packard
2007-08-04 19:22:59 0 d-------- C:\Program Files\Hp
2007-08-04 18:39:47 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-08-04 18:39:29 0 d-------- C:\Program Files\AIM6
2007-08-04 18:39:23 0 d-------- C:\Program Files\Viewpoint
2007-08-04 18:38:46 0 d-------- C:\Program Files\Common Files\AOL
2007-08-04 18:38:37 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-04 18:18:28 0 d-------- C:\Program Files\TeleChart
2007-08-04 17:49:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-08-04 17:36:34 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-04 17:17:31 0 d-------- C:\Program Files\OpenOffice.org 2.1
2007-08-04 17:11:46 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2007-07-31 16:20:12 0 d-------- C:\Program Files\Messenger
2007-07-31 15:59:45 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-31 15:59:44 0 d-------- C:\Program Files\Nero
2007-07-31 15:56:56 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-07-31 15:52:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-07-31 15:51:53 0 d-------- C:\Program Files\QuickTime
2007-07-31 15:50:42 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-31 15:44:34 0 d-------- C:\Program Files\Java
2007-07-31 15:44:24 0 d-------- C:\Program Files\Common Files\Java
2007-07-31 15:44:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2007-07-31 13:51:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-07-31 13:50:00 0 d-------- C:\Program Files\microsoft frontpage
2007-07-31 13:49:51 0 -rahs---- C:\MSDOS.SYS
2007-07-31 13:49:51 0 -rahs---- C:\IO.SYS
2007-07-31 13:49:51 0 --a------ C:\CONFIG.SYS
2007-07-31 13:49:51 0 --a------ C:\AUTOEXEC.BAT
2007-07-31 13:49:04 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-31 13:48:28 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-31 13:48:21 0 d-------- C:\Program Files\Movie Maker
2007-07-31 13:47:55 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-31 13:47:24 0 d-------- C:\Program Files\Online Services
2007-07-31 13:47:18 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-31 13:47:12 0 d-------- C:\Program Files\Windows NT
2007-07-31 09:44:05 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-31 09:44:03 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-31 09:43:46 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2007-07-26 19:06:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-26 19:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-26 19:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 19:03:38 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 19:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AD26C3C-A2DF-4F3A-9D42-36FB8AF4B7D6}]
C:\WINDOWS\system32\geeby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148}]
C:\WINDOWS\system32\awturrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64F0381-0053-4842-B3E5-08F6C4A0AEB6}]
09/06/2007 06:06 AM 70208 --a------ C:\WINDOWS\system32\mbbknfnf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]
"nwiz"="nwiz.exe" [06/29/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [07/22/2005 11:25 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [07/22/2005 11:25 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [05/20/2005 02:46 PM C:\WINDOWS\KHALMNPR.Exe]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [08/26/2007 03:11 PM]
"SPIRun"="SPIRun.dll" [11/29/2006 06:35 AM C:\WINDOWS\system32\spirun.dll]
"CTAPR2"="C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [02/15/2007 04:39 PM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [02/28/2007 05:50 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"cwcptray"="C:\Program Files\ContentWatch\Internet Protection\cwtray.exe" [05/30/2007 09:40 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/08/2007 10:26 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [01/08/2007 10:17 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/26/2007 03:11 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [03/14/2007 05:03 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6028\SiteAdv.exe" [02/08/2007 10:39 PM]
"FolderView"="C:\WINDOWS\system32\uxbgyaau.dll" [09/05/2007 08:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [08/16/2007 07:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [8/4/2007 7:49:51 PM]
PalStart.lnk - C:\Program Files\Paltalk Messenger\palstart.exe [5/3/2007 6:35:48 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148}"= C:\WINDOWS\system32\awturrq.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c49c4f-3f6b-11dc-b6ac-806d6172696f}]




-- End of Deckard's System Scanner: finished at 2007-09-06 17:39:59 ------------




Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU @ 2.40GHz
CPU 1: Intel® Core™2 Quad CPU @ 2.40GHz
CPU 2: Intel® Core™2 Quad CPU @ 2.40GHz
CPU 3: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2047.28 MiB / 1367.27 MiB
Pagefile Memory (total/avail): 3939.52 MiB / 3475.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.31 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 121.99 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\eSignal\\winros.exe"="C:\\Program Files\\eSignal\\winros.exe:*:Enabled:eSignal Data Manager"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\LightSpeed\\LightSpeed.exe"="C:\\Program Files\\LightSpeed\\LightSpeed.exe:*:Enabled:LightSpeed"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAHAD
ComSpec=C:\WINDOWS\system32\cmd.exe
CWALTAHOME=C:\Program Files\ContentWatch
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\FAHAD
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f07
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=FAHAD
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
الموسعة القرآنية الشاملة --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\الموسوعة القرآنية الشاملة\irunin.ini"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Blackwood Pro --> MsiExec.exe /I{6097B596-D767-4D96-89E1-BE5CE5B1E237}
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eSignal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03EA3D6E-D92B-11D0-892B-00A0C91827B3}\setup.exe" -uninst
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.015\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 3740 --> msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
HP Driver Diagnostics --> MsiExec.exe /I{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LightSpeed Professional 5.0.101 --> MsiExec.exe /X{DEA8FA92-54A0-4F08-35E4-BC05B3D7A6F0}
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials --> MsiExec.exe /I{F17F7703-1E72-40C1-A0DD-E5B365661033}
Net Nanny Parental Controls 5.6 --> "C:\Program Files\ContentWatch\Internet Protection\ContentProtect\Home\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Paltalk Messenger --> "C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}\SETUP.EXE" -l0x9 /remove
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeleChart 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F899627-1EA1-484D-91EA-7B22C05358DB}\setup.exe" -l0x9 -removeonly
The Athan Software Version 1.0 --> "C:\Program Files\Islamasoft Solutions\The Athan Software\unins000.exe"
The Hadith Software Version 1.0 --> "C:\Program Files\Islamasoft Solutions\The Hadith Software\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0) --> rundll32.exe C:\PROGRA~1\DIFX\F78795BBB376EE09\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\Zune_C6317AD6BF989B5AA21DD2422BEA915EC068CA80\Zune.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{86BB059D-1231-457B-B88F-F9B315A18F90}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zune --> MsiExec.exe /X{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}


-- Application Event Log -------------------------------------------------------

Event Record #/Type588 / Error
Event Submitted/Written: 09/06/2007 00:22:53 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application HijackThis.exe, version 1.99.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type587 / Error
Event Submitted/Written: 09/06/2007 00:22:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 1.99.0.1, faulting module geeby.dll, version 0.0.0.0, fault address 0x000abf93.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type583 / Error
Event Submitted/Written: 09/06/2007 10:31:24 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type582 / Error
Event Submitted/Written: 09/06/2007 10:27:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type581 / Error
Event Submitted/Written: 09/06/2007 10:27:32 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16512, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5522 / Warning
Event Submitted/Written: 09/06/2007 05:39:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%FAHAD27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FAHAD27 can't undo changes that you allow.

For more information please see the following:
%FAHAD275

Scan ID: {86B6BF54-6201-4CC7-A773-C4E5BD294773}

User: FAHAD\Owner

Name: %FAHAD271

ID: %FAHAD272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %FAHAD276

Alert Type: %FAHAD278

Detection Type: 1.1.1593.02

Event Record #/Type5521 / Warning
Event Submitted/Written: 09/06/2007 05:39:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%FAHAD27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FAHAD27 can't undo changes that you allow.

For more information please see the following:
%FAHAD275

Scan ID: {2C5B6FEE-1066-4363-A3E9-7C9F707566CA}

User: FAHAD\Owner

Name: %FAHAD271

ID: %FAHAD272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %FAHAD276

Alert Type: %FAHAD278

Detection Type: 1.1.1593.02

Event Record #/Type5497 / Error
Event Submitted/Written: 09/06/2007 01:09:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1055" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type5496 / Error
Event Submitted/Written: 09/06/2007 01:09:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1055" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type5495 / Warning
Event Submitted/Written: 09/06/2007 01:09:31 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%FAHAD27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FAHAD27 can't undo changes that you allow.

For more information please see the following:
%FAHAD275

Scan ID: {A3BDC3E3-805D-476E-9F28-65F154134DD8}

User: FAHAD\Owner

Name: %FAHAD271

ID: %FAHAD272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %FAHAD276

Alert Type: %FAHAD278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2007-09-06 17:39:59 ------------

#4 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 06 September 2007 - 04:11 PM

Hi Fahad, please follow these steps:

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply also fresh HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Regards,
SNOWHITE
Posted Image

#5 Fahad

Fahad

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 06 September 2007 - 04:24 PM

ComboFix 07-08-30.3 - "Owner" 2007-09-06 18:12:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1372 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ctkgkvan.dll
C:\WINDOWS\system32\dcciyori.dll
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\dmkbrxwe.dll
C:\WINDOWS\system32\ettacuup.dll
C:\WINDOWS\system32\ewxrbkmd.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fhxxlsxo.dll
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.tmp
C:\WINDOWS\system32\iakxbwiu.dll
C:\WINDOWS\system32\iepnpqgg.dll
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\mbbknfnf.dll
C:\WINDOWS\system32\oxwjcrpp.dll
C:\WINDOWS\system32\pbwrrvct.dll
C:\WINDOWS\system32\pnvutsxl.dll
C:\WINDOWS\system32\qnyqcwrn.dll
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\trfodroi.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\uaaygbxu.ini
C:\WINDOWS\system32\uxbgyaau.dll
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini


((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))


2007-09-06 18:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-06 17:00 <DIR> d-------- C:\Deckard
2007-09-05 07:05 74,816 --a------ C:\WINDOWS\system32\miiigbqr.dll
2007-09-05 07:05 1,901,675 ---hs---- C:\WINDOWS\system32\bbeeg.bak2
2007-09-04 23:34 74,816 --a------ C:\WINDOWS\system32\evjuwnur.dll
2007-09-04 22:55 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-04 22:55 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-04 22:55 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-04 22:55 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-04 22:55 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-04 22:55 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-04 22:55 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-04 22:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SiteAdvisor
2007-09-04 22:55 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-04 22:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-04 22:54 <DIR> d-------- C:\Program Files\McAfee
2007-09-04 22:54 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-04 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-04 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Protexis
2007-09-03 23:00 74,816 --a------ C:\WINDOWS\system32\erhhrjcx.dll
2007-09-03 20:36 74,816 --a------ C:\WINDOWS\system32\lbbixdfs.dll
2007-09-03 20:05 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-03 19:27 <DIR> d-------- C:\VundoFix Backups
2007-09-03 17:33 <DIR> d-------- C:\Program Files\Zune
2007-09-03 17:33 <DIR> d-------- C:\Program Files\DIFX
2007-09-03 17:33 <DIR> d-------- C:\Program Files\Common Files\ComponentOne
2007-09-03 17:33 <DIR> d-------- C:\a6810c78728d7a3a2b7798b3dbb199
2007-09-03 17:32 <DIR> d-------- C:\710884b742176b403701
2007-09-03 17:32 <DIR> d-------- C:72158e9b5baf7c68f84c7c0307ae728
2007-09-03 17:20 <DIR> d-------- C:\WINDOWS\Performance
2007-09-03 16:14 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-03 15:18 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-03 14:35 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-09-03 13:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-03 13:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-02 15:34 <DIR> d-------- C:\Program Files\LimeWire Turbo Accelerator
2007-08-26 15:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-08-24 23:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-08-19 22:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CyberLink
2007-08-19 22:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-19 22:19 <DIR> d-------- C:\Program Files\CyberLink
2007-08-19 21:03 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-08-19 21:03 <DIR> C:\Program Files\€ a‘O‘Uگ € _¥A„،گ € O€a گ
2007-08-19 20:59 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-08-19 20:57 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-19 12:54 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-08-16 09:25 <DIR> d-------- C:\Program Files\Skype
2007-08-16 09:25 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-15 05:47 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-14 16:39 <DIR> d-------- C:\DOCUME~1\Owner\ContentWatch
2007-08-14 16:37 <DIR> d-------- C:\Program Files\Evidence-Blaster 2007
2007-08-14 16:33 <DIR> d-------- C:\Program Files\WinClear
2007-08-14 16:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\ContentWatch
2007-08-14 16:22 <DIR> d-------- C:\Program Files\ContentWatch
2007-08-14 16:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ContentWatch
2007-08-08 18:02 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-08-08 18:01 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-08 18:00 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-08 18:00 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-07 23:26 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-08-07 19:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-08-07 19:13 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-07 19:13 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-08-07 19:13 <DIR> d-------- C:\Program Files\DivX
2007-08-07 01:31 <DIR> d-------- C:\Program Files\Islamasoft Solutions
2007-08-07 01:23 <DIR> d-------- C:\WINDOWS\Paltalk Messenger
2007-08-07 01:23 <DIR> d-------- C:\Program Files\Paltalk Messenger
2007-08-07 01:23 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Paltalk
2007-08-06 21:52 <DIR> d-------- C:\DOCUME~1\Owner\Contacts
2007-08-06 21:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-06 21:49 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-06 12:03 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-08-06 12:03 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-06 10:27 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-09-06 09:08 --------- d-------- C:\Program Files\eSignal
2007-09-06 09:08 --------- d-------- C:\Program Files\Blackwood
2007-09-04 23:28 --------- d-------- C:\Program Files\McAfee.com
2007-09-04 23:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-09-03 18:57 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-08-26 15:11 --------- d-------- C:\Program Files\Common Files\Real
2007-08-19 22:20 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-16 09:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-08-15 17:20 --------- d-------- C:\Program Files\LightSpeed
2007-08-06 14:53 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Creative
2007-08-06 12:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-08-06 12:04 --------- d--h----- C:\Program Files\Creative Installation Information
2007-08-06 12:01 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-08-06 12:01 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-08-05 21:53 --------- d-------- C:\Program Files\uTorrent
2007-08-05 13:54 --------- d-------- C:\Program Files\Creative
2007-08-05 13:53 --------- d-------- C:\Program Files\Common Files\Creative
2007-08-05 12:15 --------- d-------- C:\Program Files\MSI
2007-08-05 10:27 --------- d-------- C:\Program Files\Trade-Ideas
2007-08-05 10:24 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-05 05:44 --------- d-------- C:\Program Files\Winamp
2007-08-05 05:42 --------- d-------- C:\Program Files\Real
2007-08-05 00:53 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\U3
2007-08-04 20:37 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-04 20:12 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-04 19:51 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Logitech
2007-08-04 19:49 --------- d-------- C:\Program Files\Logitech
2007-08-04 19:49 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-04 19:23 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-04 19:22 --------- d-------- C:\Program Files\Hp
2007-08-04 18:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MCAAF.tmp
2007-08-04 18:39 --------- d-------- C:\Program Files\Viewpoint
2007-08-04 18:39 --------- d-------- C:\Program Files\AIM6
2007-08-04 18:39 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
2007-08-04 18:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-04 18:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-08-04 18:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-04 18:38 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-04 18:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-08-04 18:18 --------- d-------- C:\Program Files\TeleChart
2007-08-04 17:36 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-04 17:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
2007-08-04 17:17 --------- d-------- C:\Program Files\OpenOffice.org 2.1
2007-08-04 17:11 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2
2007-08-04 15:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-03 18:51 --------- d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\McAfee.com Personal Firewall
2007-08-01 08:10 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-31 15:59 --------- d-------- C:\Program Files\Nero
2007-07-31 15:59 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-31 15:56 --------- d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-07-31 15:52 --------- d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Real
2007-07-31 15:52 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Real
2007-07-31 15:51 --------- d-------- C:\Program Files\QuickTime
2007-07-31 15:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-31 15:13 --------- d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Creative
2007-07-31 13:50 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 19:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-26 19:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 19:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-26 19:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 19:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 19:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 19:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-26 19:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 19:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-26 19:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 19:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-26 19:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-26 19:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AD26C3C-A2DF-4F3A-9D42-36FB8AF4B7D6}]
C:\WINDOWS\system32\geeby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148}]
C:\WINDOWS\system32\awturrq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2005-07-22 23:25]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-07-22 23:25]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2007-08-26 15:11]
"SPIRun"="SPIRun.dll" [2006-11-29 06:35 C:\WINDOWS\system32\spirun.dll]
"CTAPR2"="C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 16:39]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 17:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"cwcptray"="C:\Program Files\ContentWatch\Internet Protection\cwtray.exe" [2007-05-30 09:40]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-26 15:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 17:03]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6028\SiteAdv.exe" [2007-02-08 22:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 07:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148}"= C:\WINDOWS\system32\awturrq.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 Si3531;SiI-3531 SATA Controller;C:\WINDOWS\system32\DRIVERS\Si3531.sys
R2 CwAltaService20;ContentWatch;C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\t3.sys
R3 t3filt;t3filt;C:\WINDOWS\system32\drivers\t3filt.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c49c4f-3f6b-11dc-b6ac-806d6172696f}]


Contents of the 'Scheduled Tasks' folder
2007-09-01 06:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (OWNER-61A4B3243-Owner).job - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
2007-09-05 02:54:55 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-05 02:54:55 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-06 22:14:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 18:15:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 18:16:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-06 18:16

--- E O F ---






Logfile of HijackThis v1.99.1
Scan saved at 6:21:21 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5AD26C3C-A2DF-4F3A-9D42-36FB8AF4B7D6} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148} - C:\WINDOWS\system32\awturrq.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://host1.telecha...stall/setup.exe
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186323802359
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...ine/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://www.lightspe...lude/msxml4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

#6 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 06 September 2007 - 08:28 PM

Hello,

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\miiigbqr.dll
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\evjuwnur.dll
C:\WINDOWS\system32\erhhrjcx.dll
C:\WINDOWS\system32\lbbixdfs.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AD26C3C-A2DF-4F3A-9D42-36FB8AF4B7D6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148}]
[-HKEY_CLASSES_ROOT\CLSID\{C1ADC5ED-FB26-4770-AFE5-BD3A7EB5C148}]
[-HKEY_CLASSES_ROOT\CLSID\{5AD26C3C-A2DF-4F3A-9D42-36FB8AF4B7D6}]


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Step #2

Do you recognize this program: الموسعة القرآنية الشاملة
and this folder:
C:\Program Files\€ a‘O‘Uگ € _¥A„،گ € O€a گ

If not then let me know in your next post please.

The next files are looking suspicious, so upload them at VirusTotal and post the results back here:

1. Go to this website: www.virustotal.com
2. Upload this file by copy/pasting (Ctrl+C/Ctrl+V) it in to the file box: C:\WINDOWS\system32\libexpat.dll
3. Submit the file and copy/paste the results back into this thread.
4. Repeat the same instructions for the next files too:C:\WINDOWS\system32\AltaRecovery.exe
Step #3

- Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • - Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

If you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ew...ic.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> Posted Image double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

- Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

- Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

In your next post please include the following reports:
  • ComboFix report
  • VirusTotal scan reports
  • AVG Anti-Spyware report
Let me know about that program and the folder.

Regards,

Edited by SNOWHITE, 06 September 2007 - 08:30 PM.

SNOWHITE
Posted Image

#7 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 17 September 2007 - 06:34 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
SNOWHITE
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·