Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Any Help Appreciated


  • This topic is locked This topic is locked
17 replies to this topic

#1 Sonofzzoro

Sonofzzoro

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 04 May 2008 - 12:29 PM

Hello - Below is a scan of my system. Within the last few days, whenever I goole a site, then try to follow the link, I am redirected to an advertising site ( for things like spyware removal, games, etc.... ). If anyone can provide any thoughts as to whatI can try, I would be very thankful.


Logfile of HijackThis v1.99.1
Scan saved at 2:10:21 PM, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.142.143.116:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [djtxclylfrln] C:\WINDOWS\system32\djtxclylfrln.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [181709fb] rundll32.exe "C:\WINDOWS\system32\wneovtpx.dll",b
O4 - HKLM\..\Run: [BM1b243a67] Rundll32.exe "C:\WINDOWS\system32\vysiesly.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pootwoot.spac...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://flyingmonkeys...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...ploader_v10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe" "C:\Program Files\Icecast2 Win32 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Just for an example, when I posted the above message, another window opened up for a poker site.


FYI.... if this helps.

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 06 May 2008 - 03:52 AM

Hi Sonofzzoro,

Your computer appears to be configured to use a web proxy located in Spain, are you aware of this and is this intentional?


Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
ASAP & UNITE Member

#3 Sonofzzoro

Sonofzzoro

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 06 May 2008 - 03:21 PM

Hi Silver ... Thanks very much for the reply. First off I did not know that I am using a web proxy in SPAIN... Canada Here. Second I now cannot get into the whatthetech.com site. In fact... any web help site I have tried the system will not let me get into.... This included downloading the dss.exe file. I am using my wifes computer to reply to you message. It's a MAC so I have tried getting the DSS.exe file here and transferring it to my PC but it will not run. I will work on it until I get it working then will post the results. Pleas have patience with me, I REALLY do need your help. Also if this helps... I have ran the spybot search & destroy a few times and I keep getting a set of files called virtumonde.dll which i would assume is a virtual world driver, hence perhaps the web proxy in Spain. I have been able to remove this once and my computer seemed to work OK for a few hours... then back to the carp**. Might be nothing but wanted you to know. Again I will post the results as soon as I can get them to you. Thanks once again. John

#4 Sonofzzoro

Sonofzzoro

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 06 May 2008 - 05:44 PM

Hi Again Silver,


I got back into my computer by deleting everything through spybot search and destroy. I downloaded dss.exe and ran the program. Below are the results. After I did this, I could not get back into this website to the forums on my computer (I am using my wife's computer - she's so smart - she bought a Mac...). ps. this is John's wife. I let him use my computer once but twice is pushing it. The first one is main.txt and the second one is extra.txt.




Deckard's System Scanner v20071014.68

Run by Owner on 2008-05-06 18:19:06

Computer is in Normal Mode.

--------------------------------------------------------------------------------



-- System Restore --------------------------------------------------------------



Successfully created a Deckard's System Scanner Restore Point.





-- Last 5 Restore Point(s) --

102: 2008-05-06 22:19:15 UTC - RP814 - Deckard's System Scanner Restore Point

101: 2008-05-06 21:37:41 UTC - RP813 - System Checkpoint

100: 2008-05-05 20:23:22 UTC - RP812 - System Checkpoint

99: 2008-05-04 13:47:55 UTC - RP811 - System Checkpoint

98: 2008-05-02 22:25:49 UTC - RP810 - Restore Operation





-- First Restore Point --

1: 2008-04-27 20:19:58 UTC - RP713 - System Checkpoint





Backed up registry hives.

Performed disk cleanup.







-- HijackThis (run as Owner.exe) -----------------------------------------------



Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------





Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-05-06 18:25:43

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16640)

Boot mode: Normal



Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\ehome\ehRecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Icecast2 Win32\icecastService.exe

C:\Program Files\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

C:\Program Files\McAfee\VirusScan\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\McAfee\VirusScan\mcsysmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\zHotkey.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Roxio\Media Experience\DMXLauncher.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\GamingSquared\Gaming2\G2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\dss.exe

C:\Program Files\Hijackthis\Owner.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft...amp;ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.142.143.116:8080

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: (no name) - {09116201-E672-4491-89FB-8EDB7B0C080F} - C:\WINDOWS\system32\vtUmNDVl.dll (file missing)

O2 - BHO: (no name) - {171CC304-9483-4B85-8E97-4D52CCB34D56} - (no file)

O2 - BHO: (no name) - {179B2570-D559-4626-95A7-7178D7BD6C28} - C:\WINDOWS\system32\cbXRHyaX.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: {2b26ef01-c6fb-1f4b-6cb4-a7cf0c9fbfe6} - {6efbf9c0-fc7a-4bc6-b4f1-bf6c10fe62b2} - C:\WINDOWS\system32\eemruwpk.dll

O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsv415.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C8F78BF7-99EF-4AE1-A844-D46EB375511A} - C:\WINDOWS\system32\rqRHwTJA.dll

O2 - BHO: (no name) - {F066FF9A-CCFD-45A9-82AB-FEF5986F9B9A} - C:\WINDOWS\system32\ddcYoOeD.dll (file missing)

O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\mlJBRKdE.dll

O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [djtxclylfrln] C:\WINDOWS\system32\djtxclylfrln.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [181709fb] rundll32.exe "C:\WINDOWS\system32\qrixbraq.dll",b

O4 - HKLM\..\Run: [BM1b243a67] Rundll32.exe "C:\WINDOWS\system32\wtavermm.dll",s

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pootwoot.spac...ad/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://flyingmonkeys...ad/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...ploader_v10.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter: text/html - - (no file)

O20 - Winlogon Notify: mlJBRKdE - C:\WINDOWS\system32\mlJBRKdE.dll

O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe





--

End of file - 20790 bytes



-- File Associations -----------------------------------------------------------



.js - JSFile - DefaultIcon - "C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\Adobe Dreamweaver CS3\Dreamweaver.exe",7

.js - JSFile - shell\open\command - "C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"





-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------



R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>



S3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>





-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------



R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

R2 Icecast (Icecast Media Server) - "c:\program files\icecast2 win32\icecastservice.exe" "c:\program files\icecast2 win32"



S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>





-- Device Manager: Disabled ----------------------------------------------------



No disabled devices found.





-- Scheduled Tasks -------------------------------------------------------------



2008-05-06 18:00:04 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

2008-04-25 15:00:13 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job

2008-04-15 02:05:04 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job

2008-01-01 02:07:20 332 --a------ C:\WINDOWS\Tasks\McQcTask.job

2005-12-29 15:35:03 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job





-- Files created between 2008-04-06 and 2008-05-06 -----------------------------



2008-05-06 18:18:41 108608 --a------ C:\WINDOWS\system32\eemruwpk.dll

2008-05-06 18:15:45 2112 --a------ C:\WINDOWS\system32\fglliycv.exe

2008-05-06 18:12:41 96832 --a------ C:\WINDOWS\system32\qrixbraq.dll

2008-05-06 18:10:55 104512 --a------ C:\WINDOWS\system32\wtavermm.dll

2008-05-06 18:09:40 189653 --ahs---- C:\WINDOWS\system32\AJTwHRqr.ini2

2008-05-06 18:09:36 281600 --a------ C:\WINDOWS\system32\rqRHwTJA.dll

2008-05-05 20:49:51 192068 --ahs---- C:\WINDOWS\system32\lVDNmUtv.ini2

2008-05-05 20:48:20 1695 --a------ C:\WINDOWS\system32\clbinit.dll

2008-05-05 16:01:27 190572 --ahs---- C:\WINDOWS\system32\DeOoYcdd.ini2

2008-05-04 15:52:01 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-04 15:52:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-01 22:53:38 13369344 --a------ C:\Documents and Settings\Owner.YOUR-0D0035AA17\ntuser.dat

2008-04-28 16:03:57 1695 --a------ C:\WINDOWS\system32\clbcfg.dat

2008-04-27 16:19:48 313529 --ahs---- C:\WINDOWS\system32\XayHRXbc.ini2

2008-04-27 16:17:43 43520 --a------ C:\WINDOWS\system32\mlJDturQ.dll

2008-04-27 16:17:42 39936 --a------ C:\WINDOWS\system32\fccAroLD.dll

2008-04-27 16:15:09 35328 --a------ C:\WINDOWS\system32\clbdll.dll

2008-04-27 16:14:42 43520 --a------ C:\WINDOWS\system32\ssqOHbBu.dll

2008-04-27 16:14:36 39936 --a------ C:\WINDOWS\system32\mlJBRKdE.dll

2008-04-25 20:51:17 0 d-------- C:\Program Files\PhotoFiltre

2008-04-07 13:14:55 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\mIRC

2008-04-07 13:14:53 0 d-------- C:\Program Files\mIRC





-- Find3M Report ---------------------------------------------------------------



2008-05-06 18:20:45 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\DNA

2008-05-05 15:56:19 0 d-------- C:\Program Files\McAfee

2008-05-03 21:29:17 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-05-03 12:53:50 0 d-------- C:\Program Files\Norton Security Scan

2008-05-02 19:50:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\SiteAdvisor

2008-05-02 18:26:53 0 d-------- C:\Program Files\Windows Live

2008-05-01 22:55:48 0 d-------- C:\Program Files\2D and 3D Animator

2008-04-30 19:19:03 0 d-------- C:\Program Files\The Learning Company <THELEA~1>

2008-04-30 19:13:22 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-04-29 16:46:00 0 d-------- C:\Program Files\Cheat Engine

2008-04-29 16:07:30 256 --a------ C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\urlredir.cfg

2008-04-26 01:54:01 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\uTorrent

2008-04-25 11:20:24 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Adobe

2008-04-25 11:17:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-25 09:25:15 0 d-------- C:\Program Files\SwiftKit

2008-04-23 15:55:05 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\BitTorrent

2008-04-06 18:16:14 0 d-------- C:\Program Files\Java

2008-04-05 15:09:35 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\LimeWire

2008-04-05 08:24:59 0 d-------- C:\Program Files\Google

2008-04-01 17:30:08 0 d-------- C:\Program Files\GamingSquared

2008-04-01 17:29:52 0 d-------- C:\Program Files\Yahoo!

2008-03-30 14:13:01 0 d-------- C:\Program Files\PartyGaming

2008-03-24 11:22:42 0 d-------- C:\Program Files\Microsoft Silverlight

2008-03-24 11:22:35 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0

2008-03-24 11:22:29 0 d-------- C:\Program Files\Microsoft Synchronization Services

2008-03-24 11:22:29 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-03-24 11:16:22 0 d-------- C:\Program Files\Microsoft SDKs

2008-03-17 08:04:46 0 d-------- C:\Program Files\FirstClass <FIRSTC~1>

2008-03-16 18:57:02 0 d-------- C:\Program Files\Journal Macro

2008-03-16 08:51:20 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Hamachi

2008-03-16 08:50:12 0 d-------- C:\Program Files\DAEMON Tools Pro

2008-03-16 08:46:19 0 d-------- C:\Program Files\SwiftSwitch

2008-03-16 08:45:44 0 d-------- C:\Program Files\Free Screen Recorder

2008-03-16 08:42:50 0 d-------- C:\Program Files\Pure Networks

2008-03-16 08:40:13 0 d-------- C:\Program Files\Common Files

2008-03-16 08:40:13 0 d-------- C:\Program Files\Common Files\Pure Networks Shared

2008-03-15 07:32:38 0 d-------- C:\Program Files\SnowieGroup

2008-03-14 17:40:15 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Roxio

2008-03-12 16:42:05 0 d-------- C:\Program Files\DNA

2008-03-12 16:41:57 0 d-------- C:\Program Files\BitTorrent_DNA

2008-03-12 16:41:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\BitTorrent DNA

2008-03-12 14:01:52 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Publish Providers

2008-03-12 14:00:43 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Sony

2008-03-12 13:56:52 0 d-------- C:\Program Files\Vstplugins

2008-03-12 13:56:17 0 d-------- C:\Program Files\Sony

2008-03-12 13:47:47 0 d-------- C:\Program Files\MSBuild

2008-03-12 13:44:30 0 d-------- C:\Program Files\Reference Assemblies

2008-03-12 13:28:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Sony Setup

2008-03-12 13:28:17 0 d-------- C:\Program Files\Sony Setup

2008-03-11 04:42:27 0 d-------- C:\Program Files\BitTorrent

2008-03-08 10:57:06 0 d-------- C:\Program Files\Actual Drawing





-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09116201-E672-4491-89FB-8EDB7B0C080F}]

C:\WINDOWS\system32\vtUmNDVl.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{171CC304-9483-4B85-8E97-4D52CCB34D56}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{179B2570-D559-4626-95A7-7178D7BD6C28}]

C:\WINDOWS\system32\cbXRHyaX.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6efbf9c0-fc7a-4bc6-b4f1-bf6c10fe62b2}]

06/05/2008 06:18 PM 108608 --a------ C:\WINDOWS\system32\eemruwpk.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]

C:\WINDOWS\system32\nsv415.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F78BF7-99EF-4AE1-A844-D46EB375511A}]

06/05/2008 06:09 PM 281600 --a------ C:\WINDOWS\system32\rqRHwTJA.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F066FF9A-CCFD-45A9-82AB-FEF5986F9B9A}]

C:\WINDOWS\system32\ddcYoOeD.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]

27/04/2008 04:14 PM 39936 --a------ C:\WINDOWS\system32\mlJBRKdE.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [10/08/2004 02:04 PM]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 01:50 PM]

"CHotkey"="zHotkey.exe" [03/05/2005 04:02 PM C:\WINDOWS\zHotkey.exe]

"SigmatelSysTrayApp"="sttray.exe" []

"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [20/07/2005 02:55 AM]

"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 10:24 PM]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/06/2005 12:02 PM]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/06/2005 11:59 AM]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/06/2005 12:03 PM]

"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/02/2006 04:51 PM]

"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [24/09/2001 09:39 AM]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [23/11/2005 03:04 PM]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [19/10/2005 06:19 PM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/12/2006 11:00 AM]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 05:17 PM]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 12:46 AM]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [20/05/2005 03:46 PM C:\WINDOWS\KHALMNPR.Exe]

"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [17/01/2006 02:03 PM]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [17/01/2006 02:03 PM]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [27/11/2006 08:58 PM]

"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [14/11/2006 01:07 AM]

"djtxclylfrln"="C:\WINDOWS\system32\djtxclylfrln.exe" []

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 11:33 PM]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 05:57 PM]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 05:42 AM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]

"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [08/01/2008 05:20 PM]

"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [18/01/2008 10:32 AM]

"G2"="C:\Program Files\GamingSquared\Gaming2\G2.exe" [03/03/2008 07:26 PM]

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

"181709fb"="C:\WINDOWS\system32\qrixbraq.dll" [06/05/2008 06:12 PM]

"BM1b243a67"="C:\WINDOWS\system32\wtavermm.dll" [06/05/2008 06:10 PM]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 03:00 PM]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [19/02/2007 12:16 AM]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/06/2005 06:03 PM]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [11/04/2008 05:09 PM]

"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [05/03/2007 05:57 PM]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/04/2008 09:02 AM]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]



C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [20/08/2005 9:19:00 AM]

Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [20/08/2005 9:23:02 AM]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [19/02/2007 12:16:46 AM]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [21/01/2007 12:21:46 PM]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 4:05:56 PM]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\mlJBRKdE.dll [27/04/2008 04:14 PM 39936]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJBRKdE]

mlJBRKdE.dll 27/04/2008 04:14 PM 39936 C:\WINDOWS\system32\mlJBRKdE.dll



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRHwTJA



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]

@="driver"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""





[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\autorun.exe

readme\command- notepad readme.txt

Setup\command- F:\install.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141b24ab-fb73-11dc-9078-001320b2f3b0}]

AutoRun\command- K:\Launch.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353e7474-7897-11da-8b34-806d6172696f}]

AutoRun\command- E:\StartPageSnowie.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353e7475-7897-11da-8b34-806d6172696f}]

AutoRun\command- F:\autorun.exe

readme\command- notepad readme.txt

Setup\command- F:\install.exe





[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]

rundll32 sockins32.dll,InitModule







-- Hosts -----------------------------------------------------------------------



127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com



8300 more entries in hosts file.





-- End of Deckard's System Scanner: finished at 2008-05-06 18:27:07 ------------



3





(Extra.txt)

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------



-- System Information ----------------------------------------------------------



Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: English



CPU 0: Intel® Pentium® D CPU 2.80GHz

CPU 1: Intel® Pentium® D CPU 2.80GHz

Percentage of Memory in Use: 58%

Physical Memory (total/avail): 1013.53 MiB / 422.78 MiB

Pagefile Memory (total/avail): 2440.11 MiB / 1738.99 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1912.16 MiB



C: is Fixed (NTFS) - 228.67 GiB total, 123.52 GiB free.

D: is Fixed (FAT32) - 4.2 GiB total, 0.98 GiB free.

E: is CDROM (No Media)

F: is CDROM (CDFS)

G: is Removable (No Media)

H: is Removable (No Media)

I: is Removable (No Media)

J: is Removable (No Media)

K: is Removable (FAT32)



\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 2 partitions

\PARTITION0 (bootable) - Installable File System - 228.67 GiB - C:

\PARTITION1 - Unknown - 4.21 GiB - D:



\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device



\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device



\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device



\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



\\.\PHYSICALDRIVE5 - Kingston DataTraveler 2.0 USB Device - 3.84 GiB - 1 partition

\PARTITION0 - Unknown - 3.84 GiB - K:







-- Security Center -------------------------------------------------------------



AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.



FirstRunDisabled is set.

AntiVirusDisableNotify is set.

FirewallDisableNotify is set.



FW: McAfee Personal Firewall v (McAfee)

AV: McAfee VirusScan v (McAfee)



[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"



[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Reuters\\RMC\\RMC.exe"="C:\\Program Files\\Reuters\\RMC\\RMC.exe:*:Enabled:RMC Module"

"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Disabled:SIGSPat"

"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"

"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"

"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:WindowsĆ NetMeetingĆ"

"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"

"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\ROBLOX Corporation\\ROBLOX\\Roblox.exe"="C:\\Program Files\\ROBLOX Corporation\\ROBLOX\\Roblox.exe:*:Enabled:ROBLOX Game"

"C:\\Program Files\\GameHouse\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\GameHouse\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"

"C:\\Program Files\\DrakkarZone\\DrakkarLobby.exe"="C:\\Program Files\\DrakkarZone\\DrakkarLobby.exe:*:Enabled:Drakkar Lobby"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Local Settings\\Temporary Internet Files\\Content.IE5\\UVKORF9A\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Local Settings\\Temporary Internet Files\\Content.IE5\\UVKORF9A\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE:*:Enabled:SC3UpdaterMFC"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"

"C:\\Program Files\\Abyss Web Server\\abyssws.exe"="C:\\Program Files\\Abyss Web Server\\abyssws.exe:*:Enabled:Abyss Web Server X1"

"C:\\Program Files\\Kaneva\\World of Kaneva\\KepClient.exe"="C:\\Program Files\\Kaneva\\World of Kaneva\\KepClient.exe:*:Enabled:KEP Game Client"

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\My Documents\\My Received Files\\dreamweaver8-en(1).zip"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\My Documents\\My Received Files\\dreamweaver8-en(1).zip:*:Enabled:dreamweaver8-en(1).zip"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Elypsium\\Diamond\\Server\\Server.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Elypsium\\Diamond\\Server\\Server.exe:*:Enabled:Elysium Diamond Server"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\My Documents\\brennan game\\Server\\Server.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\My Documents\\brennan game\\Server\\Server.exe:*:Enabled:Elysium Diamond Server"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\My Documents\\Downloads\\Halo PC - Already Cracked\\Halo 1.07 Crack\\Halo.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\My Documents\\Downloads\\Halo PC - Already Cracked\\Halo 1.07 Crack\\Halo.exe:*:Enabled:Halo Patch"

"C:\\Program Files\\SPSSInc\\SPSS16EV\\spss.exe"="C:\\Program Files\\SPSSInc\\SPSS16EV\\spss.exe:*:Disabled:SPSS 16.0 Evaluation Version (1033:exe)"

"C:\\Program Files\\SPSSInc\\SPSS16EV\\spss.com"="C:\\Program Files\\SPSSInc\\SPSS16EV\\spss.com:*:Disabled:SPSS 16.0 Evaluation Version (1033:com)"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\server.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\server.exe:*:Enabled:server"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\Debbo v3.5\\Debbo V3.5.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\Debbo v3.5\\Debbo V3.5.exe:*:Enabled:Debbo V3.5"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Debbo v3.5\\Debbo V3.5.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Debbo v3.5\\Debbo V3.5.exe:*:Enabled:Debbo V3.5"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\Downloads\\Halo PC - Already Cracked\\Halo 1.07 Crack\\Halo.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\Downloads\\Halo PC - Already Cracked\\Halo 1.07 Crack\\Halo.exe:*:Enabled:Halo Patch"

"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"

"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"="C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe:*:Enabled:lh"

"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"

"C:\\Program Files\\PeerCast\\PeerCast.exe"="C:\\Program Files\\PeerCast\\PeerCast.exe:*:Enabled:PeerCast"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\Debbo v3.5\\Debbo V3.5.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\Debbo v3.5\\Debbo V3.5.exe:*:Enabled:Debbo V3.5"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\server.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\server.exe:*:Enabled:server"

"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\Goldenshox BugFixed 3.1\\Server.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\Goldenshox BugFixed 3.1\\Server.exe:*:Enabled:Server"

"C:\\Program Files\\Icecast2 Win32\\Icecast2.exe"="C:\\Program Files\\Icecast2 Win32\\Icecast2.exe:*:Enabled:Icecast2win"

"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\tnameserv.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\tnameserv.exe:*:Enabled:Java™ Platform SE binary"

"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:Utility for RuneScape"

"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\The_Flames CheatPack V2\\Clients\\EliteSwitch.exe"="C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\The_Flames CheatPack V2\\Clients\\EliteSwitch.exe:*:Enabled:Utility for RuneScape."

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:btdna"

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe"="C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"





-- Environment Variables -------------------------------------------------------



ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data

CLASSPATH=CLASSPATH=C:\Program Files\Java\jdk1.6.0_02\bin;%CLASSPATH%;

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=YOUR-0D0035AA17

ComSpec=C:\WINDOWS\system32\cmd.exe

DEFAULT_CA_NR=CA6

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Owner.YOUR-0D0035AA17

LANG=C

LOGONSERVER=\\YOUR-0D0035AA17

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Java\jdk1.6.0_02\bin

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0404

ProgramFiles=C:\Program Files

PROMPT=$P$G

RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp

TMP=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp

USERDOMAIN=YOUR-0D0035AA17

USERNAME=Owner

USERPROFILE=C:\Documents and Settings\Owner.YOUR-0D0035AA17

windir=C:\WINDOWS

__COMPAT_LAYER=DisableNXShowUI





-- User Profiles ---------------------------------------------------------------



Owner.YOUR-0D0035AA17 (admin)

Administrator (admin)

Guest (guest)





-- Add/Remove Programs ---------------------------------------------------------



-->

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}

--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}

--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

--> MsiExec.exe /I{288A2B29-1EF4-4BC9-986B-86005873445D}

--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

--> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}

--> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}

--> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Actual Drawing --> "C:\Program Files\Actual Drawing\PY_UNINSTAL.EXE" SOFTWARE\PySoft\HTML_Edit

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"

Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe

Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}

Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe

Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}

Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}

Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}

Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Setup --> MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}

Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}

Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}

Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}

Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe

Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

AdobeĆ PhotoshopĆ Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}

AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033

ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"

ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Avery DesignPro 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DesignPro 2000\Uninst.isu"

BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"

BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL

Bugdom! (Requires CD) --> E:\Remove.exe

Cake Mania --> C:\PROGRA~1\SHOCKW~1.COM\CAKEMA~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CAKEMA~1\INSTALL.LOG

Cheat Engine 5.3 --> "C:\Program Files\Cheat Engine\unins000.exe"

Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}

DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL

Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe

FirstClassĆ Client --> C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly

Flash to Video Batch Converter --> "C:\Program Files\GeoVid\Flash to Video Batch Converter\unins000.exe"

Game Maker 7.0 --> C:\Program Files\Game_Maker7\Uninstal.exe

GamesGrid Backgammon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{434F0526-32BE-4BD0-BBA0-AFF439D2143D}\setup.exe" -l0x9 -uninst

GamingSquared Console --> "C:\Program Files\GamingSquared\GameConsole\UninstallGameConsole.exe"

GNU Backgammon (2006-05-24 code) --> "C:\Program Files\gnubg\unins000.exe"

GNU Backgammon 0.15-stable (20061119 code) --> "C:\Program Files\gnubg\unins001.exe"

Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"

High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"

HijackThis 1.99.1 --> C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\HijackThis.exe /uninstall

HyperCam 2 --> "c:\program files\UnHyCam2.exe"

Icecast v2.3.1 --> "C:\Program Files\Icecast2 Win32\unins000.exe"

ImageMixer for HDD Camcorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}\Setup.exe" -l0x9 UNINSTALL -removeonly

IndustryPlayer 5 --> C:\PROGRA~1\INDUST~1\UNWISE.EXE C:\PROGRA~1\INDUST~1\INSTALL.LOG

Intel Audio Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe" -l0x9

Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772

Intel® PRO Network Connections Drivers --> Prounstl.exe

InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe

Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}

Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}

Journal Macro 1.84 --> C:\Program Files\Journal Macro\Uninstall.exe

LEGO Digital Designer --> C:\Program Files\LEGO Company\LEGO Digital Designer\Uninstall.exe

LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe"

Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly

Logitech Harmony Remote Software 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe" -l0x9 -removeonly

Logitech QuickCam --> MsiExec.exe /I{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}

Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly

Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}

Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}

Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}

Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}

Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL

Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}

MAGIX Movie Edit Pro 11 (US) --> C:\MAGIX\Movie_Edit_Pro_11\instslct.exe

MAGIX Music Manager (US) --> C:\MAGIX\Music_Manager\instslct.exe

MAGIX Photo Manager (US) --> C:\MAGIX\Photo_Manager\instslct.exe

Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}

Mask of Eternity --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Mask\Uninst.isu -c"C:\SIERRA\Mask\UNINST.DLL"

McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe

Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove

Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120

Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}

Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}

Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM

Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}

Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}

Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}

Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}

Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}

Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}

Microsoft Visual Basic 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe

Microsoft Visual Basic 2005 Express Edition - ENU --> MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}

Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe

Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}

Microsoft Visual C# 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe

Microsoft Visual C# 2005 Express Edition - ENU --> MsiExec.exe /X{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}

Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC

Monopoly Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}\Setup.exe"

Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Move Networks\ie_bin\Uninst.exe

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall

MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9

MusicmatchĆ Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst

MySQL Tools for 5.0 --> MsiExec.exe /I{8B16291E-11C1-4616-8A5B-0535C93A6EBF}

Mystery of the Monkey Kingdom™ --> C:\Program Files\The Learning Company\Mystery of the Monkey Kingdom™\uninstall.exe

Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL

Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Network Magic --> C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall

No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall

Nortonô Security Scan --> MsiExec.exe /I{666CF041-77BE-414E-9A9D-0A227E9B48F8}

OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}

PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"

PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Photo Viewer --> MsiExec.exe /I{67183F00-3DDC-497B-A090-4E2B79EAF1CD}

PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"

phpDesigner 2007 Professional version 5.5 --> "C:\Program Files\phpDesigner 2007 Professional\unins000.exe"

Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}

Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}

Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Remote Control USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly

Reuters Messaging 4 --> MsiExec.exe /X{84612BFC-F96A-4A26-8806-F7DC07561B08}

Reuters Station 8.2 --> MsiExec.exe /I{D8FAB0FB-23D3-4432-948A-B1F2B3DEF8C8}

ROBLOX --> MsiExec.exe /X{272C2E66-6D29-4FB3-835B-05A4ED8E63FD}

Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}

Runescape Apocalypse Client 1.6.7 --> C:\Program Files\Runescape Apocalypse Client\uninst.exe

SCAR Divi CDE 3.13 --> "C:\Program Files\SCAR 3.13\unins000.exe"

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall

SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}

Snowie Version 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4767E0D4-05E9-4EC2-AD78-7AE1680D602C}\setup.exe"

SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf

Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}

Sonic MyDVD-VR --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{897CA0D9-948F-4E5B-A20E-535E1060D3E6} /l1033

Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}

Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly

Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly

Sony Vegas Pro 8.0 --> MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}

Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Stuart Little 2 PC --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames Interactive\Stuart Little 2\Uninst.isu"

SwiftKit --> C:\Program Files\SwiftKit\Uninstall.exe

The GIMP 2.2.13 --> "C:\Program Files\GIMP-2.0\unins000.exe"

Tibia 7.81 --> "C:\Program Files\Tibia\unins000.exe"

Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) -->

VeryPDF PDFcamp Printer v2.1 --> "C:\Program Files\VeryPDF PDFcamp Printer v2.1\unins000.exe"

VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstXP.exe /u C:\WINDOWS\system32\DRVSTORE\mr7910_1FFEF370F39864F3AAA62219D434AE06B02B70AB\mr7910.inf

Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}

Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}

Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}

Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}

Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}

Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}

Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows XP Media Center Edition 2005 KB890629 -->

Windows XP Media Center Edition 2005 KB890760 -->

Windows XP Media Center Edition 2005 KB895198 -->

Windows XP Media Center Edition 2005 KB895678 -->

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

Wondershare Flash to Video Converter Trial Version --> "C:\Program Files\Wondershare\Flash to Video Converter\unins000.exe"

XML Paper Specification Shared Components Pack 1.0 -->

Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

YouTube FLV to AVI Suite Enterprise 2.3.4 --> "C:\Program Files\Easiestutils\YouTube FLV to AVI Suite Enterprise\unins000.exe"

Zoombinis Mountain Rescue™ --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Zoombinis Mountain Rescue™\Uninstall.xml"





-- Application Event Log -------------------------------------------------------



Event Record #/Type31190 / Error

Event Submitted/Written: 05/06/2008 06:10:12 PM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application ANIWZCSdS.exe, version 1.0.1.30507, faulting module user32.dll, version 5.1.2600.3099, fault address 0x00015a48.

Processing media-specific event for [ANIWZCSdS.exe!ws!]



Event Record #/Type31141 / Error

Event Submitted/Written: 05/06/2008 02:44:55 PM

Event ID/Source: 33 / Media Center Guide

Event Description:

Event Info: Discovery Service: Unexpected error. The Guide listings service is not currently available. Please try again later.

Process: DefaultDomain

Object Name: Microsoft.Ehome.Epg.Ehepgdat



Event Record #/Type31099 / Error

Event Submitted/Written: 05/06/2008 08:23:30 AM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application mcvsmap.exe, version 12.0.188.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Processing media-specific event for [mcvsmap.exe!ws!]



Event Record #/Type31054 / Error

Event Submitted/Written: 05/05/2008 11:09:05 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application gamegrid.exe, version 3.6.1.894, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



Event Record #/Type31053 / Error

Event Submitted/Written: 05/05/2008 11:08:38 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application gamegrid.exe, version 3.6.1.894, hang module hungapp, version 0.0.0.0, hang address 0x00000000.







-- Security Event Log ----------------------------------------------------------



No Errors/Warnings found.





-- System Event Log ------------------------------------------------------------



Event Record #/Type43036 / Error

Event Submitted/Written: 05/06/2008 06:10:46 PM

Event ID/Source: 7034 / Service Control Manager

Event Description:

The ANIWZCSd Service service terminated unexpectedly. It has done this 1 time(s).



Event Record #/Type42986 / Error

Event Submitted/Written: 05/06/2008 02:43:31 PM

Event ID/Source: 7009 / Service Control Manager

Event Description:

Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.



Event Record #/Type42959 / Error

Event Submitted/Written: 05/06/2008 08:19:51 AM

Event ID/Source: 7009 / Service Control Manager

Event Description:

Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.



Event Record #/Type42922 / Error

Event Submitted/Written: 05/05/2008 08:44:26 PM

Event ID/Source: 1002 / Dhcp

Event Description:

The IP address lease 192.168.0.100 for the Network Card with network address 001320B2F3B0 has been

denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).



Event Record #/Type42914 / Error

Event Submitted/Written: 05/05/2008 08:38:32 PM

Event ID/Source: 1002 / Dhcp

Event Description:

The IP address lease 67.193.53.205 for the Network Card with network address 001320B2F3B0 has been

denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).







-- End of Deckard's System Scanner: finished at 2008-05-06 18:27:07 ------------



********************************

Thanks for your help once again.

Regards,

John (and John's wife who wants her computer back )

#5 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 06 May 2008 - 08:54 PM

Hi John (& John's wife :) ),

Temporarily disable Spybot's TeaTimer. This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

------------------------------------------------------------------------

Download (and transfer if necessary) the following tools which we will be using:

ERUNT
UnDLL

Backup Your Registry:
  • Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
  • Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Then, open Notepad (press Start->Run, enter notepad and press OK)
Copy everything inside the code box below (Starting with REGEDIT4) and paste it into a new notepad file.
Note: Please copy and paste all the text at once, and check that there is NO blank line above REGEDIT4 and one blank line at the bottom.
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\Downloads\\Halo PC - Already Cracked\\Halo 1.07 Crack\\Halo.exe"=-
Select File and Save as
Save it to your Desktop as "fix.reg" (you MUST type the quotes)
Locate fix.reg on your Desktop, if you did it right it should look like this:Posted Image
Don't use this file yet!

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
@echo off
sc stop clbdriver >> results.txt 2>>&1
sc delete clbdriver >> results.txt 2>>&1
del runme.bat
Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Don't use this file yet!


Make hidden/system files and folders visible:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK


  • Right-click undll.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Open the new folder and double-click UNDLL.EXE to start the program
  • Click the Select infected DLL button, then browse and select this file:

    C:\WINDOWS\system32\eemruwpk.dll

  • UnDLL will now attempt to delete the file
  • If prompted to reboot your computer, say No
  • Repeat the above steps for these files:

    C:\WINDOWS\system32\rqRHwTJA.dll
    C:\WINDOWS\system32\mlJBRKdE.dll
    C:\WINDOWS\system32\wneovtpx.dll
    C:\WINDOWS\system32\vysiesly.dll

  • Locate fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click Yes. You should then receive confirmation that the file was merged successfully.
  • Locate runme.bat on your Desktop and double-click it, another text file should appear on your Desktop called results.txt, do not open it until the black box has closed. Post the contents of this file in your next response.
  • Now reboot your computer


Then, make a new main.txt with DSS:
  • Make sure DSS.exe is on your Desktop
  • Press the Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked in the Main Log section, then un-check everything in the Extra Log section and press Scan!

Once complete, please post the results.txt output and the new DSS main.txt report.
ASAP & UNITE Member

#6 Sonofzzoro

Sonofzzoro

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 07 May 2008 - 04:19 PM

Hi Silver.

Once again let me start by saying thanks for the help. Did everything you asked except that of the following files...

C:\WINDOWS\system32\eemruwpk.dll
C:\WINDOWS\system32\rqRHwTJA.dll
C:\WINDOWS\system32\mlJBRKdE.dll
C:\WINDOWS\system32\wneovtpx.dll
C:\WINDOWS\system32\vysiesly.dll

only mlJBRKdE.dll was found. I searched my entire computer for the others but they were not found.



RESULTS.TXT


[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.




MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-07 18:03:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
102: 2008-05-06 22:19:15 UTC - RP814 - Deckard's System Scanner Restore Point
101: 2008-05-06 21:37:41 UTC - RP813 - System Checkpoint
100: 2008-05-05 20:23:22 UTC - RP812 - System Checkpoint
99: 2008-05-04 13:47:55 UTC - RP811 - System Checkpoint
98: 2008-05-02 22:25:49 UTC - RP810 - Restore Operation


-- First Restore Point --
1: 2008-04-27 20:19:58 UTC - RP713 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-07 18:04:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Desktop\dss.exe
C:\Program Files\Hijackthis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.142.143.116:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {09116201-E672-4491-89FB-8EDB7B0C080F} - C:\WINDOWS\system32\vtUmNDVl.dll (file missing)
O2 - BHO: (no name) - {171CC304-9483-4B85-8E97-4D52CCB34D56} - (no file)
O2 - BHO: (no name) - {179B2570-D559-4626-95A7-7178D7BD6C28} - C:\WINDOWS\system32\cbXRHyaX.dll (file missing)
O2 - BHO: (no name) - {4D1ADCAE-3990-4E2E-9004-28BC100EAFDC} - C:\WINDOWS\system32\rqRHwTJA.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsv415.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {80D58841-FAA2-40E8-B678-4D0D940B2F93} - C:\WINDOWS\system32\yayaAsTm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C8F78BF7-99EF-4AE1-A844-D46EB375511A} - (no file)
O2 - BHO: {4bb66870-d681-270b-d6b4-04674f2742dd} - {dd2472f4-7640-4b6d-b072-186d07866bb4} - C:\WINDOWS\system32\fcbuyngc.dll
O2 - BHO: (no name) - {F066FF9A-CCFD-45A9-82AB-FEF5986F9B9A} - C:\WINDOWS\system32\ddcYoOeD.dll (file missing)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [djtxclylfrln] C:\WINDOWS\system32\djtxclylfrln.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [181709fb] rundll32.exe "C:\WINDOWS\system32\picgwrio.dll",b
O4 - HKLM\..\Run: [BM1b243a67] Rundll32.exe "C:\WINDOWS\system32\mjwmaftk.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pootwoot.spac...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://flyingmonkeys...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...ploader_v10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


--
End of file - 20539 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - JSFile - shell\open\command - "C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>

S3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Icecast (Icecast Media Server) - "c:\program files\icecast2 win32\icecastservice.exe" "c:\program files\icecast2 win32"

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 1188)
2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 1920)
2008-05-07 16:58:20 281088 --a------ C:\WINDOWS\system32\yayaAsTm.dll
2008-05-07 17:07:34 103936 --a------ C:\WINDOWS\system32\mjwmaftk.dll
2008-05-07 17:10:23 95232 --a------ C:\WINDOWS\system32\picgwrio.dll
2005-05-25 03:40:00 57344 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2001-07-02 09:36:30 24576 --a------ C:\WINDOWS\HKNTDLL.dll
2008-05-07 17:16:32 105984 --a------ C:\WINDOWS\system32\fcbuyngc.dll

C:\WINDOWS\system32\rundll32.exe (pid 2284)
2008-05-07 17:10:23 95232 --a------ C:\WINDOWS\system32\picgwrio.dll
2008-05-07 17:07:34 103936 --a------ C:\WINDOWS\system32\mjwmaftk.dll
2005-05-25 03:40:00 57344 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>

C:\WINDOWS\system32\rundll32.exe (pid 2348)
2008-05-07 17:07:34 103936 --a------ C:\WINDOWS\system32\mjwmaftk.dll
2008-05-07 17:10:23 95232 --a------ C:\WINDOWS\system32\picgwrio.dll
2005-05-25 03:40:00 57344 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-07 18:00:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-25 15:00:13 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-04-15 02:05:04 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-01-01 02:07:20 332 --a------ C:\WINDOWS\Tasks\McQcTask.job
2005-12-29 15:35:03 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 17:16:30 105984 --a------ C:\WINDOWS\system32\fcbuyngc.dll
2008-05-07 17:16:06 2048 --a------ C:\WINDOWS\system32\vkiabnvl.exe
2008-05-07 17:10:22 95232 --a------ C:\WINDOWS\system32\picgwrio.dll
2008-05-07 17:07:33 103936 --a------ C:\WINDOWS\system32\mjwmaftk.dll
2008-05-07 16:58:21 292792 --ahs---- C:\WINDOWS\system32\mTsAayay.ini2
2008-05-07 16:58:15 281088 --a------ C:\WINDOWS\system32\yayaAsTm.dll
2008-05-06 18:15:45 2112 --a------ C:\WINDOWS\system32\fglliycv.exe
2008-05-06 18:09:40 198685 --ahs---- C:\WINDOWS\system32\AJTwHRqr.ini2
2008-05-05 20:49:51 192068 --ahs---- C:\WINDOWS\system32\lVDNmUtv.ini2
2008-05-05 20:48:20 1695 --a------ C:\WINDOWS\system32\clbinit.dll
2008-05-05 16:01:27 190572 --ahs---- C:\WINDOWS\system32\DeOoYcdd.ini2
2008-05-04 15:52:01 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 15:52:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 22:53:38 13369344 --a------ C:\Documents and Settings\Owner.YOUR-0D0035AA17\ntuser.dat
2008-04-28 16:03:57 1695 --a------ C:\WINDOWS\system32\clbcfg.dat
2008-04-27 16:19:48 313529 --ahs---- C:\WINDOWS\system32\XayHRXbc.ini2
2008-04-27 16:17:43 43520 --a------ C:\WINDOWS\system32\mlJDturQ.dll
2008-04-27 16:14:42 43520 --a------ C:\WINDOWS\system32\ssqOHbBu.dll
2008-04-25 20:51:17 0 d-------- C:\Program Files\PhotoFiltre
2008-04-07 13:14:55 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\mIRC
2008-04-07 13:14:53 0 d-------- C:\Program Files\mIRC


-- Find3M Report ---------------------------------------------------------------

2008-05-07 18:03:18 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\DNA
2008-05-07 16:53:17 0 d-------- C:\Program Files\McAfee
2008-05-03 21:29:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-03 12:53:50 0 d-------- C:\Program Files\Norton Security Scan
2008-05-02 19:50:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\SiteAdvisor
2008-05-02 18:26:53 0 d-------- C:\Program Files\Windows Live
2008-05-01 22:55:48 0 d-------- C:\Program Files\2D and 3D Animator
2008-04-30 19:19:03 0 d-------- C:\Program Files\The Learning Company
2008-04-30 19:13:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 16:46:00 0 d-------- C:\Program Files\Cheat Engine
2008-04-29 16:07:30 256 --a------ C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\urlredir.cfg
2008-04-26 01:54:01 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\uTorrent
2008-04-25 11:20:24 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Adobe
2008-04-25 11:17:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-25 09:25:15 0 d-------- C:\Program Files\SwiftKit
2008-04-23 15:55:05 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\BitTorrent
2008-04-06 18:16:14 0 d-------- C:\Program Files\Java
2008-04-05 15:09:35 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\LimeWire
2008-04-05 08:24:59 0 d-------- C:\Program Files\Google
2008-04-01 17:30:08 0 d-------- C:\Program Files\GamingSquared
2008-04-01 17:29:52 0 d-------- C:\Program Files\Yahoo!
2008-03-30 14:13:01 0 d-------- C:\Program Files\PartyGaming
2008-03-24 11:22:42 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-24 11:22:35 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-03-24 11:22:29 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-03-24 11:22:29 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-24 11:16:22 0 d-------- C:\Program Files\Microsoft SDKs
2008-03-17 08:04:46 0 d-------- C:\Program Files\FirstClass
2008-03-16 18:57:02 0 d-------- C:\Program Files\Journal Macro
2008-03-16 08:51:20 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Hamachi
2008-03-16 08:50:12 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-16 08:46:19 0 d-------- C:\Program Files\SwiftSwitch
2008-03-16 08:45:44 0 d-------- C:\Program Files\Free Screen Recorder
2008-03-16 08:42:50 0 d-------- C:\Program Files\Pure Networks
2008-03-16 08:40:13 0 d-------- C:\Program Files\Common Files
2008-03-16 08:40:13 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-03-15 07:32:38 0 d-------- C:\Program Files\SnowieGroup
2008-03-14 17:40:15 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Roxio
2008-03-12 16:42:05 0 d-------- C:\Program Files\DNA
2008-03-12 16:41:57 0 d-------- C:\Program Files\BitTorrent_DNA
2008-03-12 16:41:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\BitTorrent DNA
2008-03-12 14:01:52 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Publish Providers
2008-03-12 14:00:43 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Sony
2008-03-12 13:56:52 0 d-------- C:\Program Files\Vstplugins
2008-03-12 13:56:17 0 d-------- C:\Program Files\Sony
2008-03-12 13:47:47 0 d-------- C:\Program Files\MSBuild
2008-03-12 13:44:30 0 d-------- C:\Program Files\Reference Assemblies
2008-03-12 13:28:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Sony Setup
2008-03-12 13:28:17 0 d-------- C:\Program Files\Sony Setup
2008-03-11 04:42:27 0 d-------- C:\Program Files\BitTorrent
2008-03-08 10:57:06 0 d-------- C:\Program Files\Actual Drawing


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09116201-E672-4491-89FB-8EDB7B0C080F}]
C:\WINDOWS\system32\vtUmNDVl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{171CC304-9483-4B85-8E97-4D52CCB34D56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{179B2570-D559-4626-95A7-7178D7BD6C28}]
C:\WINDOWS\system32\cbXRHyaX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D1ADCAE-3990-4E2E-9004-28BC100EAFDC}]
C:\WINDOWS\system32\rqRHwTJA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]
C:\WINDOWS\system32\nsv415.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80D58841-FAA2-40E8-B678-4D0D940B2F93}]
07/05/2008 04:58 PM 281088 --a------ C:\WINDOWS\system32\yayaAsTm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F78BF7-99EF-4AE1-A844-D46EB375511A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd2472f4-7640-4b6d-b072-186d07866bb4}]
07/05/2008 05:16 PM 105984 --a------ C:\WINDOWS\system32\fcbuyngc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F066FF9A-CCFD-45A9-82AB-FEF5986F9B9A}]
C:\WINDOWS\system32\ddcYoOeD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [10/08/2004 02:04 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 01:50 PM]
"CHotkey"="zHotkey.exe" [03/05/2005 04:02 PM C:\WINDOWS\zHotkey.exe]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [20/07/2005 02:55 AM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 10:24 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/06/2005 12:02 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/06/2005 11:59 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/06/2005 12:03 PM]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/02/2006 04:51 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [24/09/2001 09:39 AM]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [23/11/2005 03:04 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [19/10/2005 06:19 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/12/2006 11:00 AM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 05:17 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 12:46 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [20/05/2005 03:46 PM C:\WINDOWS\KHALMNPR.Exe]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [17/01/2006 02:03 PM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [17/01/2006 02:03 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [27/11/2006 08:58 PM]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [14/11/2006 01:07 AM]
"djtxclylfrln"="C:\WINDOWS\system32\djtxclylfrln.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 11:33 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 05:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 05:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [08/01/2008 05:20 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [18/01/2008 10:32 AM]
"G2"="C:\Program Files\GamingSquared\Gaming2\G2.exe" [03/03/2008 07:26 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"181709fb"="C:\WINDOWS\system32\picgwrio.dll" [07/05/2008 05:10 PM]
"BM1b243a67"="C:\WINDOWS\system32\mjwmaftk.dll" [07/05/2008 05:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 03:00 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [19/02/2007 12:16 AM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/06/2005 06:03 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [11/04/2008 05:09 PM]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [05/03/2007 05:57 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/04/2008 09:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [20/08/2005 9:19:00 AM]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [20/08/2005 9:23:02 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [19/02/2007 12:16:46 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [21/01/2007 12:21:46 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayaAsTm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\autorun.exe
readme\command- notepad readme.txt
Setup\command- F:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141b24ab-fb73-11dc-9078-001320b2f3b0}]
AutoRun\command- K:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353e7474-7897-11da-8b34-806d6172696f}]
AutoRun\command- E:\StartPageSnowie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353e7475-7897-11da-8b34-806d6172696f}]
AutoRun\command- F:\autorun.exe
readme\command- notepad readme.txt
Setup\command- F:\install.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-07 18:06:03 ------------




Once again thanks and hope this helps.


John

#7 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 07 May 2008 - 06:39 PM

Hi Sonofzzoro,

It's proving a little stubborn, we'll need to try again with a similar procedure.

Open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.142.143.116:8080
O2 - BHO: (no name) - {09116201-E672-4491-89FB-8EDB7B0C080F} - C:\WINDOWS\system32\vtUmNDVl.dll (file missing)
O2 - BHO: (no name) - {171CC304-9483-4B85-8E97-4D52CCB34D56} - (no file)
O2 - BHO: (no name) - {179B2570-D559-4626-95A7-7178D7BD6C28} - C:\WINDOWS\system32\cbXRHyaX.dll (file missing)
O2 - BHO: (no name) - {4D1ADCAE-3990-4E2E-9004-28BC100EAFDC} - C:\WINDOWS\system32\rqRHwTJA.dll (file missing)
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsv415.dll (file missing)
O2 - BHO: (no name) - {C8F78BF7-99EF-4AE1-A844-D46EB375511A} - (no file)
O2 - BHO: (no name) - {F066FF9A-CCFD-45A9-82AB-FEF5986F9B9A} - C:\WINDOWS\system32\ddcYoOeD.dll (file missing)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [djtxclylfrln] C:\WINDOWS\system32\djtxclylfrln.exe
O4 - HKLM\..\Run: [181709fb] rundll32.exe "C:\WINDOWS\system32\picgwrio.dll",b
O4 - HKLM\..\Run: [BM1b243a67] Rundll32.exe "C:\WINDOWS\system32\mjwmaftk.dll",s
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...ploader_v10.cab
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Download authpack.reg to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
Locate authpack.reg on your Desktop, it should look like this:Posted Image if it doesn't then stop and let me know.
Don't use this file just yet.

Then clean with UnDLL again:
  • Double-click UNDLL.EXE to start the program
  • Click the Select infected DLL button, then browse and select this file:

    C:\WINDOWS\system32\yayaAsTm.dll

  • UnDLL will now attempt to delete the file
  • If prompted to reboot your computer, say No
  • Repeat the above steps for these files:

    C:\WINDOWS\system32\fcbuyngc.dll
    C:\WINDOWS\system32\picgwrio.dll
    C:\WINDOWS\system32\mjwmaftk.dll

  • Locate authpack.reg on your desktop and double-click it. When asked if you want to merge with the registry, click Yes. You should then receive confirmation that the file was merged successfully.
  • Now reboot your computer

Then, make a new main.txt with DSS:
  • Make sure DSS.exe is on your Desktop
  • Press the Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked in the Main Log section, then un-check everything in the Extra Log section and press Scan!

Once complete, please post the new DSS main.txt report.
ASAP & UNITE Member

#8 Sonofzzoro

Sonofzzoro

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 07 May 2008 - 09:46 PM

Hi Silver.

Once again everything has been done with one exception. The file yayaAsTm.dll could not be found. Again searched the entire system, but it was not there. A note. When I started the system up after everything was done,Igot an error message stating that the file mjwmaftk.dll could not be found ( program was rundll ). Don't know if you need this but....


MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-07 23:38:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2008-05-08 03:38:41 UTC - RP816 - Deckard's System Scanner Restore Point
103: 2008-05-07 23:52:59 UTC - RP815 - System Checkpoint
102: 2008-05-06 22:19:15 UTC - RP814 - Deckard's System Scanner Restore Point
101: 2008-05-06 21:37:41 UTC - RP813 - System Checkpoint
100: 2008-05-05 20:23:22 UTC - RP812 - System Checkpoint


-- First Restore Point --
1: 2008-04-27 20:19:58 UTC - RP713 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-07 23:39:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Desktop\dss.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Hijackthis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {80D58841-FAA2-40E8-B678-4D0D940B2F93} - C:\WINDOWS\system32\yayaAsTm.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM1b243a67] Rundll32.exe "C:\WINDOWS\system32\mjwmaftk.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pootwoot.spac...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://flyingmonkeys...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


--
End of file - 18958 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - JSFile - shell\open\command - "C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>

S3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Icecast (Icecast Media Server) - "c:\program files\icecast2 win32\icecastservice.exe" "c:\program files\icecast2 win32"

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 1172)
2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 1880)
2005-05-25 03:40:00 57344 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-07 23:00:02 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-25 15:00:13 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-04-15 02:05:04 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-01-01 02:07:20 332 --a------ C:\WINDOWS\Tasks\McQcTask.job
2005-12-29 15:35:03 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 17:16:06 2048 --a------ C:\WINDOWS\system32\vkiabnvl.exe
2008-05-07 16:58:21 294355 --ahs---- C:\WINDOWS\system32\mTsAayay.ini2
2008-05-06 18:15:45 2112 --a------ C:\WINDOWS\system32\fglliycv.exe
2008-05-06 18:09:40 198685 --ahs---- C:\WINDOWS\system32\AJTwHRqr.ini2
2008-05-05 20:49:51 192068 --ahs---- C:\WINDOWS\system32\lVDNmUtv.ini2
2008-05-05 20:48:20 1695 --a------ C:\WINDOWS\system32\clbinit.dll
2008-05-05 16:01:27 190572 --ahs---- C:\WINDOWS\system32\DeOoYcdd.ini2
2008-05-04 15:52:01 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 15:52:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 22:53:38 13369344 --a------ C:\Documents and Settings\Owner.YOUR-0D0035AA17\ntuser.dat
2008-04-28 16:03:57 1695 --a------ C:\WINDOWS\system32\clbcfg.dat
2008-04-27 16:19:48 313529 --ahs---- C:\WINDOWS\system32\XayHRXbc.ini2
2008-04-27 16:17:43 43520 --a------ C:\WINDOWS\system32\mlJDturQ.dll
2008-04-27 16:14:42 43520 --a------ C:\WINDOWS\system32\ssqOHbBu.dll
2008-04-25 20:51:17 0 d-------- C:\Program Files\PhotoFiltre
2008-04-07 13:14:55 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\mIRC
2008-04-07 13:14:53 0 d-------- C:\Program Files\mIRC


-- Find3M Report ---------------------------------------------------------------

2008-05-07 23:34:07 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\DNA
2008-05-07 16:53:17 0 d-------- C:\Program Files\McAfee
2008-05-03 21:29:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-03 12:53:50 0 d-------- C:\Program Files\Norton Security Scan
2008-05-02 19:50:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\SiteAdvisor
2008-05-02 18:26:53 0 d-------- C:\Program Files\Windows Live
2008-05-01 22:55:48 0 d-------- C:\Program Files\2D and 3D Animator
2008-04-30 19:19:03 0 d-------- C:\Program Files\The Learning Company
2008-04-30 19:13:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 16:46:00 0 d-------- C:\Program Files\Cheat Engine
2008-04-29 16:07:30 256 --a------ C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\urlredir.cfg
2008-04-26 01:54:01 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\uTorrent
2008-04-25 11:20:24 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Adobe
2008-04-25 11:17:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-25 09:25:15 0 d-------- C:\Program Files\SwiftKit
2008-04-23 15:55:05 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\BitTorrent
2008-04-06 18:16:14 0 d-------- C:\Program Files\Java
2008-04-05 15:09:35 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\LimeWire
2008-04-05 08:24:59 0 d-------- C:\Program Files\Google
2008-04-01 17:30:08 0 d-------- C:\Program Files\GamingSquared
2008-04-01 17:29:52 0 d-------- C:\Program Files\Yahoo!
2008-03-30 14:13:01 0 d-------- C:\Program Files\PartyGaming
2008-03-24 11:22:42 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-24 11:22:35 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-03-24 11:22:29 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-03-24 11:22:29 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-24 11:16:22 0 d-------- C:\Program Files\Microsoft SDKs
2008-03-17 08:04:46 0 d-------- C:\Program Files\FirstClass
2008-03-16 18:57:02 0 d-------- C:\Program Files\Journal Macro
2008-03-16 08:51:20 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Hamachi
2008-03-16 08:50:12 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-16 08:46:19 0 d-------- C:\Program Files\SwiftSwitch
2008-03-16 08:45:44 0 d-------- C:\Program Files\Free Screen Recorder
2008-03-16 08:42:50 0 d-------- C:\Program Files\Pure Networks
2008-03-16 08:40:13 0 d-------- C:\Program Files\Common Files
2008-03-16 08:40:13 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-03-15 07:32:38 0 d-------- C:\Program Files\SnowieGroup
2008-03-14 17:40:15 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Roxio
2008-03-12 16:42:05 0 d-------- C:\Program Files\DNA
2008-03-12 16:41:57 0 d-------- C:\Program Files\BitTorrent_DNA
2008-03-12 16:41:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\BitTorrent DNA
2008-03-12 14:01:52 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Publish Providers
2008-03-12 14:00:43 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Sony
2008-03-12 13:56:52 0 d-------- C:\Program Files\Vstplugins
2008-03-12 13:56:17 0 d-------- C:\Program Files\Sony
2008-03-12 13:47:47 0 d-------- C:\Program Files\MSBuild
2008-03-12 13:44:30 0 d-------- C:\Program Files\Reference Assemblies
2008-03-12 13:28:40 0 d-------- C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Sony Setup
2008-03-12 13:28:17 0 d-------- C:\Program Files\Sony Setup
2008-03-11 04:42:27 0 d-------- C:\Program Files\BitTorrent
2008-03-08 10:57:06 0 d-------- C:\Program Files\Actual Drawing


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80D58841-FAA2-40E8-B678-4D0D940B2F93}]
C:\WINDOWS\system32\yayaAsTm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [10/08/2004 02:04 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 01:50 PM]
"CHotkey"="zHotkey.exe" [03/05/2005 04:02 PM C:\WINDOWS\zHotkey.exe]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [20/07/2005 02:55 AM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 10:24 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/06/2005 12:02 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/06/2005 11:59 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/06/2005 12:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/02/2006 04:51 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [24/09/2001 09:39 AM]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [23/11/2005 03:04 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [19/10/2005 06:19 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/12/2006 11:00 AM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 05:17 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 12:46 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [20/05/2005 03:46 PM C:\WINDOWS\KHALMNPR.Exe]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [17/01/2006 02:03 PM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [17/01/2006 02:03 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [27/11/2006 08:58 PM]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [14/11/2006 01:07 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 11:33 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 05:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 05:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [08/01/2008 05:20 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [18/01/2008 10:32 AM]
"G2"="C:\Program Files\GamingSquared\Gaming2\G2.exe" [03/03/2008 07:26 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"BM1b243a67"="C:\WINDOWS\system32\mjwmaftk.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 03:00 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [19/02/2007 12:16 AM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/06/2005 06:03 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/05/2008 11:06 PM]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [05/03/2007 05:57 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/04/2008 09:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [20/08/2005 9:19:00 AM]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [20/08/2005 9:23:02 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [19/02/2007 12:16:46 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [21/01/2007 12:21:46 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\autorun.exe
readme\command- notepad readme.txt
Setup\command- F:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141b24ab-fb73-11dc-9078-001320b2f3b0}]
AutoRun\command- K:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353e7474-7897-11da-8b34-806d6172696f}]
AutoRun\command- E:\StartPageSnowie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353e7475-7897-11da-8b34-806d6172696f}]
AutoRun\command- F:\autorun.exe
readme\command- notepad readme.txt
Setup\command- F:\install.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-07 23:41:10 ------------




Again thanks


John

#9 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 07 May 2008 - 10:12 PM

Hi John,

Don't worry about that error message, it's actually a sign that we were successful, however if you do receive more errors please let me know.
At this stage, it may be that the symptoms have stopped, but your machine is still infected so please bear with me.

Please open Start->Control Panel->Add/Remove Programs, and remove the following:

JavaT 6 Update 3
JavaT 6 Update 5
JavaT SE Development Kit 6 Update 3

These are out of date and now a security risk, you can get the latest update (version 6 update 6) from here when you're machine is clean.

You have Logitech Desktop Messenger installed. This is a background process which can access the internet without your knowledge or consent. Although it can assist in providing software updates for your Logitech hardware, it uses resources on your machine and the fact that it accesses the internet without your approval is potentially dangerous.

Party Poker has been reported as being malware-related so I strongly recommend you remove it.

You have GamingSquared Console installed. The GamingSquared website has a bad rating at SiteAdvisor and the downloads come from freeze.com which also has a bad rating and is blocked by the MVPs hosts file. As a result I strongly recommend you remove this program.

You have BitTorrent, LimeWire and µTorrent, P2P file sharing programs installed on your computer. These programs do not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I strongly recommend you remove these.

All the above can be removed via Add/Remove Programs

------------------------------------------------------------------------

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:

O2 - BHO: (no name) - {80D58841-FAA2-40E8-B678-4D0D940B2F93} - C:\WINDOWS\system32\yayaAsTm.dll (file missing)
O4 - HKLM\..\Run: [BM1b243a67] Rundll32.exe "C:\WINDOWS\system32\mjwmaftk.dll",s

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Please download OTMoveIt2 by OldTimer to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Double-click OTMoveIt2.exe to start the program.
  • Copy the lines in the OTMoveIt file list below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    OTMoveIt File List:
    C:\WINDOWS\system32\clbcfg.dat
    C:\WINDOWS\system32\wneovtpx.dll
    C:\WINDOWS\system32\vysiesly.dll
    C:\Program Files\RXToolBar
    C:\WINDOWS\system32\djtxclylfrln.exe
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\urlredir.cfg
    C:\WINDOWS\system32\eemruwpk.dll
    C:\WINDOWS\system32\fglliycv.exe
    C:\WINDOWS\system32\qrixbraq.dll
    C:\WINDOWS\system32\wtavermm.dll
    C:\WINDOWS\system32\AJTwHRqr.ini2
    C:\WINDOWS\system32\rqRHwTJA.dll
    C:\WINDOWS\system32\lVDNmUtv.ini2
    C:\WINDOWS\system32\clbinit.dll
    C:\WINDOWS\system32\DeOoYcdd.ini2
    C:\WINDOWS\system32\XayHRXbc.ini2
    C:\WINDOWS\system32\mlJDturQ.dll
    C:\WINDOWS\system32\fccAroLD.dll
    C:\WINDOWS\system32\clbdll.dll
    C:\WINDOWS\system32\ssqOHbBu.dll
    C:\WINDOWS\system32\mlJBRKdE.dll
    C:\WINDOWS\system32\mjwmaftk.dll
    C:\WINDOWS\system32\picgwrio.dll
    C:\WINDOWS\system32\fcbuyngc.dll
    C:\WINDOWS\system32\yayaAsTm.dll
    C:\WINDOWS\system32\vkiabnvl.exe
    C:\WINDOWS\system32\mTsAayay.ini2
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Then click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report will appear in Notepad after the reboot.
  • Close OTMoveIt2

------------------------------------------------------------------------

Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:

cmd /c dir "c:\server.exe" /a /s >> "%userprofile%\desktop\look.txt" & notepad "%userprofile%\desktop\look.txt"

A black box will open and a file will appear on your Desktop called look.txt.
Please wait for look.txt to open in Notepad automatically.
Post the contents of look.txt in your next response.

------------------------------------------------------------------------

Then, please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky...kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Next and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

------------------------------------------------------------------------

Once complete, please post the look.txt output, the Kaspersky report and a new HijackThis log.
ASAP & UNITE Member

#10 Sonofzzoro

Sonofzzoro

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 08 May 2008 - 09:20 PM

Hi Silver - Here are the results.



Results of OTMovelt2


C:\WINDOWS\system32\clbcfg.dat moved successfully.
File/Folder C:\WINDOWS\system32\wneovtpx.dll not found.
File/Folder C:\WINDOWS\system32\vysiesly.dll not found.
File/Folder C:\Program Files\RXToolBar not found.
File/Folder C:\WINDOWS\system32\djtxclylfrln.exe not found.
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\urlredir.cfg moved successfully.
File/Folder C:\WINDOWS\system32\eemruwpk.dll not found.
C:\WINDOWS\system32\fglliycv.exe moved successfully.
File/Folder C:\WINDOWS\system32\qrixbraq.dll not found.
File/Folder C:\WINDOWS\system32\wtavermm.dll not found.
C:\WINDOWS\system32\AJTwHRqr.ini2 moved successfully.
File/Folder C:\WINDOWS\system32\rqRHwTJA.dll not found.
C:\WINDOWS\system32\lVDNmUtv.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\clbinit.dll NOT unregistered.
C:\WINDOWS\system32\clbinit.dll moved successfully.
C:\WINDOWS\system32\DeOoYcdd.ini2 moved successfully.
C:\WINDOWS\system32\XayHRXbc.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJDturQ.dll
C:\WINDOWS\system32\mlJDturQ.dll NOT unregistered.
C:\WINDOWS\system32\mlJDturQ.dll moved successfully.
File/Folder C:\WINDOWS\system32\fccAroLD.dll not found.
File/Folder C:\WINDOWS\system32\clbdll.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqOHbBu.dll
C:\WINDOWS\system32\ssqOHbBu.dll NOT unregistered.
C:\WINDOWS\system32\ssqOHbBu.dll moved successfully.
File/Folder C:\WINDOWS\system32\mlJBRKdE.dll not found.
File/Folder C:\WINDOWS\system32\mjwmaftk.dll not found.
File/Folder C:\WINDOWS\system32\picgwrio.dll not found.
File/Folder C:\WINDOWS\system32\fcbuyngc.dll not found.
File/Folder C:\WINDOWS\system32\yayaAsTm.dll not found.
C:\WINDOWS\system32\vkiabnvl.exe moved successfully.
C:\WINDOWS\system32\mTsAayay.ini2 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05082008_171501

----------------------------------------------------------------

Results of LOOK.TXT



Volume in drive C has no label.
Volume Serial Number is 1817-0954

Directory of c:\Documents and Settings\Owner.YOUR-0D0035AA17\Elypsium\Diamond\Client\Elypsium\Diamond\Server

07/06/2006 08:14 PM 1,060,864 Server.exe
1 File(s) 1,060,864 bytes

Total Files Listed:
1 File(s) 1,060,864 bytes
0 Dir(s) 134,115,520,512 bytes free


_______________________________________________

Results of Kaspersky


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 08, 2008 11:11:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/05/2008
Kaspersky Anti-Virus database records: 748447
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 238020
Number of viruses found: 25
Number of infected objects: 193
Number of suspicious objects: 0
Duration of the scan process: 03:04:40

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\bmmjxqhu.dll Infected: Trojan.Win32.Monder.db skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\byodhvlv.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\mirc631.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\mirc631.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\nsd24A.tmp\adw.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.adj skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\nsd24A.tmp\adw.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\nsd24A.tmp\adw.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\nsd24A.tmp\adw.exe NSIS: infected - 3 skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\nsd24A.tmp\bann.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\nsd24A.tmp\bann.exe/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\nsd24A.tmp\bann.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\rjofclht.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\temAE.tmp.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\temAE.tmp.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp184.tmp.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Vapsup.awu skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp184.tmp.exe/stream Infected: not-a-virus:AdWare.Win32.Vapsup.awu skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp184.tmp.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp27B.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.alo skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp27B.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.alo skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp27B.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp28F.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.bii skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp28F.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.bii skipped
C:\Deckard\System Scanner\20080507180226\backup\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp28F.tmp NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{551635F9-3B66-482B-9C3B-3EA7E458C983}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{DB6A441D-30DA-4438-8B21-C7C2D90CF51B}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR13.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip/aapoiuik.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip/brebhywp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll10.zip/ngeyjjdp.dll Infected: Trojan.Win32.Monder.cz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip/nswkldph.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip/pwhnxsib.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip/qdptyvrk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip/rblkdqfj.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip/rwdgbnfg.dll Infected: Trojan.Win32.Monder.an skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip/ublxryrm.dll Infected: Trojan.Win32.Monder.da skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll17.zip/vysiesly.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll18.zip/wneovtpx.dll Infected: Trojan.Win32.Monder.an skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll18.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip/cbXRHyaX.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll21.zip/aapoiuik.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll22.zip/brebhywp.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll23.zip/cbXRHyaX.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll24.zip/dtukoyhx.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll24.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll25.zip/ggwxwdev.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll26.zip/ispndjdn.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll26.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll27.zip/aapoiuik.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll27.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll28.zip/brebhywp.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll28.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll29.zip/cbXRHyaX.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll29.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip/aapoiuik.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll30.zip/ddcYoOeD.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll30.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll31.zip/mtwubpdx.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll31.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll32.zip/ngeyjjdp.dll_old Infected: Trojan.Win32.Monder.cz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll32.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll33.zip/ddcYoOeD.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll33.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll34.zip/defdnvoy.dll Infected: Trojan.Win32.Monder.db skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll34.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll35.zip/unahaecr.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll35.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll36.zip/vtUmNDVl.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll36.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll37.zip/defdnvoy.dll_old Infected: Trojan.Win32.Monder.db skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll37.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll38.zip/vtUmNDVl.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll38.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll39.zip/xutfdvul.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll39.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip/brebhywp.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll40.zip/eemruwpk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll40.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll41.zip/qrixbraq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll41.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll42.zip/eemruwpk.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll42.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll43.zip/qrixbraq.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll43.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll44.zip/rqRHwTJA.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll44.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll45.zip/wtavermm.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll45.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll48.zip/rqRHwTJA.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll48.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll49.zip/yayaAsTm.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll49.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip/cbXRHyaX.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll50.zip/rqRHwTJA.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll50.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll51.zip/yayaAsTm.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll51.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip/dtukoyhx.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip/ggwxwdev.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll8.zip/ispndjdn.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip/mtwubpdx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_404162900_6553600_74475 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{844B6D49-1017-4675-8F35-7A4FD508F5A5}.TmpSBE Object is locked skipped
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\17YMM1AP\SmileyCentralFWBInitialSetup1.0.0.15[1].cab/f3Setup1.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\17YMM1AP\SmileyCentralFWBInitialSetup1.0.0.15[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\CursorManiaFWBInitialSetup1.0.0.15[1].cab/f3Setup1.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\CursorManiaFWBInitialSetup1.0.0.15[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\V5PGNGBP\CAJG1J3W.htm Infected: Trojan-Downloader.JS.Agent.kk skipped
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\YQZ7T7WZ\install_iframe[1].htm Infected: Trojan-Downloader.JS.Agent.kk skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_cb8.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Desktop\Brennan's folder\The_Flames CheatPack V2\Others Things\Super Combat Calculator\Super Combat Calculator.exe Infected: not-virus:BadJoke.MSIL.Agent.w skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\History\History.IE5\MSHist012008050820080509\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temp\~DF8AD3.tmp Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\1T9ZEWM6\iddqd[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\4Y0Y3P2Q\idkfa[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\5KXLS5VL\kriv[1] Infected: Trojan.Win32.Monder.db skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\H56TY70I\glas[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\css4[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\css4[2] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\hctp[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\RNPZM8HA\idkfa[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\css4[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\glas[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\kriv[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\query[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip/setup.exe/data0010/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.adj skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip/setup.exe/data0010/stream/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip/setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip/setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip ZIP: infected - 8 skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-0D0035AA17\UserData\index.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_Vista.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Microsoft_Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Microsoft_Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Other.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\Icecast2 Win32\logs\access.log Object is locked skipped
C:\Program Files\Icecast2 Win32\logs\error.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_337.trc Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP719\A0110050.dll Infected: not-a-virus:AdWare.Win32.Agent.bii skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP719\A0110060.dll Infected: not-a-virus:AdWare.Win32.Agent.yr skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP723\A0111319.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP755\A0116407.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP780\A0121416.dll Infected: not-a-virus:AdWare.Win32.Shopper.v skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP799\A0124706.old Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP800\A0125050.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP807\A0126069.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP807\A0126070.dll Infected: not-a-virus:AdWare.Win32.Vapsup.awu skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP809\A0126248.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP809\A0126249.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP809\A0126250.dll Infected: Trojan.Win32.Monder.an skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP809\A0126261.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP809\A0126262.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP809\A0126282.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP809\A0126283.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP809\A0126315.old Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP810\A0126388.old Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP810\A0127039.dll Infected: not-a-virus:AdWare.Win32.Vapsup.awu skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP810\A0127042.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP810\A0128061.exe Infected: Backdoor.Win32.VanBot.db skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP811\A0128175.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP811\A0128177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP811\A0128178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP811\A0128179.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP811\A0128181.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP811\A0128184.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP811\A0128186.dll Infected: Trojan.Win32.Monder.an skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP812\A0128206.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP812\A0129283.dll Infected: Trojan.Win32.Monder.db skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP812\A0129286.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP812\A0129287.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP812\A0129288.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP814\A0129329.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP814\A0129332.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP814\A0129360.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP814\A0129361.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP814\A0129435.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP815\A0129472.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP815\A0129473.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP815\A0129474.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{33267964-7EA5-4B70-8183-818AE8CD6DEC}\RP820\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B533E941-B384-4417-A40F-E2B5B0F13F20}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6D30275A-DC25-4935-B495-00EBC884276C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\1[1].exe Infected: not-a-virus:FraudTool.Win32.AntiSpySpider.c skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_CodGePZKcpYnEFI Object is locked skipped
C:\WINDOWS\Temp\mcmsc_dHuR6sQGp6cpiz6 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_J7RoePChqWbt2YP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_mAigRn7YuBjOBIn Object is locked skipped
C:\WINDOWS\Temp\sqlite_5Beh6jePJOGhKfa Object is locked skipped
C:\WINDOWS\Temp\sqlite_BjFNygGIOKxof4M Object is locked skipped
C:\WINDOWS\Temp\sqlite_bnozJvloD9LPOS4 Object is locked skipped
C:\WINDOWS\Temp\sqlite_RGpKd0plJAA2AGQ Object is locked skipped
C:\WINDOWS\Temp\~ROMFN_00000728 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05082008_171501\WINDOWS\system32\mlJDturQ.dll Infected: Trojan.Win32.Monder.gen skipped
C:\_OTMoveIt\MovedFiles\05082008_171501\WINDOWS\system32\ssqOHbBu.dll Infected: Trojan.Win32.Monder.gen skipped

Scan process completed.



____________________________________________


Results of HijackThis


Logfile of HijackThis v1.99.1
Scan saved at 11:14:09 PM, on 08/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pootwoot.spac...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://flyingmonkeys...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe" "C:\Program Files\Icecast2 Win32 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe



_________________________________


Once again thanks.


John

    Advertisements

Register to Remove


#11 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 08 May 2008 - 10:16 PM

Hi Sonofzzoro,

That's looking a lot better, a little further tidying up to do:

Backup Your Registry again with ERUNT - here are the full instructions if necessary:
  • Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
  • Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

------------------------------------------------------------------------

Clean with OTMoveIt again:
  • Double-click OTMoveIt2.exe to start the program.
  • Copy the lines in the OTMoveIt file list below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    OTMoveIt File List:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\Downloads\\Halo PC - Already Cracked\\Halo 1.07 Crack\\Halo.exe
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\server.exe
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\server.exe
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\Goldenshox BugFixed 3.1\\Server.exe
    C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\17YMM1AP\SmileyCentralFWBInitialSetup1.0.0.15[1].cab
    C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\CursorManiaFWBInitialSetup1.0.0.15[1].cab
    C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\V5PGNGBP\CAJG1J3W.htm
    C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\YQZ7T7WZ\install_iframe[1].htm
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\1T9ZEWM6\iddqd[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\4Y0Y3P2Q\idkfa[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\5KXLS5VL\kriv[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\H56TY70I\glas[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\css4[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\css4[2]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\hctp[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\RNPZM8HA\idkfa[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\css4[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\glas[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\kriv[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\query[1]
    C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\1[1].exe
    EmptyTemp
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Then click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report will appear in Notepad after the reboot.
  • Close OTMoveIt2

------------------------------------------------------------------------

If you removed Party Poker, please clean it's entries with HijackThis:
Open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Clean with MalwareBytes' Anti-Malware
  • Please download the Installer to your Desktop from here:
    http://www.besttechi.../mbam-setup.exe
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both of these options:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure everything is checked, and click Remove Selected.
  • When finished, a log will open in Notepad. Please save it to your Desktop, and post the contents in your reply.
  • The log can also be found here if you need it:
    • Start->All Programs->Malwarebytes' Anti-Malware->Logs

------------------------------------------------------------------------

Once complete, please post the new OTMoveIt report, the MalwareBytes Antimalware report and a new HijackThis log.
Also, let me know how your computer is running now.

Edited by silver, 08 May 2008 - 10:18 PM.

ASAP & UNITE Member

#12 Sonofzzoro

Sonofzzoro

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 09 May 2008 - 06:00 PM

Hi Silver


First - my computer is running much better and faster. If there any other tip to "clean" things up, please feel free to post. Everything was done, below is the results. Glad to hear any comments or suggestions......

________________________________________________________

OTMoveit report



< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\Downloads\\Halo PC - Already Cracked\\Halo 1.07 Crack\\Halo.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\Downloads\\Halo PC - Already Cracked\\Halo 1.07 Crack\\Halo.exe not found.
< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\server.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\†\\server.exe not found.
< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\server.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\server.exe not found.
< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\Goldenshox BugFixed 3.1\\Server.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Owner.YOUR-0D0035AA17\\Desktop\\Brennan's folder\\Goldenshox BugFixed 3.1\\Server.exe not found.
< C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\17YMM1AP\SmileyCentralFWBInitialSetup1.0.0.15[1].cab >
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\17YMM1AP\SmileyCentralFWBInitialSetup1.0.0.15[1].cab moved successfully.
< C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\CursorManiaFWBInitialSetup1.0.0.15[1].cab >
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\CursorManiaFWBInitialSetup1.0.0.15[1].cab moved successfully.
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\V5PGNGBP\CAJG1J3W.htm moved successfully.
< C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\YQZ7T7WZ\install_iframe[1].htm >
C:\Documents and Settings\brennan\Local Settings\Temporary Internet Files\Content.IE5\YQZ7T7WZ\install_iframe[1].htm moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\1T9ZEWM6\iddqd[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\1T9ZEWM6\iddqd[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\4Y0Y3P2Q\idkfa[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\4Y0Y3P2Q\idkfa[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\5KXLS5VL\kriv[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\5KXLS5VL\kriv[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\H56TY70I\glas[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\H56TY70I\glas[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\css4[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\css4[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\css4[2] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\css4[2] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\hctp[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\I3Z7P8YE\hctp[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\RNPZM8HA\idkfa[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\RNPZM8HA\idkfa[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\css4[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\css4[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\glas[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\glas[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\kriv[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\kriv[1] moved successfully.
< C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\query[1] >
C:\Documents and Settings\Owner.YOUR-0D0035AA17\Local Settings\Temporary Internet Files\Content.IE5\ZQC0FGSQ\query[1] moved successfully.
C:\Documents and Settings\Owner.YOUR-0D0035AA17\My Documents\My Music\test\silkroad new.zip moved successfully.
< C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\1[1].exe >
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\59BVS0KC\1[1].exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\~DF2888.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_Vz0xdcp3MXbpGkU scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_b6SOKDuuW3WRJcq scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_km5cEF7oCEDuNCJ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~ROMFN_0000040C scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05092008_184259

Files moved on Reboot...
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\~DF2888.tmp moved successfully.
File C:\WINDOWS\temp\mcmsc_Vz0xdcp3MXbpGkU not found!
C:\WINDOWS\temp\sqlite_b6SOKDuuW3WRJcq moved successfully.
C:\WINDOWS\temp\sqlite_km5cEF7oCEDuNCJ moved successfully.
File C:\WINDOWS\temp\~ROMFN_0000040C not found!




_________________________________________________________________________



MalwareBytes Report


Malwarebytes' Anti-Malware 1.12
Database version: 737

Scan type: Quick Scan
Objects scanned: 60448
Time elapsed: 15 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 56
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{0fbc3efb-fc98-4b32-bf10-bde9aa4dea5a} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a4b7d17-1de9-4c14-8adf-eb4c07060519} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abf441b2-9b57-4838-96a0-34b1cecd4aa5} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\promogif1.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.



___________________________________________________________


New HiJackThis Log


Logfile of HijackThis v1.99.1
Scan saved at 7:58:06 PM, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\BigFix\BigFix.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\SiteAdvisor\6253\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pootwoot.spac...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://flyingmonkeys...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe" "C:\Program Files\Icecast2 Win32 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe



Very Grateful.....


John

#13 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 09 May 2008 - 06:34 PM

Hi Sonofzzoro,

I'm glad to hear things are running better, some important final steps:

Clean Spybots quarantined files:
Open Spybot - Search & Destroy
Select Recovery from the menu on the left side
Select the relevant item(s) and choose Purge selected items
Close Spybot - Search & Destroy

You should now delete UnDLL and DSS from your Desktop, you can also remove MalwareBytes Antimalware via Add/Remove Programs if you wish, but I recommend you keep this and scan with it regularly as it is an excellent scanner and free of charge.

Clean up with OTMoveIt2:
  • Double-click OTMoveIt2.exe to start the program.
  • Close all other programs apart from OTMoveIt2 as this step will require a reboot
  • On the OTMoveIt main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Re-enable Spybot's TeaTimer
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Check the box labeled Resident TeaTimer and OK any prompts.
  • Use File, Exit to terminate Spybot.
  • Reboot your machine for the changes to take effect.

------------------------------------------------------------------------

If the above went well, I think your machine is clean of malware :) here are some tips to help you keep it that way:

You have good protection software installed however please ensure it is kept up to date. Check that your antivirus and antispyware programs are set to automatically update themselves daily, and that your firewall is the latest version.

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use the McAfee SiteAdvisor website or installable program which you already have installed.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. NOTE: If you use this program you should de-activate Spybot's Tea Timer as they offer similar protection.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
ASAP & UNITE Member

#14 Sonofzzoro

Sonofzzoro

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 10 May 2008 - 09:22 AM

Thanks Silver - everything was done and the system seem to be running much better. One thing I forgot to mention last time was that when I went to remove files with Movit I got the following message... Items could not be removed HKEY_CLASSES_ROOT\CLSID\{f50b3f5e-856e-4745-0bb1-b35d46ca7719} Marked it down but forgot to mention it. Thank you very much for all the help you have provided me with. I certainly could not have accomplished it without your help. Sincerely John McDonald

#15 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 10 May 2008 - 08:48 PM

Hi Sonofzzoro, You're most welcome :) I don't think we need to worry about that message, but are you sure it was OTMoveIt and not MalwareBytes Antimalware that gave you the message?
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users