Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Alerts Problem..


  • Please log in to reply
7 replies to this topic

#1 Ryoku

Ryoku

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 22 July 2007 - 10:47 PM

Yeah.. Uhh. I'm new to this HijackThis use and such so bare with me.

I have what I've read as the 'False Alerts' trojan(I think..). AKA. 'Windows has detected an internet attack attempt...' and the other messages. I get popups for 'UltimateDefender' and a seemingly down page also.

It's a real nuisance so I'd like some help. (Also, I'm sure I have a bunch of unwanted stuff if anyone would be nice enough to just look through it entirely. I must admit, I'm not very careful.)

HijackThis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:38 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1163203070\ee\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\regscan.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\Xfire\xfire.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\mysql\bin\mysqld-nt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Owner\Desktop\stinger.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ProgramChecker] C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1C9D421B-ACBC-48BB-9CED-51368BC1CE31} (HgArcadePluginJP3 Class) - http://down.hangame.co.jp/jp/dist/hgstart/...dePluginJP3.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://www.hangame.co.jp/publish/HgRunPub.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E82893F-7ED1-4811-A247-580DCC0E2629} (SFLauncherTDE Class) - http://www.sf.in.th/activex/StarterSFTDE.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O21 - SSODL: wmplayer - {B0A88943-1E3B-465B-87B4-73B0F1F78979} - C:\WINDOWS\wmplayer.dll
O21 - SSODL: wmsound - {9DD59D16-07A6-49EE-B1C8-A465590DDD03} - C:\WINDOWS\wmsound.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 11348 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 23 July 2007 - 04:53 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Ryoku :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

-------------------------------------------------

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a fresh Hijackthis log.
Posted Image
Posted Image

#3 Ryoku

Ryoku
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 23 July 2007 - 08:02 PM

Alright, I've done most of that except one thing..

Is it necessary for me to use Combofix? Because I have it on my desktop, everything closed, I don't click it. But I left it for nearly an hour and it didn't get past the message about changing the clock.. >_>


My other two logs..

SDFix..


SDFix: Version 1.93

Run by Owner on Mon 07/23/2007 at 01:04 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted
C:\Documents and Settings\Owner\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Owner\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Owner\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Owner\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\main_uninstaller.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32\regscan.exe - Deleted
C:\WINDOWS\wmplayer.dll - Deleted
C:\WINDOWS\wmsound.dll - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\ijji\\ENGLISH\\Gunz\\GunzLauncher.exe"="C:\\ijji\\ENGLISH\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"="C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\ijji\\ENGLISH\\Gunz\\BAReport.exe"="C:\\ijji\\ENGLISH\\Gunz\\BAReport.exe:*:Enabled:BAReport MFC ?? ????"
"C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\LimeWire\\LimeWire.exe"="C:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Documents and Settings\\Owner\\Desktop\\mlserver\\mlserver\\MLServer.exe"="C:\\Documents and Settings\\Owner\\Desktop\\mlserver\\mlserver\\MLServer.exe:*:Enabled:MLServer"
"C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends\\Mystera Legends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends\\Mystera Legends.exe:*:Enabled:Mystera Legends"
"C:\\Program Files\\MySQL\\MySQL Tools for 5.0\\MySQLQueryBrowser.exe"="C:\\Program Files\\MySQL\\MySQL Tools for 5.0\\MySQLQueryBrowser.exe:*:Enabled:MySQL Query Browser"
"C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends2\\Mystera Legends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends2\\Mystera Legends.exe:*:Enabled:Mystera Legends"
"C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends3\\Mystera Legends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends3\\Mystera Legends.exe:*:Enabled:Mystera Legends"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\OpenCASCADE6.1.0\\samples\\standard\\mfc\\release\\Viewer3d.exe"="C:\\OpenCASCADE6.1.0\\samples\\standard\\mfc\\release\\Viewer3d.exe:*:Enabled:Viewer 3D"
"C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KwonHoClient.exe"="C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KwonHoClient.exe:*:Enabled:KwonHoClient.exe"
"C:\\ijji\\ENGLISH\\U_KwonHoOnline\\Launcher.exe"="C:\\ijji\\ENGLISH\\U_KwonHoOnline\\Launcher.exe:*:Enabled:Launcher.exe"
"C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KISS.EXE"="C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KISS.EXE:*:Enabled:KISS.EXE"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Triggersoft\\Rose Online Evolution\\ROSEonline.exe"="C:\\Program Files\\Triggersoft\\Rose Online Evolution\\ROSEonline.exe:*:Enabled:RoseOnlineEvolution"
"C:\\Program Files\\Triggersoft\\Rose Online Evolution\\sRose.exe"="C:\\Program Files\\Triggersoft\\Rose Online Evolution\\sRose.exe:*:Enabled:sRose.exe"
"C:\\ijji\\ENGLISH\\GUNSTER.exe"="C:\\ijji\\ENGLISH\\GUNSTER.exe:*:Enabled:Gunster"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\NEXON\\MapleStory\\MapleStory.exe"="C:\\Program Files\\NEXON\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory.exe"
"C:\\Documents and Settings\\Owner\\Desktop\\Jumper Redux.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Jumper Redux.exe:*:Enabled:Jumper Redux"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:soldierfront"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Documents and Settings\\Owner\\Desktop\\Everything\\Mystera Legends3\\Mystera Legends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Everything\\Mystera Legends3\\Mystera Legends.exe:*:Enabled:Mystera Legends"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Daemons Ring\\Gunz.exe"="C:\\Program Files\\Daemons Ring\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\LegacyGamers\\MAIET\\GunZ\\LegacyGamers And MAIET Entertainment\\LGAH.exe"="C:\\Program Files\\LegacyGamers\\MAIET\\GunZ\\LegacyGamers And MAIET Entertainment\\LGAH.exe:*:Enabled:LGAH"
"C:\\Program Files\\Steam\\SteamApps\\zomaro\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\zomaro\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\zomaro\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\zomaro\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\zomaro\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\zomaro\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Hangame\\JAPANESE\\j_specialf.exe"="C:\\Hangame\\JAPANESE\\j_specialf.exe:*:Enabled:j_specialf"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Dragonfly\\Special Force\\SpecialForce.exe"="C:\\Program Files\\Dragonfly\\Special Force\\SpecialForce.exe:*:Enabled:SpecialForce"
"C:\\Program Files\\Softnyx\\WolfTeam\\NyxLauncher.exe"="C:\\Program Files\\Softnyx\\WolfTeam\\NyxLauncher.exe:*:Enabled:NyxLauncher.exe"
"C:\\Program Files\\Softnyx\\WolfTeam\\WolfTeam.bin"="C:\\Program Files\\Softnyx\\WolfTeam\\WolfTeam.bin:*:Enabled:WolfTeam.bin"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\LegacyGamers\\GunZ Online\\LegacyGamers.exe"="C:\\Program Files\\LegacyGamers\\GunZ Online\\LegacyGamers.exe:*:Enabled:Gunz"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\SkidRush\\SkidRush.exe"="C:\\Program Files\\SkidRush\\SkidRush.exe:*:Enabled:SkidRush"
"C:\\Documents and Settings\\Owner\\Desktop\\minilegends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\minilegends.exe:*:Enabled:MiniLegends"
"C:\\Documents and Settings\\Owner\\Desktop\\More random stuff\\minilegends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\More random stuff\\minilegends.exe:*:Enabled:MiniLegends"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\kookucatchumoomoo@hotmail.com\Sharing Folders\stinger113089@hotmail.com\Thumbs.db
C:\Documents and Settings\Owner\Application Data\Hangame\hgstarterjp.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2.exe
C:\Program Files\America Online 9.0\AOLphx.exe
C:\Program Files\America Online 9.0\rbm.exe
C:\Documents and Settings\Owner\Local Settings\Temp\BIT12C.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT12E.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT148.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT163.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT174.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT1A.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT1B.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT1C.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT1D.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT1E.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT20.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT201.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT202.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT203.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT206.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT20F.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT21.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT226.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT227.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT228.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT229.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT236.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT237.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT238.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT239.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT247.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT249.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT24A.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT24B.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT25B.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT25C.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT25D.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT25E.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT26B.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT26C.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT26D.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT26E.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT26F.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT27B.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT27C.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT27D.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT27E.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT28A.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT28B.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT28C.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT28D.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT299.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT29A.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT29B.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2A4.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2A5.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2A6.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2AA.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2AB.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2AC.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2AD.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2B1.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2B2.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2BA.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2C3.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2C4.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2CC.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2CD.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2CE.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2D0.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2D4.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2D5.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2D6.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2D7.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2D8.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2E0.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2E1.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2E9.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2F.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2F1.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2F5.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2F6.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2F8.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2F9.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2FA.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2FB.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT2FD.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT30.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT31.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT314.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT317.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT318.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT319.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT31A.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT31B.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT31D.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT31E.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT32.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT32C.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT32E.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT32F.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT33.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT330.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT331.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT332.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT335.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT33F.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT34.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT342.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT346.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT347.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT348.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT34A.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT35.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT353.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT45.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT46.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT47.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT48.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT49.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT4A.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BIT9.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BITA.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BITB.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BITC.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\BITD.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Random Emblems.zip\Emblem\Thumbs.db

Finished


HJT...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:51 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\AOL\1163203070\ee\aolsoftware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ProgramChecker] C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1C9D421B-ACBC-48BB-9CED-51368BC1CE31} (HgArcadePluginJP3 Class) - http://down.hangame.co.jp/jp/dist/hgstart/...dePluginJP3.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://www.hangame.co.jp/publish/HgRunPub.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E82893F-7ED1-4811-A247-580DCC0E2629} (SFLauncherTDE Class) - http://www.sf.in.th/activex/StarterSFTDE.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 10293 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 24 July 2007 - 04:54 AM

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt
* Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Posted Image
Posted Image

#5 Ryoku

Ryoku
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 24 July 2007 - 08:20 AM

Check.


main.txt...

Deckard's System Scanner v20070711.54
Run by Owner on 2007-07-24 at 07:59:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-07-24 13:00:05 UTC - RP262 - Deckard's System Scanner Restore Point
3: 2007-07-24 06:35:48 UTC - RP261 - Installed Terragen 2 Technology Preview
2: 2007-07-24 03:26:51 UTC - RP260 - Installed Terragen
1: 2007-07-23 20:30:06 UTC - RP259 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:51 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\AOL\1163203070\ee\aolsoftware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ProgramChecker] C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1C9D421B-ACBC-48BB-9CED-51368BC1CE31} (HgArcadePluginJP3 Class) - http://down.hangame.co.jp/jp/dist/hgstart/...dePluginJP3.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://www.hangame.co.jp/publish/HgRunPub.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E82893F-7ED1-4811-A247-580DCC0E2629} (SFLauncherTDE Class) - http://www.sf.in.th/activex/StarterSFTDE.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 10293 bytes

-- File Associations -----------------------------------------------------------

.ini - UltraEdit.ini - DefaultIcon - unable to read value
.ini - UltraEdit.ini - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.js - UltraEdit.js - DefaultIcon - unable to read value
.js - UltraEdit.js - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt - UltraEdit.txt - DefaultIcon - unable to read value
.txt - UltraEdit.txt - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 npkcusb - c:\program files\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 Dua1 - c:\documents and settings\owner\desktop\dualengine2\dualengi.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 GGK - c:\ggk\ggk\ggk.sys (file missing)
S3 GR - c:\documents and settings\owner\desktop\hyperolly208\gr.sys (file missing)
S3 MzBot - c:\mzbot.sys (file missing)
S3 ROCKSTAR - c:\nooblegend\ksysdrv.sys (file missing)
S3 sejt1 - c:\documents and settings\akumaengine33\akumaengine33\sejt.sys
S3 spuce1 - c:\spuce 2.0\spuce.sys
S3 XDva007 - c:\windows\system32\xdva007.sys (file missing)
S3 XDva008 - c:\windows\system32\xdva008.sys (file missing)
S3 XDva009 - c:\windows\system32\xdva009.sys (file missing)
S3 xp1 - c:\documents and settings\xpengine\xp.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S3 zenos1 - c:\zenos\zenos.sys (file missing)
S3 zenx1 - c:\zenx engine 0.31\zenx.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DNADownloader - c:\program files\gamespot\downloadmanager_win32.exe <Not Verified; CNET Networks; GameSpot Download Manager>
R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
R2 MySql - c:/mysql/bin/mysqld-nt.exe

S2 VMAuthdService (VMware Authorization Service) - c:\program files\vmware\vmware workstation\vmware-authd.exe (file missing)
S3 sassvc (ProgramCheckerPro) - c:\program files\zenturi\programchecker\sassvc.exe


-- Files created between 2007-06-24 and 2007-07-24 -----------------------------

2007-07-24 01:37:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Planetside Software
2007-07-24 01:36:00 0 d-------- C:\Program Files\Planetside Software
2007-07-24 01:31:35 0 d-------- C:\Documents and Settings\Owner\Application Data\uk.co.planetside
2007-07-23 22:29:30 0 d-------- C:\Program Files\Bluebeam Software
2007-07-23 22:26:57 0 d-------- C:\Program Files\Terragen
2007-07-23 21:17:06 0 d-------- C:\Program Files\Stardock
2007-07-23 11:52:44 0 d-------- C:\WINDOWS\ERUNT
2007-07-22 22:54:59 0 d-------- C:\WINDOWS\system32\Panda Software
2007-07-22 22:32:59 0 d-------- C:\Program Files\Trend Micro
2007-07-22 14:35:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-07-22 07:27:59 0 d-------- C:\Program Files\NewMediaCodec
2007-07-19 22:30:21 151552 --a------ C:\WINDOWS\unswat.exe <Not Verified; ; uninst Application>
2007-07-19 22:30:17 185856 --a------ C:\WINDOWS\system32\rdxp5.dll <Not Verified; Intel Corporation; Intel RDX>
2007-07-19 22:30:16 188928 --a------ C:\WINDOWS\system32\rdxmmx.dll <Not Verified; Intel Corporation; Intel RDX>
2007-07-19 22:30:16 137728 --a------ C:\WINDOWS\system32\Rdxcom.dll <Not Verified; Intel Corporation; Intel RDX>
2007-07-19 22:30:15 62976 --a------ C:\WINDOWS\system32\rdxam.dll <Not Verified; Intel Corporation; Intel RDX>
2007-07-19 22:30:13 100352 --a------ C:\WINDOWS\system32\dmix.dll <Not Verified; Intel Corporation; Intel RDX>
2007-07-19 22:30:12 92160 --a------ C:\WINDOWS\system32\dinoav.dll <Not Verified; Intel Corporation; Intel RDX>
2007-07-19 22:30:12 78848 --a------ C:\WINDOWS\system32\Dino2d.dll <Not Verified; Intel Corporation; Intel RDX>
2007-07-19 22:29:33 231936 --a------ C:\WINDOWS\system32\SNWValid.dll <Not Verified; Cendant Software; World Opponent Network>
2007-07-19 22:29:33 1053184 --a------ C:\WINDOWS\system32\SierraNW.dll <Not Verified; Cendant Software; World Opponent Network>
2007-07-19 22:29:31 0 d-------- C:\SIERRA
2007-07-19 22:29:31 0 d-------- C:\Program Files\Sierra On-Line
2007-07-04 09:51:28 0 d-------- C:\Program Files\BannedStory
2007-06-30 13:23:34 0 d-------- C:\UpshiftStrikerRacer
2007-06-29 21:36:04 0 d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame


-- Find3M Report ---------------------------------------------------------------

2007-07-24 07:58:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-07-23 11:43:25 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory
2007-07-23 08:02:10 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-07-20 15:21:38 0 d---s---- C:\Program Files\Xfire
2007-06-30 15:49:47 0 d-------- C:\Program Files\Steam
2007-06-20 17:17:02 0 d-------- C:\Program Files\Outspark
2007-06-18 08:10:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-13 19:37:37 0 d-------- C:\Program Files\AVI Movie Player
2007-06-13 19:35:46 0 d-------- C:\Program Files\GDivX Zenith Player
2007-06-13 10:01:29 0 d-------- C:\Program Files\AIM6
2007-06-13 10:01:24 0 d-------- C:\Program Files\Viewpoint
2007-06-08 20:36:56 0 d-------- C:\Program Files\GPotato
2007-06-06 16:33:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 02:31:14 0 d-------- C:\Program Files\AGEIA Technologies
2007-06-02 23:43:23 0 d-------- C:\Program Files\GameSpot
2007-06-02 15:05:56 0 d-------- C:\Program Files\SkidRush
2007-06-01 20:22:30 0 d-------- C:\Program Files\Winamp
2007-05-31 13:07:13 0 d--hs---- C:\Program Files\outlook
2007-05-30 17:57:16 0 d-------- C:\Documents and Settings\Owner\Application Data\NHN Corporation
2007-05-28 18:12:12 0 d--h----- C:\Documents and Settings\Owner\Application Data\Hangame
2007-05-16 15:17:21 240 --a------ C:\campos.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll [x]
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} c:\program files\mcafee\spamkiller\mcapfbho.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"ProgramChecker"="C:\\Program Files\\Zenturi\\ProgramChecker\\pcheckp.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
"hcsystray"="C:\\Program Files\\Kuma Games\\hcsystray\\hc_tray.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
@="C:\\Program Files\\WhatPulse\\WhatPulse.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"Steam"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"WindowBlinds"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\wbconfig.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\BigFix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\WinMySQLadmin.lnk"
"backup"="C:\\WINDOWS\\pss\\WinMySQLadmin.lnkStartup"
"location"="Startup"
"command"="C:\\mysql\\bin\\WINMYS~1.EXE "
"item"="WinMySQLadmin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Xfire.lnk"
"backup"="C:\\WINDOWS\\pss\\Xfire.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Xfire\\xfire.exe "
"item"="Xfire"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1163203070\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Idle Inter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Web Blah Team"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Owner\\APPLIC~1\\BLEHMO~1\\Web Blah Team.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="%WINDIR%\\Creator\\Remind_XP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\program files\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="shwiconem"
"hkey"="HKLM"
"command"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRUST TEAM LONG DELETE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rule bleh"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\AMEN LOGO TRUST TEAM\\rule bleh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhatPulse]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WHATPU~1"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\WHATPU~1\\WHATPU~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\autorun.exe


-- End of Deckard's System Scanner: finished at 2007-07-24 at 08:05:57 ---------






Extra.txt...

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 3100+
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 382.42 MiB / 78.15 MiB
Pagefile Memory (total/avail): 918.61 MiB / 416.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1967.57 MiB

C: is Fixed (NTFS) - 88.39 GiB total, 7.57 GiB free.
D: is Fixed (FAT32) - 4.76 GiB total, 2.23 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: AVG 7.5.476 v7.5.476 (GRISOFT)
AV: McAfee VirusScan v (McAfee) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\ijji\\ENGLISH\\Gunz\\GunzLauncher.exe"="C:\\ijji\\ENGLISH\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"="C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\ijji\\ENGLISH\\Gunz\\BAReport.exe"="C:\\ijji\\ENGLISH\\Gunz\\BAReport.exe:*:Enabled:BAReport MFC ?? ????"
"C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1163203070\\EE\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\LimeWire\\LimeWire.exe"="C:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Documents and Settings\\Owner\\Desktop\\mlserver\\mlserver\\MLServer.exe"="C:\\Documents and Settings\\Owner\\Desktop\\mlserver\\mlserver\\MLServer.exe:*:Enabled:MLServer"
"C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends\\Mystera Legends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends\\Mystera Legends.exe:*:Enabled:Mystera Legends"
"C:\\Program Files\\MySQL\\MySQL Tools for 5.0\\MySQLQueryBrowser.exe"="C:\\Program Files\\MySQL\\MySQL Tools for 5.0\\MySQLQueryBrowser.exe:*:Enabled:MySQL Query Browser"
"C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends2\\Mystera Legends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends2\\Mystera Legends.exe:*:Enabled:Mystera Legends"
"C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends3\\Mystera Legends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Mystera Legends3\\Mystera Legends.exe:*:Enabled:Mystera Legends"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\OpenCASCADE6.1.0\\samples\\standard\\mfc\\release\\Viewer3d.exe"="C:\\OpenCASCADE6.1.0\\samples\\standard\\mfc\\release\\Viewer3d.exe:*:Enabled:Viewer 3D"
"C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KwonHoClient.exe"="C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KwonHoClient.exe:*:Enabled:KwonHoClient.exe"
"C:\\ijji\\ENGLISH\\U_KwonHoOnline\\Launcher.exe"="C:\\ijji\\ENGLISH\\U_KwonHoOnline\\Launcher.exe:*:Enabled:Launcher.exe"
"C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KISS.EXE"="C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KISS.EXE:*:Enabled:KISS.EXE"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Triggersoft\\Rose Online Evolution\\ROSEonline.exe"="C:\\Program Files\\Triggersoft\\Rose Online Evolution\\ROSEonline.exe:*:Enabled:RoseOnlineEvolution"
"C:\\Program Files\\Triggersoft\\Rose Online Evolution\\sRose.exe"="C:\\Program Files\\Triggersoft\\Rose Online Evolution\\sRose.exe:*:Enabled:sRose.exe"
"C:\\ijji\\ENGLISH\\GUNSTER.exe"="C:\\ijji\\ENGLISH\\GUNSTER.exe:*:Enabled:Gunster"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\NEXON\\MapleStory\\MapleStory.exe"="C:\\Program Files\\NEXON\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory.exe"
"C:\\Documents and Settings\\Owner\\Desktop\\Jumper Redux.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Jumper Redux.exe:*:Enabled:Jumper Redux"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:soldierfront"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Documents and Settings\\Owner\\Desktop\\Everything\\Mystera Legends3\\Mystera Legends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Everything\\Mystera Legends3\\Mystera Legends.exe:*:Enabled:Mystera Legends"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Daemons Ring\\Gunz.exe"="C:\\Program Files\\Daemons Ring\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\LegacyGamers\\MAIET\\GunZ\\LegacyGamers And MAIET Entertainment\\LGAH.exe"="C:\\Program Files\\LegacyGamers\\MAIET\\GunZ\\LegacyGamers And MAIET Entertainment\\LGAH.exe:*:Enabled:LGAH"
"C:\\Program Files\\Steam\\SteamApps\\zomaro\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\zomaro\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\zomaro\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\zomaro\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\zomaro\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\zomaro\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Hangame\\JAPANESE\\j_specialf.exe"="C:\\Hangame\\JAPANESE\\j_specialf.exe:*:Enabled:j_specialf"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Dragonfly\\Special Force\\SpecialForce.exe"="C:\\Program Files\\Dragonfly\\Special Force\\SpecialForce.exe:*:Enabled:SpecialForce"
"C:\\Program Files\\Softnyx\\WolfTeam\\NyxLauncher.exe"="C:\\Program Files\\Softnyx\\WolfTeam\\NyxLauncher.exe:*:Enabled:NyxLauncher.exe"
"C:\\Program Files\\Softnyx\\WolfTeam\\WolfTeam.bin"="C:\\Program Files\\Softnyx\\WolfTeam\\WolfTeam.bin:*:Enabled:WolfTeam.bin"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\LegacyGamers\\GunZ Online\\LegacyGamers.exe"="C:\\Program Files\\LegacyGamers\\GunZ Online\\LegacyGamers.exe:*:Enabled:Gunz"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\SkidRush\\SkidRush.exe"="C:\\Program Files\\SkidRush\\SkidRush.exe:*:Enabled:SkidRush"
"C:\\Documents and Settings\\Owner\\Desktop\\minilegends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\minilegends.exe:*:Enabled:MiniLegends"
"C:\\Documents and Settings\\Owner\\Desktop\\More random stuff\\minilegends.exe"="C:\\Documents and Settings\\Owner\\Desktop\\More random stuff\\minilegends.exe:*:Enabled:MiniLegends"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CASROOT=C:\Program Files\Mozilla Firefox\win32\ros
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-04D6EC899B
ComSpec=C:\WINDOWS\system32\cmd.exe
CSF_EXCEPTION_PROMPT=1
CSF_GraphicShr=C:\Program Files\Mozilla Firefox\win32\ros\win32\bin\TKOpenGl.dll
CSF_IGESDefaults=C:\Program Files\Mozilla Firefox\win32\ros\src\XSTEPResource
CSF_LANGUAGE=us
CSF_MDTVFontDirectory=C:\Program Files\Mozilla Firefox\win32\ros\src\FontMFT
CSF_MDTVTexturesDirectory=C:\Program Files\Mozilla Firefox\win32\ros\src\Textures
CSF_PluginDefaults=C:\Program Files\Mozilla Firefox\win32\ros\src\StdResource
CSF_SHMessage=C:\Program Files\Mozilla Firefox\win32\ros\src\SHMessage
CSF_StandardDefaults=C:\Program Files\Mozilla Firefox\win32\ros\src\StdResource
CSF_StandardLiteDefaults=C:\Program Files\Mozilla Firefox\win32\ros\src\StdResource
CSF_STEPDefaults=C:\Program Files\Mozilla Firefox\win32\ros\src\XSTEPResource
CSF_UnitsDefinition=C:\Program Files\Mozilla Firefox\win32\ros\src\UnitsAPI\Units.dat
CSF_UnitsLexicon=C:\Program Files\Mozilla Firefox\win32\ros\src\UnitsAPI\Lexi_Expr.dat
CSF_XCAFDefaults=C:\Program Files\Mozilla Firefox\win32\ros\src\StdResource
CSF_XmlOcafResource=C:\Program Files\Mozilla Firefox\win32\ros\src\XmlOcafResource
CSF_XSMessage=C:\Program Files\Mozilla Firefox\win32\ros\src\XSMessage
FB_FILE=/dev/ogll
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-04D6EC899B
MMGT_CLEAR=1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Mozilla Firefox\win32\3rdparty\win32\vs;C:\Program Files\Mozilla Firefox\win32\3rdparty\win32\tcltk\bin;C:\Program Files\Mozilla Firefox\win32\ros\win32\bin;C:\OpenCASCADE6.1.0\3rdparty\win32\vs;C:\OpenCASCADE6.1.0\3rdparty\win32\tcltk\bin;C:\OpenCASCADE6.1.0\ros\win32\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\IDM Computer Solutions\UltraEdit-32
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCLLIBPATH=C:\Program Files\Mozilla Firefox\win32\3rdparty\win32\tcltk\lib
TCL_LIBRARY=C:\Program Files\Mozilla Firefox\win32\3rdparty\win32\tcltk\lib\tcl8.4
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TIX_LIBRARY=C:\Program Files\Mozilla Firefox\win32\3rdparty\win32\tcltk\lib\tix8.1
TK_LIBRARY=C:\Program Files\Mozilla Firefox\win32\3rdparty\win32\tcltk\lib\tk8.4
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-04D6EC899B
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
WEB_BROWSER=C:\Program Files\Internet Explorer\IEXPLORE.EXE
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
--> MsiExec /X{C6996F17-9233-49EB-8084-E73E5272DAF4}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
AGEIA PhysX v7.05.05 --> MsiExec.exe /X{C6996F17-9233-49EB-8084-E73E5272DAF4}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
America's Army --> MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Arx Fatalis Demo --> "C:\Program Files\Steam\steam.exe" steam://uninstall/1710
AuditionSEA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{979830F1-8955-44EC-881F-1F82ED7B1127}\Setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI Movie Player --> C:\Program Files\AVI Movie Player\uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
BitComet 0.84 --> C:\Program Files\BitComet\uninst.exe
BitDownload 1.5.3 --> C:\Program Files\BitDownload\Uninstall.exe
BRL-CAD --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5E0E57A0-22F1-41C5-9589-002ABD9017B8}
Cellfactor Revolution --> C:\Program Files\Timeline Interactive\Cellfactor Revolution\uninst.exe
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Crimson Editor (remove only) --> C:\Program Files\Crimson Editor\uninstall.exe
Daemons Ring 3/3/07 --> C:\Program Files\Daemons Ring\Uninstall.exe
Demo Virtual EVE --> MsiExec.exe /X{4F9902F1-D910-4CE4-BAD1-D3A8C1B12B2A}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Dofus-Arena beta 13 --> C:\Program Files\Dofus-Arena\uninstall.exe
Elysium Diamond --> C:\Program Files\Elysium\Elysium Diamond\Uninstall.exe
eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Game Cam v1.4 --> MsiExec.exe /I{EBE7050B-7988-4BC3-BBFD-5C6828859483}
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
GDivX Zenith Player --> "C:\Program Files\GDivX Zenith Player\GDivX-Uninstall.exe"
GhostOnline --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{681A8EDE-895C-4586-B79A-62270476A459}\setup.exe" -l0x9
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
GTA San Andreas Admin Console --> C:\PROGRA~1\GTASAC~1\UNWISE.EXE C:\PROGRA~1\GTASAC~1\INSTALL.LOG
GTASA Ultimate Editor 3.6.6 --> "C:\Documents and Settings\Owner\Desktop\GTAMods\GTASA Ultimate Editor\unins000.exe"
Hamachi 1.0.1.1 --> C:\Program Files\Hamachi\uninstall.exe
Hangame --> C:\Hangame\JAPANESE\HanUninstallJp.exe
HHD Software Free Hex Editor 3.12 --> "C:\Program Files\HHD Software\Hex Editor 3.x\Uninstaller.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Jarte --> "C:\Program Files\Jarte\unins000.exe"
KartRider --> "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33562881 -locale:US
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
LastChaos --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}\Setup.exe" -l0x9
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Lost Planet: Extreme Conditions Demo --> "C:\Program Files\Steam\steam.exe" steam://uninstall/6530
MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEC511B1-59CB-4F15-AD75-0543034572A5}\Setup.exe"
McAfee Uninstall Wizard --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MySQL Servers and Clients 4.0.18 --> C:\WINDOWS\IsUninst.exe -fC:\mysql\Uninst.isu
MySQL Tools for 5.0 --> MsiExec.exe /I{01A91670-7CB3-443D-8955-116689A121AA}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nostale Online (Remove) --> "C:\Program Files\Nostale\uninstall.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Photoshop Plug-ins --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23F79416-CAD1-41BF-99A3-040F6C814AAA}\Setup.exe" -l0x9
O2Jam (e-Games) v.3.50 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5CD3E08-6B73-471A-93D1-63C7F32118C1}\Setup.exe" -l0x9
Open CASCADE Technology 6.1.0 --> C:\Program Files\Mozilla Firefox\win32\uninstall\win32\uninstallWindows.exe
Opera 9.20 --> MsiExec.exe /X{E5EC3E84-F3D6-4ECB-9486-69FCF11694B3}
OutsparkLauncher --> MsiExec.exe /I{24F0A080-C8B6-463D-9E7D-CB3E970C390D}
Panda TotalScan --> C:\WINDOWS\system32\Panda Software\ActiveScan2\ascuninst.exe
PHANTASY STAR ONLINE Blue Burst --> "C:\Program Files\SEGA\PHANTASY STAR ONLINE Blue Burst\uninst\unins000.exe"
Playa!TraX --> MsiExec.exe /I{04F88D81-A093-4CB1-96A8-8FDB5BBDDAD6}
Police Quest: SWAT2 --> C:\WINDOWS\unswat.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProgramChecker --> MsiExec.exe /I{FE047432-CD76-41F9-88FA-1AD225604FFB}
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Rakion International --> "C:\Program Files\Softnyx\Rakion\unins000.exe"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Record of Lunia war --> "c:\LuniaGSP_CB\uninstall.exe"
Rose Online Evolution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{326A2DF2-7823-45D0-BFCC-31B6A5E38095}\setup.exe" -l0x9 -removeonly
RYL2 - Incomplete Union v1.6.7.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81493ECE-6BD4-4972-B7DB-A0134C0A0D3F}\Setup.exe" -l0x9
San Andreas Mod Installer --> "C:\WINDOWS\San Andreas Mod Installer\uninstall.exe" "/U:C:\Documents and Settings\Owner\Desktop\SAMI\Uninstall\uninstall.xml"
Scions of Fate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BEAE6EC-0207-41F1-BE70-9AC1FB2215FD}\setup.exe" -l0x9 -removeonly
ScriptEditor2 (remove only) --> "C:\Program Files\BrineSoft\ScriptEditor2\Uninstall_ScriptEditor.exe"
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) -->
ShootOutClient Version 1.0 --> C:\Program Files\Kuma Games\uninst.exe
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SkidRush --> "C:\Program Files\SkidRush\uninstall.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Soldier Front --> C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe -runfromtemp -l0x0009 -removeonly
SolidWorks 2004 SP0 --> MsiExec.exe /I{DC76EAE7-72B6-442E-AAD0-6A67F915C23D}
SpaceCowboy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52A690A0-DC0A-4B80-B4D2-4E6D5C1C9B9C}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stubbs The Zombie Demo --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7820
Terragen --> MsiExec.exe /I{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}
Terragen 2 Technology Preview --> MsiExec.exe /I{E10BFE14-8739-414D-87EA-6C2358CAF646}
The Realm 3.0 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Realm3\Uninst.isu
The World --> C:\Program Files\The World\Uninstal.exe
Trickster Online --> C:\Program Files\Trickster Online\uninst.exe
UltraEdit-32 --> "C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
Uninstall U_KwonHoOnline --> "C:\ijji\ENGLISH\U_KwonHoOnline\uninstall.exe"
UpshiftStrikerRacer --> c:\UpshiftStrikerRacer\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VMware Workstation --> MsiExec.exe /I{98D1A713-438C-4A23-8AB6-41B37C4A2D47}
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
WhatPulse --> C:\Program Files\WhatPulse\Uninstal.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
WinID --> C:\Program Files\WinID\Uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
WolfTeam International --> "C:\Program Files\Softnyx\WolfTeam\unins000.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XLnow OnScript 2.0 --> MsiExec.exe /I{D9671DEF-939C-4525-AAF8-D67EC43D6904}


-- End of Deckard's System Scanner: finished at 2007-07-24 at 08:05:57 ---------

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 24 July 2007 - 08:42 AM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

-------------------------------------------

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

Viewpoint
Viewpoint Manager
Viewpoint Media Player


Then restart your pc.
-------------------------------------------

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge it into the registry,then reboot.

REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Idle Inter]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRUST TEAM LONG DELETE]

-------------------------------------------

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Exit Hijackthis.

Find and delete:
C:\Program Files\NewMediaCodec
C:\Program Files\Viewpoint
C:\Program Files\outlook

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 Ryoku

Ryoku
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 24 July 2007 - 11:15 AM

I must say, my computer is going amazingly faster now. Thanks alot for the help. Here are the logs.

If there's anything else I should do, tell me.




SUPERAntiSpyware log...



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/24/2007 at 10:57 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Quick Scan
Total Scan Time : 01:05:23

Memory items scanned : 397
Memory threats detected : 0
Registry items scanned : 904
Registry threats detected : 0
File items scanned : 29594
File threats detected : 19

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt

Adware.Zango Toolbar/Hb
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\IESkins
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoOI\dynamic
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoOI
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoOL\dynamic
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoOL
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\zbar_1173942795.log
C:\Documents and Settings\Owner\Application Data\ZangoToolbar

Trojan.IEObject/Win
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\IECODECPLG.DLL.Q_2CFBA01_Q

Adware.180solutions/ZangoSearch
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\EVERYTHING\SETUP.EXE








HJT log...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13, on 2007-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\AOL\1163203070\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ProgramChecker] C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1C9D421B-ACBC-48BB-9CED-51368BC1CE31} (HgArcadePluginJP3 Class) - http://down.hangame.co.jp/jp/dist/hgstart/...dePluginJP3.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://www.hangame.co.jp/publish/HgRunPub.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E82893F-7ED1-4811-A247-580DCC0E2629} (SFLauncherTDE Class) - http://www.sf.in.th/activex/StarterSFTDE.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 10228 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 24 July 2007 - 02:37 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
SDFix.exe
dss.exe
fix.reg
main.txt
extra.txt
Combofix.exe

C:\SDFix
C:\QOOBOX

--------------------------------------------

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

--------------------------------------------

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

-------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users