Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Visual C++ Runtime Error


  • Please log in to reply
4 replies to this topic

#1 AlexZ

AlexZ

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 22 August 2007 - 12:59 AM

Hey guys, just recently I've been getting an error thats says:

"Microsoft Visual C++ Runtime Library

Runtime Error!

Program C:\Windows\explorer.exe

This application has requested the runtime to exit in an unusual way.
Please contact the applications support team for more information."



When I hit OK, explorer.exe closes, then opens, then the error comes back. It does that over and over.

Heres my HJT log. Let me know if theres anything I can do.


Logfile of HijackThis v1.99.1
Scan saved at 1:58:43 AM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alex Administrator\My Documents\Protection\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alex Administrator\Application Data\Mozilla\Profiles\default\o7k2ppqv.slt\prefs.js)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\xrudxfvd.dll",forkonce
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SkateTycoon2004.exe] C:\DOCUME~1\ALEXAD~1\DESKTOP\SKATET~1.EXE /r
O4 - HKCU\..\Run: [CryptoForge] "C:\Program Files\CryptoForge\CFFiles.exe" "hide"
O4 - HKCU\..\Run: [deskillusion.exe] C:\Documents and Settings\Alex Administrator\Desktop\deskillusion_v1_1\deskillusion.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jrheclos.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 22 August 2007 - 07:09 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum AlexZ :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 AlexZ

AlexZ
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 22 August 2007 - 02:33 PM

ComboFix 07-08-22.4 - "Alex Administrator" 2007-08-22 14:21:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.115 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALEXAD~1\APPLIC~1\install.dat
C:\Program Files\asks~1
C:\Program Files\asks~1\?asks\
C:\Program Files\codec_setup.exe
C:\Program Files\Magicantispy
C:\Program Files\Magicantispy\Magicantispy.exe
C:\Program Files\Magicantispy\Magicantispy.lic
C:\Program Files\Magicantispy\Magicantispy0.my
C:\Program Files\Magicantispy\Magicantispy1.my
C:\Program Files\Magicantispy\Uninstall.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\system32\acbfwvje.exe
C:\WINDOWS\SYSTEM32\alomdlno.ini
C:\WINDOWS\system32\amrfkmqy.exe
C:\WINDOWS\system32\anuhxooa.exe
C:\WINDOWS\system32\avfuqkvb.exe
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\aykbodes.exe
C:\WINDOWS\system32\bhpxrmgy.exe
C:\WINDOWS\system32\brjumamh.exe
C:\WINDOWS\system32\bsefxgwr.exe
C:\WINDOWS\system32\caqduyrg.exe
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
C:\WINDOWS\system32\cpdrwfet.exe
C:\WINDOWS\system32\cruwndxh.exe
C:\WINDOWS\SYSTEM32\ddeeg.bak1
C:\WINDOWS\SYSTEM32\ddeeg.bak2
C:\WINDOWS\SYSTEM32\ddeeg.ini
C:\WINDOWS\system32\dgyrkcjl.exe
C:\WINDOWS\system32\dhwjmjdl.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\SYSTEM32\dvfxdurx.ini
C:\WINDOWS\system32\dvuqmxar.exe
C:\WINDOWS\system32\dwjgwxeg.dll
C:\WINDOWS\system32\edhwlukh.exe
C:\WINDOWS\system32\ersyndgx.exe
C:\WINDOWS\system32\evriuicd.dll
C:\WINDOWS\system32\febckfux.exe
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\SYSTEM32\gexwgjwd.ini
C:\WINDOWS\system32\gfrawmkq.exe
C:\WINDOWS\system32\ggnyualm.exe
C:\WINDOWS\SYSTEM32\giowoxmw.ini
C:\WINDOWS\system32\hdywycdf.exe
C:\WINDOWS\system32\hggdbyv.dll
C:\WINDOWS\system32\hhaayegt.exe
C:\WINDOWS\SYSTEM32\hlhusxxp.ini
C:\WINDOWS\system32\iifggge.dll
C:\WINDOWS\system32\ioqpypss.exe
C:\WINDOWS\system32\ipcccdwn.dll
C:\WINDOWS\system32\iscxaele.exe
C:\WINDOWS\SYSTEM32\ixxurmws.ini
C:\WINDOWS\system32\jfjqasop.exe
C:\WINDOWS\system32\jhdiutup.exe
C:\WINDOWS\system32\jkkkhfd.dll
C:\WINDOWS\SYSTEM32\jtpstqun.ini
C:\WINDOWS\system32\klsaxknn.exe
C:\WINDOWS\system32\kvqnynhw.exe
C:\WINDOWS\system32\legnysdg.exe
C:\WINDOWS\system32\lgxxvkbb.exe
C:\WINDOWS\system32\loixsnpq.exe
C:\WINDOWS\system32\lrpmutds.exe
C:\WINDOWS\system32\ltbmwgki.exe
C:\WINDOWS\system32\lydxswgj.exe
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mawnnjyr.exe
C:\WINDOWS\system32\mbumpwss.exe
C:\WINDOWS\system32\mlmmnrsc.exe
C:\WINDOWS\system32\mmnoxiyg.exe
C:\WINDOWS\system32\mpmvtluy.exe
C:\WINDOWS\system32\mrbortth.exe
C:\WINDOWS\system32\msnmafdg.exe
C:\WINDOWS\system32\mwfkqrbw.exe
C:\WINDOWS\SYSTEM32\nbeammlp.ini
C:\WINDOWS\system32\nuhxpgrw.dll
C:\WINDOWS\system32\nuqtsptj.dll
C:\WINDOWS\system32\nvkpxcjn.exe
C:\WINDOWS\SYSTEM32\nwdcccpi.ini
C:\WINDOWS\system32\onldmola.dll
C:\WINDOWS\system32\oyvtimat.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pcyllxpa.exe
C:\WINDOWS\system32\plmmaebn.dll
C:\WINDOWS\system32\pmnnlkj.dll
C:\WINDOWS\system32\pommavkf.exe
C:\WINDOWS\SYSTEM32\pqtss.bak1
C:\WINDOWS\SYSTEM32\pqtss.bak2
C:\WINDOWS\SYSTEM32\pqtss.ini
C:\WINDOWS\SYSTEM32\pqtss.ini2
C:\WINDOWS\SYSTEM32\pqtss.tmp
C:\WINDOWS\system32\pswihisw.exe
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\pxdisuvr.dll
C:\WINDOWS\system32\pxxsuhlh.dll
C:\WINDOWS\system32\qkhmgspb.exe
C:\WINDOWS\system32\qomjkih.dll
C:\WINDOWS\system32\qpialehu.exe
C:\WINDOWS\system32\rrxxnjjv.exe
C:\WINDOWS\SYSTEM32\rvusidxp.ini
C:\WINDOWS\system32\slbgigwx.exe
C:\WINDOWS\system32\sofdqnjm.exe
C:\WINDOWS\system32\swdaxnko.exe
C:\WINDOWS\system32\swmruxxi.dll
C:\WINDOWS\system32\tfuqioxs.exe
C:\WINDOWS\system32\tkngqunn.exe
C:\WINDOWS\system32\tpaigfvi.exe
C:\WINDOWS\SYSTEM32\tstwa.bak1
C:\WINDOWS\SYSTEM32\tstwa.bak2
C:\WINDOWS\SYSTEM32\tstwa.ini
C:\WINDOWS\system32\uoxdubew.exe
C:\WINDOWS\system32\vfkpxyji.exe
C:\WINDOWS\system32\voicwsip.exe
C:\WINDOWS\system32\vtuuuvu.dll
C:\WINDOWS\system32\vuftdxiw.exe
C:\WINDOWS\system32\vukpadcy.exe
C:\WINDOWS\system32\vyerbpom.exe
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wdtujrfc.exe
C:\WINDOWS\system32\wehplvga.exe
C:\WINDOWS\system32\wftdnkpl.exe
C:\WINDOWS\system32\wmxowoig.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wptgfwyj.exe
C:\WINDOWS\SYSTEM32\wrgpxhun.ini
C:\WINDOWS\system32\wysrquuf.exe
C:\WINDOWS\system32\xdcfiufa.exe
C:\WINDOWS\system32\xrudxfvd.dll
C:\WINDOWS\system32\ydneyscu.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF
-------\LEGACY_SFSYNC02
-------\DomainService
-------\NPF
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 )))))))))))))))))))))))))))))))


2007-08-22 15:13 34,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sbapifs.sys
2007-08-22 14:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-22 14:01 1,544 --a------ C:\WINDOWS\SYSTEM32\SBRC.dat
2007-08-20 13:58 66,872 --a------ C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-08-20 13:58 22,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PnkBstrK.sys
2007-08-20 13:58 103,736 --a------ C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-08-19 20:07 <DIR> d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\InstallShield
2007-08-19 19:56 <DIR> d-------- C:\Program Files\XBList
2007-08-19 19:56 <DIR> d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\XBList
2007-08-17 20:32 <DIR> d-------- C:\Program Files\IDoser v4
2007-08-17 03:04 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-11 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-06 00:51 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-08-04 17:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-08-04 17:32 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-08-04 17:32 <DIR> d-------- C:\Program Files\Autodesk
2007-08-04 17:21 <DIR> d-------- C:\3dsmax9Trial
2007-08-04 16:48 <DIR> d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\MilkShape 3D 1.x.x
2007-08-04 16:47 <DIR> d-------- C:\Program Files\MilkShape 3D 1.8.1b
2007-08-04 14:02 <DIR> d-------- C:\VundoFix Backups
2007-08-04 13:07 90,786 --a------ C:\WINDOWS\wubi-uninstall.exe
2007-07-31 13:36 <DIR> d-------- C:\Program Files\AnalogX
2007-07-28 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-28 02:29 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-28 02:08 15,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sbhr.sys
2007-07-28 02:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2007-07-28 02:07 <DIR> d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\Sunbelt Software
2007-07-28 02:05 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-07-27 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-27 23:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-27 20:53 6,466 --ahs---- C:\WINDOWS\SYSTEM32\llnmp.bak1
2007-07-27 15:42 <DIR> d-------- C:\Program Files\JFK Reloaded
2007-07-26 19:01 <DIR> d-------- C:\WINDOWS\pss
2007-07-26 18:23 <DIR> d-------- C:\Program Files\Common Files\AOLSHARE
2007-07-26 00:15 <DIR> dr-h----- C:\DOCUME~1\ALEXAD~1\APPLIC~1\SecuROM
2007-07-26 00:13 81,768 --a------ C:\WINDOWS\SYSTEM32\xinput1_3.dll
2007-07-26 00:13 443,752 --a------ C:\WINDOWS\SYSTEM32\d3dx10_33.dll
2007-07-26 00:13 3,495,784 --a------ C:\WINDOWS\SYSTEM32\d3dx9_33.dll
2007-07-26 00:13 2,414,360 --a------ C:\WINDOWS\SYSTEM32\d3dx9_31.dll
2007-07-26 00:13 1,123,696 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_33.dll
2007-07-25 23:54 <DIR> d-------- C:\Program Files\World In Conflict
2007-07-24 23:55 <DIR> d-------- C:\Program Files\Souptoys
2007-07-24 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Souptoys
2007-07-24 23:55 <DIR> d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\Souptoys
2007-07-24 18:41 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2007-07-24 18:41 <DIR> d-------- C:\Program Files\VstPlugins
2007-07-24 18:39 <DIR> d-------- C:\Program Files\Image-Line


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-22 15:15 --------- d-------- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\VMware
2007-08-22 15:14 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\VMware
2007-08-22 15:14 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-08-22 15:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
2007-08-20 19:39 --------- d-------- C:\Program Files\EA SPORTS
2007-08-20 19:28 --------- d-------- C:\Program Files\Steam
2007-08-20 19:26 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\Skype
2007-08-20 19:26 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\Skype
2007-08-20 19:07 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\uTorrent
2007-08-20 19:07 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\uTorrent
2007-08-19 20:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-06 12:37 0 -r-hs---- C:\config.sys
2007-07-28 20:54 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\teamspeak2
2007-07-28 20:54 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\teamspeak2
2007-07-28 20:53 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-07-28 12:20 --------- d-------- C:\Program Files\Creative
2007-07-28 02:02 5031424 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-07-28 01:53 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-07-27 23:31 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-27 20:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-27 11:28 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\Hamachi
2007-07-27 11:28 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\Hamachi
2007-07-26 18:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-07-26 18:14 --------- d-------- C:\Program Files\Google
2007-07-26 00:15 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-23 20:31 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\Azureus
2007-07-23 20:31 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\Azureus
2007-07-21 21:55 --------- d-------- C:\Program Files\PlayLinc
2007-07-11 14:30 --------- d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2007-07-10 22:15 --------- d-------- C:\Program Files\Yahoo!
2007-06-28 18:37 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\OpenOffice.org2
2007-06-28 18:37 --------- d-------- C:\DOCUME~1\ALEXAD~1\APPLIC~1\OpenOffice.org2
2007-06-28 01:14 535040 --a------ C:\WINDOWS\flashax.exe
2007-06-28 01:14 12288 --a------ C:\WINDOWS\impborl.dll
2007-06-27 17:22 --------- d-------- C:\Program Files\MSN Messenger
2007-06-26 11:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 14:37 27376 --a------ C:\WINDOWS\system32\SBBD.exe
2007-06-14 14:09 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-15 12:45 5459968 --a------ C:\Program Files\SFX Machine Pro.dll
2007-01-12 16:49 25770 --a------ C:\Program Files\SFX Machine Pro Read Me.rtf
2005-12-16 17:06 1157632 --a------ C:\DOCUME~1\ALEXAD~1\wally_155b.exe
2004-10-31 07:21 408576 --a--c--- C:\DOCUME~1\DELL\PREODM.EXE
2004-08-24 16:09 155648 --ah-c--- C:\DOCUME~1\DELL\PRIMOSDK.DLL
2004-08-24 16:05 360448 --ah-c--- C:\DOCUME~1\DELL\PX.DLL
2004-08-24 16:04 339968 --ah-c--- C:\DOCUME~1\DELL\PXWAVE.DLL
2004-08-24 16:04 159744 --ah-c--- C:\DOCUME~1\DELL\PXMAS.DLL
2004-08-18 02:01 389120 --ah-c--- C:\DOCUME~1\DELL\PXDRV.DLL
2004-08-02 03:03 57344 --ah-c--- C:\DOCUME~1\DELL\PXHPINST.EXE
2004-08-02 03:03 54976 --ah-c--- C:\DOCUME~1\DELL\PXHELP64.SYS
2004-08-02 03:03 53760 --ah-c--- C:\DOCUME~1\DELL\PXINSA64.EXE
2004-08-02 03:03 32272 --ah-c--- C:\DOCUME~1\DELL\PXHELPER.SYS
2004-08-02 03:03 26720 --ah-c--- C:\DOCUME~1\DELL\PXHLPA64.SYS
2004-08-02 03:03 20576 --ah-c--- C:\DOCUME~1\DELL\PXHELP20.SYS
2004-08-02 03:03 104960 --ah-c--- C:\DOCUME~1\DELL\PXINSI64.EXE
2004-07-28 02:00 57344 --ah-c--- C:\DOCUME~1\DELL\PXSETUP.EXE
2004-07-28 02:00 56832 --ah-c--- C:\DOCUME~1\DELL\PXCPYA64.EXE
2004-07-28 02:00 108544 --ah-c--- C:\DOCUME~1\DELL\PXCPYI64.EXE
2004-05-27 10:23 28672 --a--c--- C:\DOCUME~1\DELL\ATAPI.EXE
2004-05-27 10:23 132 --a--c--- C:\DOCUME~1\DELL\USBS3KB.REG
2004-05-20 02:00 28672 --ah-c--- C:\DOCUME~1\DELL\VXBLOCK.DLL
2002-07-25 17:46 28672 --a--c--- C:\DOCUME~1\DELL\UWAKEON.EXE
2002-07-25 17:45 28672 --a--c--- C:\DOCUME~1\DELL\UWAKEOFF.EXE
1999-08-25 16:17 79024 --a--c--- C:\DOCUME~1\DELL\EXPRESS.EXE
1999-07-14 19:44 13043 --a--c--- C:\DOCUME~1\DELL\DOSXPRES.EXE
1995-07-11 11:50 398416 --a--c--- C:\DOCUME~1\DELL\VBRUN300.DLL
2001-09-03 16:21:20 309,453 -csha-w C:\WINDOWS\rsx.exe
2005-04-12 21:21:24 56 -csh--r C:\WINDOWS\SYSTEM32\D95719E0BE.sys
2007-04-24 20:55:35 1,994 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E224053-B0F3-4350-ADF1-3E346CF19297}]
C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{141A6B8A-D76D-82E9-491B-8D8DB8238698}]
C:\WINDOWS\system32\pmfy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ADA0CED-CD2C-48CA-91DA-175F7CB68ED6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35AF7835-4E45-4073-8913-1E19ECAF1DA6}]
C:\WINDOWS\system32\vturr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{426E44F2-C50D-4363-86EB-34A30C066AD5}]
C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F9FD11-CC19-425F-8A95-3439F32D46B0}]
C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{842E6130-74D5-4D11-87A9-911A37C41254}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A758E303-F521-4940-A0A7-D309C1B54E13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB8A7186-2AE9-4026-AA60-941C48378EEC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 15:33]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 23:17]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-12 22:24]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2005-10-06 18:12]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 07:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 07:43]
"SkateTycoon2004.exe"="C:\DOCUME~1\ALEXAD~1\DESKTOP\SKATET~1.exe" []
"CryptoForge"="C:\Program Files\CryptoForge\CFFiles.exe" []
"deskillusion.exe"="C:\Documents and Settings\Alex Administrator\Desktop\deskillusion_v1_1\deskillusion.exe" []
"Microdesk"="" []
"Aim6"="" []

C:\DOCUME~1\ALEXAD~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-13 23:36:09]
DESKTOP.INI [2004-08-10 15:04:12]

C:\DOCUME~1\Guest\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 15:04:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedd]
C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll]
C:\WINDOWS\system32\pmnll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqp]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutt]
C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 22:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Extreme Messenger for AIM]
C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1107710071\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
"C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winsecure Antivirus]
SECUREANTIVIRUS.EXE

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

*Newly Created Service* - SBAPIFS

Contents of the 'Scheduled Tasks' folder
2007-08-21 16:41:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2006-05-21 04:21:23 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-22 15:14:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-22 15:19:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-22 15:19

--- E O F ---




------------------------------------------------------------------------------
HIJACK THIS LOG






Logfile of HijackThis v1.99.1
Scan saved at 3:32:48 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex Administrator\My Documents\Protection\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.activation.screenname", "AmericnIdiot15");
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("intl.charsetmenu.browser.cache", "UTF-16LE, UTF-8, ISO-8859-1");
user_pref("network.cookie.prefsMigrated", true);
user_pref("prefs.converted-to-utf8", true);
user_pref("privacy.popups.first_popup", false);
user_pref("security.warn_submit_insecure", false);
user_pref("signon.Sign
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E224053-B0F3-4350-ADF1-3E346CF19297} - C:\WINDOWS\system32\ddayv.dll (file missing)
O2 - BHO: (no name) - {141A6B8A-D76D-82E9-491B-8D8DB8238698} - C:\WINDOWS\system32\pmfy.dll (file missing)
O2 - BHO: (no name) - {2ADA0CED-CD2C-48CA-91DA-175F7CB68ED6} - (no file)
O2 - BHO: (no name) - {35AF7835-4E45-4073-8913-1E19ECAF1DA6} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: (no name) - {426E44F2-C50D-4363-86EB-34A30C066AD5} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {69F9FD11-CC19-425F-8A95-3439F32D46B0} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {842E6130-74D5-4D11-87A9-911A37C41254} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A758E303-F521-4940-A0A7-D309C1B54E13} - (no file)
O2 - BHO: (no name) - {CB8A7186-2AE9-4026-AA60-941C48378EEC} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SkateTycoon2004.exe] C:\DOCUME~1\ALEXAD~1\DESKTOP\SKATET~1.EXE /r
O4 - HKCU\..\Run: [CryptoForge] "C:\Program Files\CryptoForge\CFFiles.exe" "hide"
O4 - HKCU\..\Run: [deskillusion.exe] C:\Documents and Settings\Alex Administrator\Desktop\deskillusion_v1_1\deskillusion.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll (file missing)
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll (file missing)
O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Edited by AlexZ, 22 August 2007 - 02:34 PM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 23 August 2007 - 07:14 AM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {0E224053-B0F3-4350-ADF1-3E346CF19297} - C:\WINDOWS\system32\ddayv.dll (file missing)
O2 - BHO: (no name) - {141A6B8A-D76D-82E9-491B-8D8DB8238698} - C:\WINDOWS\system32\pmfy.dll (file missing)
O2 - BHO: (no name) - {2ADA0CED-CD2C-48CA-91DA-175F7CB68ED6} - (no file)
O2 - BHO: (no name) - {35AF7835-4E45-4073-8913-1E19ECAF1DA6} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: (no name) - {426E44F2-C50D-4363-86EB-34A30C066AD5} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {69F9FD11-CC19-425F-8A95-3439F32D46B0} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {842E6130-74D5-4D11-87A9-911A37C41254} - (no file)
O2 - BHO: (no name) - {A758E303-F521-4940-A0A7-D309C1B54E13} - (no file)
O2 - BHO: (no name) - {CB8A7186-2AE9-4026-AA60-941C48378EEC} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll (file missing)
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll (file missing)
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll (file missing)
O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)


Find and delete:
C:\WINDOWS\flashax.exe
C:\WINDOWS\SYSTEM32\llnmp.bak1

You’re running msconfig in Auto mode which means that you may have selectively unchecked some items in the past from starting up with Windows.
This can be bad if they’re malware, so please re-enable those startup entries by doing the following:
Click on Start>Run,type msconfig and then press Enter.
When the ‘System Configuration Utility’ opens click on the ‘Startup’ tab,make sure all the boxes are checkmarked.
Then press Apply/Ok to exit the utility.
Restart your pc at the prompt.

Post a new Hijackthis log.
Let me know how your pc is running now.
Posted Image
Posted Image

#5 AlexZ

AlexZ
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 23 August 2007 - 04:04 PM

Actually, after I did the first fix, its running smoothly. Ill do the other if any problems arise. Thanks alot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users