Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysterious Infection [source Unknown]


  • Please log in to reply
13 replies to this topic

#1 zone22

zone22

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 08 December 2007 - 07:28 PM

I'm not sure what's infecting my computer. I use AVG free edition, for spyware I use spy bot search and destroy, ad aware and a-squared Free. For my firewall I use ActiveArmor Firewall. it's on the highest security setting and and has been customized for optimal protection.

I run the anti-spyware least twice a week and my antivirus software every 24 hours.
I don't have high-speed Internet at my current location. I packed up my rig and went over to a friends house and played a few online games such as unreal tournament 2007 and so on.

While I was there I download a patch overnight for unreal 2007 from a trusted site. When I woke up and looked at the computer and there was tons of ads and AVG was quarantine viruses. so I went through ran the anti-spare where and AVG programs and cleaned out supposedly everything. later that day some of the stuff started popping back up. There must be a Trojan or something like that downloading that crap. I went online and scanned my computer for viruses and stuff. Nothing showed up. Then I went to some trusted sites to test my firewall and it came out clean. even on my 26k connection with 2.5k download speed at home I'm still having problems.

While you're analyzing the log also look for any programs or services that are junk or that can be turned on manually.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:11 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\Fraps\FRAPS.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\PROGRA~1\PeoplePC\ISP6300\Browser\PPShared.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\Program Files\PeoplePC Accelerated\PeoplePC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E10C98B-7EAA-4744-AF9F-AE3965675B08} - (no file)
O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - (no file)
O2 - BHO: (no name) - {53576182-8680-4434-929B-E48FB2E52455} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - WWW Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F223A063-32B7-4057-856D-A4608CA8DC88}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: winhhn32 - C:\WINDOWS\SYSTEM32\winhhn32.dll
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O20 - Winlogon Notify: xxywvvt - xxywvvt.dll (file missing)
O21 - SSODL: E404Helper - {97a77185-aa21-42df-bc31-e960bdb928f6} - e404d.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 12219 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 09 December 2007 - 10:11 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum zone22
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 zone22

zone22
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 09 December 2007 - 03:06 PM

Wherever you see "......." is in place of my name.

SDFix: Version 1.117

Run by ....... on Sun 12/09/2007 at 01:48 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\install.exe - Deleted



Folder C:\Program Files\E404 Helper - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 13:53:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8c,e3,61,ee,ae,01,74,d6,14,31,6b,10,f5,8b,1d,bc,20,6f,5b,f3,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,39,5c,9d,c0,a2,44,56,27,84,f0,1f,6d,00,5d,fd,bd,..
"khjeh"=hex:2f,ac,5f,32,05,b7,ce,82,f6,e8,4d,8c,e5,67,f4,b3,42,5e,81,1d,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:97,68,1f,b8,83,fb,9a,69,76,8d,40,4f,ef,46,13,15,be,9e,4c,7b,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8c,e3,61,ee,ae,01,74,d6,14,31,6b,10,f5,8b,1d,bc,20,6f,5b,f3,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,39,5c,9d,c0,a2,44,56,27,84,f0,1f,6d,00,5d,fd,bd,..
"khjeh"=hex:2f,ac,5f,32,05,b7,ce,82,f6,e8,4d,8c,e5,67,f4,b3,42,5e,81,1d,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:97,68,1f,b8,83,fb,9a,69,76,8d,40,4f,ef,46,13,15,be,9e,4c,7b,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8c,e3,61,ee,ae,01,74,d6,14,31,6b,10,f5,8b,1d,bc,20,6f,5b,f3,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,39,5c,9d,c0,a2,44,56,27,84,f0,1f,6d,00,5d,fd,bd,..
"khjeh"=hex:2f,ac,5f,32,05,b7,ce,82,f6,e8,4d,8c,e5,67,f4,b3,42,5e,81,1d,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:97,68,1f,b8,83,fb,9a,69,76,8d,40,4f,ef,46,13,15,be,9e,4c,7b,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8c,e3,61,ee,ae,01,74,d6,14,31,6b,10,f5,8b,1d,bc,20,6f,5b,f3,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,39,5c,9d,c0,a2,44,56,27,84,f0,1f,6d,00,5d,fd,bd,..
"khjeh"=hex:2f,ac,5f,32,05,b7,ce,82,f6,e8,4d,8c,e5,67,f4,b3,42,5e,81,1d,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:97,68,1f,b8,83,fb,9a,69,76,8d,40,4f,ef,46,13,15,be,9e,4c,7b,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c09d718e
"s2"=dword:93f68a7f
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8c,e3,61,ee,ae,01,74,d6,14,31,6b,10,f5,8b,1d,bc,20,6f,5b,f3,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,39,5c,9d,c0,a2,44,56,27,84,f0,1f,6d,00,5d,fd,bd,..
"khjeh"=hex:2f,ac,5f,32,05,b7,ce,82,f6,e8,4d,8c,e5,67,f4,b3,42,5e,81,1d,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,fe,24,11,f1,05,23,9d,8f,c9,db,ff,af,1f,91,cb,cb,25,17,cf,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8c,e3,61,ee,ae,01,74,d6,14,31,6b,10,f5,8b,1d,bc,20,6f,5b,f3,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,39,5c,9d,c0,a2,44,56,27,84,f0,1f,6d,00,5d,fd,bd,..
"khjeh"=hex:2f,ac,5f,32,05,b7,ce,82,f6,e8,4d,8c,e5,67,f4,b3,42,5e,81,1d,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,fe,24,11,f1,05,23,9d,8f,c9,db,ff,af,1f,91,cb,cb,25,17,cf,9e,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9317770F-435C-EA6D-8627-056FFBB58595}]
"jaegabkmobgngkahaocp"=hex:6a,61,66,6c,6a,70,62,6f,68,6c,70,67,6c,63,6c,6c,62,63,64,63,00,..
"iaofgokafgcglghhge"=hex:6a,61,64,6c,68,61,6e,66,70,6a,6a,70,70,63,66,6c,6d,6c,6b,69,00,..
"haidikinknpokjbj"=hex:61,61,00,00
"haidikinnlejjfph"=hex:61,61,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CF19819B-3DAC-8B03-6644-02AB7D583E84}]
"jaelakfdcjolchfdaoaf"=hex:6a,61,66,69,6d,63,6f,61,70,61,62,62,61,70,61,63,65,67,63,65,00,..
"iakkcldfehpccacfhj"=hex:6a,61,66,69,6d,63,6f,61,70,61,62,62,61,70,61,63,65,67,63,65,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Program Files\\U.S. Robotics\\ControlCenter\\Reminder.exe"="C:\\Program Files\\U.S. Robotics\\ControlCenter\\Reminder.exe:*:Enabled:Reminder"
"C:\\Program Files\\Got All Media\\GotAllMedia.exe"="C:\\Program Files\\Got All Media\\GotAllMedia.exe:*:Enabled:Got All Media"
"C:\\Program Files\\Steam\\SteamApps\\zzzone22\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\.......\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE:*:Enabled:UPDATE"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars™ Demo"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe:*:Enabled:etqwded.exe"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\Crazybump Beta Test\\CrazyBump.exe"="C:\\Program Files\\Crazybump Beta Test\\CrazyBump.exe:*:Enabled:CrazyBump"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 10 Nov 2007 32,852,124 A..H. --- "C:\Downloads\Software\CrazyBumpSetup.exe"
Sat 8 Dec 2007 11,856,440 A..H. --- "C:\Downloads\Software\SnagIt.exe"
Tue 28 Aug 2007 8 ..SHR --- "C:\WINDOWS\system32\4A478B5038.dll"
Thu 19 Jul 2007 6,405 A.SH. --- "C:\WINDOWS\system32\xyadd.bak1"
Mon 13 Feb 2006 121,344 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1CheckW40k.EXE"
Thu 29 Nov 2007 1,328 A..H. --- "C:\WINDOWS\Temp\Free Download Manager\tic2826.tmp"
Thu 29 Nov 2007 1,011 A..H. --- "C:\WINDOWS\Temp\Free Download Manager\tic282E.tmp"
Thu 29 Nov 2007 997 A..H. --- "C:\WINDOWS\Temp\Free Download Manager\tic282F.tmp"
Thu 29 Nov 2007 448 A..H. --- "C:\WINDOWS\Temp\Free Download Manager\tic2831.tmp"
Thu 29 Nov 2007 84 A..H. --- "C:\WINDOWS\Temp\Free Download Manager\tic2832.tmp"
Thu 29 Nov 2007 561 A..H. --- "C:\WINDOWS\Temp\Free Download Manager\tic2833.tmp"
Mon 20 Nov 2006 53,248 A..H. --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\CommandVerifierLog.dll"
Mon 20 Nov 2006 81,920 A..H. --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\DevIOCTL.dll"
Mon 20 Nov 2006 81,920 A..H. --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\StackSwitcher.dll"
Mon 20 Nov 2006 225,280 A..H. --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\TestServices.dll"
Thu 6 Apr 2006 86,016 A..HR --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\Tparse.dll"
Mon 20 Nov 2006 65,536 A..H. --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\TSMFCGuiDialogHelperDLL.dll"
Mon 20 Nov 2006 258,048 A..H. --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\USBCommandVerifier.dll"
Mon 20 Nov 2006 176,128 A..H. --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\USBMassStorageBOTVerifier.dll"
Mon 20 Nov 2006 581,632 A..H. --- "C:\Program Files\USB-IF Test Suite\USBCommandVerifier\lib\USBVideoClassValidation.dll"
Wed 19 Sep 2007 165,232 A..H. --- "C:\Documents and Settings\.......\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"
Sun 25 Nov 2007 6,297 ...HR --- "C:\Documents and Settings\.......\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\.......\Application Data\U3\temp\Launchpad Removal.exe"
Thu 25 Oct 2007 59,619,632 A..H. --- "C:\Documents and Settings\.......\Desktop\New Folder\New Folder\gimp-help-2-0.13-setup.exe"

Finished!

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 10 December 2007 - 04:37 AM

Also follow the ComboFix instructions please.
Posted Image
Posted Image

#5 zone22

zone22
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 10 December 2007 - 08:16 PM

ComboFix instructions Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Fraps\FRAPS.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\PROGRA~1\PeoplePC\ISP6300\Browser\PPShared.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\Program Files\PeoplePC Accelerated\PeoplePC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E10C98B-7EAA-4744-AF9F-AE3965675B08} - (no file)
O2 - BHO: (no name) - {53576182-8680-4434-929B-E48FB2E52455} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - WWW Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F223A063-32B7-4057-856D-A4608CA8DC88}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O20 - Winlogon Notify: xxywvvt - xxywvvt.dll (file missing)
O21 - SSODL: E404Helper - {97a77185-aa21-42df-bc31-e960bdb928f6} - e404d.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 12138 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 11 December 2007 - 04:17 AM

ComboFix instructions Finished!

Post the entire contents of C:\ComboFix.txt into your next reply.
Posted Image
Posted Image

#7 zone22

zone22
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 11 December 2007 - 11:25 AM

I can't find it. I looked in C:\ it wasn't there. I downloaded ComboFix to to my desktop as instructed.
I searched my entire C:\ using"ComboFix.txt" and nothing turned up. Suggestions?

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 11 December 2007 - 04:43 PM

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt
* Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Posted Image
Posted Image

#9 zone22

zone22
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 11 December 2007 - 08:45 PM

Deckard's System Scanner v20071014.68
Run by ........ on 2007-12-11 19:09:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2007-12-12 01:09:26 UTC - RP481 - Deckard's System Scanner Restore Point
16: 2007-12-11 02:23:34 UTC - RP480 - Installed SnagIt 7
15: 2007-12-11 01:01:51 UTC - RP479 - ComboFix created restore point
14: 2007-12-10 02:24:59 UTC - RP478 - System Checkpoint


-- First Restore Point --
1: 2007-11-27 16:30:06 UTC - RP465 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as .........exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10, on 2007-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Fraps\FRAPS.EXE
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\PROGRA~1\PeoplePC\ISP6300\Browser\PPShared.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Downloads\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\.........exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E10C98B-7EAA-4744-AF9F-AE3965675B08} - (no file)
O2 - BHO: (no name) - {53576182-8680-4434-929B-E48FB2E52455} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - WWW Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O20 - Winlogon Notify: xxywvvt - xxywvvt.dll (file missing)
O21 - SSODL: E404Helper - {97a77185-aa21-42df-bc31-e960bdb928f6} - e404d.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11457 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ivicd (Ivi CDVD Filter Driver) - c:\windows\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ASInsHelp - c:\windows\system32\drivers\asinshelp32.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
S3 catchme - c:\docume~1\aaronw~1\locals~1\temp\catchme.sys (file missing)
S3 CrystalCpuInfo - c:\program files\occt\cpuinfo.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 hcdriver (EHCI) - c:\windows\system32\drivers\hcdriver.sys <Not Verified; Intel Corporation; USB2.0 Host Controller Device Driver>
S3 iviudf - c:\windows\system32\drivers\iviudf.sys <Not Verified; InterVideo; UDF File System Driver>
S3 mohfilt - c:\windows\system32\drivers\mohfilt.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nHancer (nHancer Support) - "c:\program files\nhancer\nhancerservice.exe" <Not Verified; KSE - Korndörfer Software Engineering; nHancer>
R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S2 PnkBstrA - c:\windows\system32\pnkbstra.exe (file missing)
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S4 CachemanXPService (CachemanXP) - c:\progra~1\cachem~1\cachemanxp.exe <Not Verified; OuterTechnologies; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: HID\VID_046D&PID_C517&MI_01&COL01\7&11099289&1&0000
Manufacturer:
Name:
PNP Device ID: HID\VID_046D&PID_C517&MI_01&COL01\7&11099289&1&0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-12-08 07:29:01 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-08 07:00:00 402 --a----c- C:\WINDOWS\Tasks\WinTV_00.job


-- Files created between 2007-11-11 and 2007-12-11 -----------------------------

2007-12-11 17:15:43 0 d-------- C:\Program Files\VUGames
2007-12-10 21:46:29 0 dr-h----- C:\Documents and Settings\........\Recent
2007-12-10 20:23:34 0 d-------- C:\Program Files\TechSmith
2007-12-09 13:47:48 0 d-------- C:\WINDOWS\ERUNT
2007-12-08 22:03:22 90112 -----n--- C:\WINDOWS\SDUnInst.exe <Not Verified; Software Design; UnInstaller Utility for Windows>
2007-12-08 22:03:22 0 d-------- C:\Program Files\Software by Design
2007-11-29 20:30:02 41472 --a------ C:\WINDOWS\system32\e404d.dll <Not Verified; Melkosoft Corporation; avp>
2007-11-28 21:02:23 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-28 21:02:23 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-28 21:02:23 0 d-------- C:\Program Files\Xvid
2007-11-28 20:59:08 0 d-------- C:\Program Files\Lavasoft
2007-11-23 15:30:35 37027 --a------ C:\WINDOWS\atmoUn.exe
2007-11-22 07:51:31 5399 --ahs---- C:\WINDOWS\system32\gjllm.ini2
2007-11-21 21:36:48 0 d-------- C:\Program Files\Project Dogwaffle Professional
2007-11-21 21:26:38 0 d-------- C:\WINDOWS\NV126856126860.TMP
2007-11-21 17:39:27 208896 --a----c- C:\WINDOWS\system32\medpdll.dll
2007-11-21 17:39:09 29696 --a----c- C:\WINDOWS\system32\VB5StKit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-21 17:39:09 71680 --a----c- C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-21 17:27:44 0 d-------- C:\Program Files\Silo 2
2007-11-21 17:25:52 0 d-------- C:\Program Files\Crazybump Beta Test
2007-11-20 16:08:14 0 d-------- C:\Program Files\Unreal Tournament 3
2007-11-14 20:14:45 0 d-------- C:\1964_085
2007-11-14 20:10:39 0 d-------- C:\Program Files\Bluehell Productions
2007-11-12 06:51:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-11-12 06:51:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-11-12 06:51:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-12 06:51:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-11-12 06:51:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 06:51:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-11-12 06:51:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-11-12 06:51:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-11-12 06:51:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Find3M Report ---------------------------------------------------------------

2007-12-11 19:09:08 0 d-------- C:\Documents and Settings\........\Application Data\Free Download Manager
2007-12-11 18:52:16 0 d-------- C:\Program Files\Steam
2007-12-11 17:15:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-11 10:21:54 2555 --a------ C:\Documents and Settings\........\Application Data\SAS7_000.DAT
2007-12-10 21:37:15 0 d-------- C:\Documents and Settings\........\Application Data\OpenOffice.org2
2007-12-10 20:23:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-10 08:26:37 0 d-------- C:\Program Files\a-squared Free
2007-12-09 07:55:34 0 d-------- C:\Documents and Settings\........\Application Data\AVG7
2007-11-30 09:11:07 0 d-------- C:\Program Files\KeyScrambler
2007-11-25 19:42:20 669184 --a----c- C:\WINDOWS\system32\pbsvc.exe
2007-11-25 19:39:07 0 d-------- C:\Program Files\DAEMON Tools
2007-11-25 16:28:18 0 d-------- C:\Program Files\PowerISO
2007-11-23 15:30:36 0 d-------- C:\Documents and Settings\........\Application Data\AdobeUM
2007-11-23 15:30:33 0 d-------- C:\Program Files\Viewpoint
2007-11-23 15:10:08 0 d-------- C:\Program Files\Nuance
2007-11-23 09:55:51 0 d-------- C:\Program Files\ElcomSoft
2007-11-23 02:38:46 43520 --a----c- C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-22 08:29:54 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-20 16:06:07 0 d-------- C:\Documents and Settings\........\Application Data\InstallShield Installation Information
2007-11-09 21:48:06 0 d-------- C:\Documents and Settings\........\Application Data\Apple Computer
2007-11-09 20:59:58 0 d-------- C:\Program Files\Continuum
2007-11-09 17:11:06 0 d-------- C:\Program Files\AGEIA Technologies
2007-11-09 16:45:17 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-11-09 16:45:17 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2007-11-09 16:44:13 0 d-------- C:\Program Files\Futuremark
2007-11-09 16:20:28 0 d-------- C:\Program Files\Playlogic
2007-11-09 07:27:01 0 d-------- C:\Program Files\Prime95
2007-11-08 22:49:57 0 d-------- C:\Documents and Settings\........\Application Data\gtk-2.0
2007-11-08 20:56:53 0 d-------- C:\Program Files\Dobermann
2007-11-08 20:54:59 0 d-------- C:\Program Files\Wesnoth
2007-11-08 19:31:44 0 d-------- C:\Program Files\MAIET
2007-11-08 19:31:44 0 d-------- C:\Program Files\iriver
2007-11-08 19:31:42 0 d-------- C:\Documents and Settings\........\Application Data\Media Center Programs
2007-11-08 19:23:37 0 d-------- C:\Program Files\DOSBox-0.72
2007-11-08 19:22:18 0 d-------- C:\Program Files\Angband
2007-11-08 19:22:09 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-11-08 19:20:32 0 d-------- C:\Program Files\Starcraft
2007-11-08 17:24:05 0 d-------- C:\Program Files\Project64 1.6
2007-11-08 17:02:21 0 d-------- C:\Program Files\Tremulous
2007-11-07 21:52:58 0 d-------- C:\Program Files\Razer
2007-11-07 08:10:51 0 d-------- C:\Program Files\nHancer
2007-11-02 11:42:04 0 d-------- C:\Program Files\Scorched3D
2007-11-01 13:21:23 0 d-------- C:\Program Files\Mozilla Sunbird
2007-11-01 13:18:56 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-01 09:15:18 0 d-------- C:\Program Files\SystemRequirementsLab
2007-10-31 21:36:29 0 d-------- C:\Program Files\rK's DemoWatcher
2007-10-30 15:58:47 0 d-------- C:\Program Files\Free Download Manager
2007-10-28 16:29:10 0 d-------- C:\Program Files\GIMP-2.0
2007-10-26 16:16:55 0 d-------- C:\Program Files\AMD
2007-10-26 16:16:40 0 d-------- C:\Documents and Settings\........\Application Data\InstallShield
2007-10-24 14:28:06 0 d-------- C:\Program Files\Common Files
2007-10-24 13:56:59 0 d-------- C:\Program Files\Java
2007-10-22 21:11:02 0 d-------- C:\Program Files\SkipMov
2007-10-22 18:30:20 0 d-------- C:\Program Files\Bethesda Softworks
2007-10-20 10:42:55 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2007-10-19 08:41:00 0 --a------ C:\WINDOWS\system32\suupdate.dat
2007-10-19 08:41:00 0 --a------ C:\WINDOWS\system32\mssurun.dat
2007-10-19 08:39:59 0 d-------- C:\Documents and Settings\........\Application Data\GetRightToGo
2007-10-18 17:53:16 0 d-------- C:\Documents and Settings\........\Application Data\Bioshock
2007-10-18 16:14:21 0 d-------- C:\Program Files\Common Files\aliaswavefront shared
2007-10-18 16:14:21 0 d-------- C:\Program Files\Common Files\Alias Shared
2007-10-18 16:14:18 0 d-------- C:\Program Files\Microsoft DirectX SDK (April 2007)
2007-10-18 00:51:55 0 d-------- C:\Program Files\Electronic Arts
2007-10-18 00:41:08 4718 --a----c- C:\WINDOWS\mozver.dat
2007-10-18 00:41:07 0 d-------- C:\Program Files\DivX
2007-10-15 16:59:37 0 d-------- C:\Program Files\Activision
2007-10-15 16:54:13 0 d-------- C:\Program Files\Atari
2007-10-14 14:22:19 0 d-------- C:\Program Files\HP
2007-10-12 20:27:23 0 d-------- C:\Program Files\2K Games
2007-09-25 18:22:14 32768 --a----c- C:\WINDOWS\system32\Keygen.exe <Not Verified; ; CrysisKeygen>
2007-09-23 00:38:42 57 --a----c- C:\WINDOWS\ev.vbs
2007-09-22 14:13:59 737280 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-12 20:21:29 552 --a----c- C:\WINDOWS\system32\d3d8caps.dat
2007-09-11 03:17:30 81920 --a----c- C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E10C98B-7EAA-4744-AF9F-AE3965675B08}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53576182-8680-4434-929B-E48FB2E52455}]
C:\WINDOWS\system32\mlljg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 01:47]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 15:00]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-08-18 02:52]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-12-21 16:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 16:06]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [2005-10-24 23:49]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-01 09:09]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 15:49]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 11:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Bart Station"="C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe" [2006-03-21 20:40]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 18:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 06:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-11-22 22:36]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 06:00]
"Fraps"="C:\Fraps\FRAPS.EXE" [2007-09-11 00:57]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-10-08 02:39]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 19:13]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\........\Start Menu\Programs\Startup\
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 15:48:42]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2004-03-28 14:07:48]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {97a77185-aa21-42df-bc31-e960bdb928f6} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32]
winmbj32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywvvt]
xxywvvt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CachemanXPService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55753d62-dfd0-11db-81a4-0015f2d7a11f}]
AutoRun\command- F:\AutoRunCD.exe




-- End of Deckard's System Scanner: finished at 2007-12-11 19:10:53 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4400+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2047.22 MiB / 1386.55 MiB
Pagefile Memory (total/avail): 3939.25 MiB / 3417.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.57 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 596.17 GiB total, 280.93 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (CDFS)
H: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - NVIDIA STRIPE 596.18G - 596.18 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 596.17 GiB - C:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler II USB Device - 980.53 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 983.48 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation)
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\.........\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AARONSMACHINE
ComSpec=C:\WINDOWS\system32\cmd.exe
DXSDK_DIR=C:\Program Files\Microsoft DirectX SDK (April 2007)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\.........
LOGONSERVER=\\.......MACHINE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft DirectX SDK (April 2007)\Utilities\Bin\x86;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=c:\program files\steam\steamapps\zzzone22\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AARONW~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\AARONW~1\LOCALS~1\Temp
USERDOMAIN=.............
USERNAME=........
USERPROFILE=C:\Documents and Settings\..........
VProject=c:\program files\steam\steamapps\zzzone22\half-life 2\hl2
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

......... (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
--> "C:\Program Files\InstallShield Installation Information\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}\setup.exe" --u:{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}
--> "C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
--> C:\UT2004\TOCuninstall.exe
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
ABBYY FineReader 8.0 Professional Edition --> MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Ai Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\setup.exe" -l0x9
AMD Processor Driver --> C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
America's Army --> MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AquaMark3 --> C:\PROGRA~1\AQUAMA~1\UNWISE.EXE C:\PROGRA~1\AQUAMA~1\INSTALL.LOG
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
Audacity 1.3.0 --> "C:\Program Files\Audacity 1.3 Beta\unins000.exe"
Audio Tags Editor --> "C:\Program Files\Audio Tags Editor\Uninstall.exe" "C:\Program Files\Audio Tags Editor\install.log"
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Battle for Wesnoth 1.3.8 --> "C:\Program Files\Wesnoth\unins000.exe"
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Beta 1.6 Update --> "C:\UT2004\DA2\UnInstallDA2\unins000.exe"
BF2142 Editor --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\BF2142 Editor\ST6UNST.LOG"
Bulk Rename Utility 2, 5, 4, 0 --> C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{991B1~1\Setup.exe /remove /q0
CachemanXP 1.12 --> C:\PROGRA~1\CACHEM~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\CACHEM~1\UNINST~1\install.log
Call of Duty® 4 - Modern Warfare™ Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXE
Command & Conquer Renegade --> C:\Westwood\Renegade\Uninstll.exe
Command && Conquer Red Alert 2 - Yuri's Revenge --> C:\Westwood\RA2\Uninstll.EXE
Continuum 0.40 --> "C:\Program Files\Continuum\unins000.exe"
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Crazybump Beta Test (remove only) --> "C:\Program Files\Crazybump Beta Test\uninst.exe"
CryEngine®2 Sandbox™2 --> MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Crysis™ MP Beta --> MsiExec.exe /I{F129D1A6-1098-4573-9FAF-1B604E086C48}
DaemonScript --> MsiExec.exe /X{0A21D2E9-F8A2-4CF9-88D7-E04A1C4C90AE}
Day of Defeat: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/300
Delta Force - Black Hawk Down --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}\setup.exe" -l0x9 -uninst
Delta Force Black Hawk Down Team Sabre --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\setup.exe" -l0x9 -uninst
Delta Force: Xtreme --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{961C4925-5B53-4127-969D-1CACF2426C05}\setup.exe" -l0x9
Descent 3 Demo 2 --> C:\WINDOWS\ISUNINST.EXE -fC:\Games\Descent3Demo2\Uninst.isu -cC:\Games\Descent3Demo2\d3uninst.dll
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon DataCollector --> MsiExec.exe /I{BAB9AFB8-3A05-4BB1-A5B4-A8BC7DE4DDCE}
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
DriverGuide Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEA5EF64-B694-4B79-9A2C-0FF738906A1D}\setup.exe"
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 3.0.9.6 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
DVDFab HD Decrypter 3.0.9.6 --> "C:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
Enemy Territory - QUAKE Wars™ Demo --> C:\Program Files\InstallShield Installation Information\{AEF04476-51FA-41F2-80F0-0AD9B026F46A}\setup.exe -runfromtemp -l0x0409
Esc 0.8.0 --> C:\UT2004\unins000.exe
EULAlyzer v1.2 --> "C:\Program Files\EULAlyzer\unins000.exe"
FireTune --> C:\WINDOWS\iun6002.exe "C:\Program Files\FireTune\irunin.ini"
Francesco's leveled creatures-items mod 4.5b --> "C:\Program Files\Bethesda Softworks\Oblivion\data\Francesco's mod\Unistall data\Main files\unins000.exe"
Francesco's optional new items/creatures 4.5 --> "C:\Program Files\Bethesda Softworks\Oblivion\data\Francesco's mod\Unistall data\AddOns\unins000.exe"
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
Gadwin PrintScreen --> C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
GameShadow --> MsiExec.exe /I{B8602676-42A2-4815-A556-C23750EF5A47}
GIMP 2.4.0 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
ID-Blaster Plus v2.0 --> "C:\Program Files\ID-Blaster Plus\unins000.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InterVideo Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Development Kit 5.0 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150060}
J2SE Development Kit 5.0 Update 7 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150070}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Mega Codec Pack 1.67 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
LOST PLANET TRIAL DX9 --> MsiExec.exe /X{729F9233-40C5-41C6-A271-E09A9337D0C9}
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
Microsoft DirectX SDK (April 2007) --> MsiExec.exe /I{5BDAEFB5-1FF6-45DA-AD07-910CD7F4B5EF}
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50) --> MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MINERVA: Metastasis --> C:\PROGRA~1\Steam\STEAMA~1\SOURCE~1\METAST~1\UNWISE.EXE C:\PROGRA~1\Steam\STEAMA~1\SOURCE~1\METAST~1\metastasis.log
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.7) --> C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MRU-Blaster v1.5 (Database 3/28/2004) --> "C:\Program Files\MRU-Blaster\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NetBeans IDE 5.0 --> C:\Program Files\netbeans-5.0\_uninst\uninstaller.exe
nHancer --> MsiExec.exe /X{A983B01E-EFFA-4F5E-A7BF-FA85F10E1DE2}
Noggin 1.0 --> C:\noggin\UNWISE.EXE C:\noggin\INSTALL.LOG
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVTweak --> MsiExec.exe /I{39D385DF-53BA-4792-BED3-68132EEB488F}
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OpenOffice.org 2.2 --> MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
Operation Optimization v1.1.1 --> "C:\Program Files\Bethesda Softworks\Oblivion\Operation Optimization\unins000.exe"
OverDrive Media Console --> MsiExec.exe /I{16D9439B-DF3D-43D1-A727-4B335300D07A}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PCMark04 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4718EA71-CED3-498D-8FA9-34CB830AF2D8}\Setup.exe" -l0x9
PeoplePC Online --> C:\WINDOWS\system32\PPCOUNIN.EXE
Ping Plotter Freeware --> C:\PROGRA~1\PINGPL~1\UNWISE.EXE C:\PROGRA~1\PINGPL~1\INSTALL.LOG
PlayLinc --> MsiExec.exe /I{2158685C-E2B3-4026-B0A1-0FFE31837AFD}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
Project Dogwaffle Professional (C:\Program Files\Project Dogwaffle Professional\) --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Project Dogwaffle Professional\ST5UNST.LOG"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Razer Copperhead --> C:\Program Files\InstallShield Installation Information\{28A946E1-E83B-4662-BC7C-23451851489E}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Red Alert: A Path Beyond - Beta --> C:\Program Files\Bluehell Productions\Red Alert - A Path Beyond\uninst.exe
Reliquary Bonus Pack 2.0 Beta --> C:\UT2004\Uninstal.exe
rK DemoWatcher 1.8 --> "C:\Program Files\rK's DemoWatcher\unins000.exe"
SC Audio Converter 7.2.0.0 --> "C:\Program Files\SoftwareClub.ws\SC Audio Converter\unins000.exe"
Silo 2 --> MsiExec.exe /I{E6AC703D-2624-4815-B77D-03AD77BE33ED}
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SkipMov --> C:\Program Files\SkipMov\Uninstal.exe
SnagIt 7 --> MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Soldat 1.4.1 --> "C:\Soldat\unins000.exe"
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SpaceCowboy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52A690A0-DC0A-4B80-B4D2-4E6D5C1C9B9C}\Setup.exe" -l0x9
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars® Knights of the Old Republic® II: The Sith Lords™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SubSpace --> C:\WINDOWS\IsUninst.exe -fC:\SUBSPACE\Uninst.isu
Supreme Commander Demo --> C:\Documents and Settings\.........\Application Data\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B1848}\setup.exe -runfromtemp -l0x0009 -removeonly
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TDT --> MsiExec.exe /I{45C7A97B-0F3F-42AB-AEE4-764BAA086525}
The Battle for Middle-earth ™ --> C:\Program Files\EA GAMES\The Battle for Middle-earth ™\EAUninstall.exe
The OBSE Launcher 1.5 --> C:\Program Files\The OBSE Launcher\uninst.exe
TimeShift Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BFD57EF3-5C28-4C6E-8450-519E98860CD6}\Setup.exe" -l0x9
Treadmarks --> C:\PROGRA~1\eGames\TREADM~1\UNWISE.EXE C:\PROGRA~1\eGames\TREADM~1\INSTALL.LOG
Tribes 2 --> C:\Dynamix\Tribes2\UNWISE.EXE C:\Dynamix\Tribes2\INSTALL.LOG
TrueCrypt --> "C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u C:\Program Files\TrueCrypt\
Two Worlds --> C:\Program Files\Reality Pump\Two Worlds\Uninst.exe /pid:{8BAD4440-26D7-4A40-B844-066D2AF3550C} /asd
UE3Redist --> "C:\Program Files\InstallShield Installation Information\{2FB04107-7BC2-449C-915A-530B29B5E0FE}\setup.exe" -runfromtemp -l0x0409 -removeonly
UE3Redist --> MsiExec.exe /X{2FB04107-7BC2-449C-915A-530B29B5E0FE}
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Unofficial Oblivion Patch v2.2.0 --> "C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe"
Unofficial Official Mods Patch v8 --> "C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Official Mods Patch\unins000.exe"
Unreal Tournament 2004 --> C:\UT2004\System\Setup.exe uninstall "UT2004"
Unreal Tournament 3 --> "C:\Documents and Settings\.........\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe" -runfromtemp -l0x0409 -removeonly
Unreal Tournament 3 --> MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
USBCV13 --> MsiExec.exe /X{79A5D23D-089D-459C-AE50-D3E7FAE86AE2}
Virtual Cable Tester --> MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
VoiceTracer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CBDEFB9-E1BF-4F84-A47C-1DD604232001}\setup.exe" -l0x9
Warhammer 40,000: Dawn Of War - Gold Edition --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Warhammer 40,000: Total War v2.1 --> C:\Program Files\THQ\Dawn of War\Uninstall.exe
WebTime --> C:\WINDOWS\SDUnInst.exe c:\program files\software by design\webtime.uni
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{8F3CF9E1-D738-4C2B-8193-F45AC8B0EC7C}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
X3 Bonus Package 3.1.05 --> "C:\Program Files\EGOSOFT\X3 Reunion\unins000.exe"
X3 REUNION --> MsiExec.exe /I{A8E414A8-9E31-40E6-B13B-5F1FCA00EF9F}
XdN Tweaker 0.8.8.1 --> C:\Program Files\XdN Software\XdN Tweaker\Uninst.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1888 / Error
Event Submitted/Written: 12/10/2007 09:49:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application twoworlds.exe, version 1.1.0.0, faulting module twoworlds.exe, version 1.1.0.0, fault address 0x0016a906.
Processing media-specific event for [twoworlds.exe!ws!]

Event Record #/Type1875 / Error
Event Submitted/Written: 12/10/2007 00:59:34 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sdupdate.exe, version 1.0.6.4, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [sdupdate.exe!ws!]

Event Record #/Type1863 / Error
Event Submitted/Written: 12/08/2007 03:54:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ut3.exe, version 0.0.0.0, faulting module ut3.exe, version 0.0.0.0, fault address 0x006ccd01.
Processing media-specific event for [ut3.exe!ws!]

Event Record #/Type1862 / Error
Event Submitted/Written: 12/08/2007 03:18:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ut3.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [ut3.exe!ws!]

Event Record #/Type1861 / Error
Event Submitted/Written: 12/08/2007 08:25:49 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application peoplepc.exe, version 5.0.0.1053, faulting module wininet.dll, version 7.0.6000.16544, fault address 0x00064823.
Processing media-specific event for [peoplepc.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18390 / Warning
Event Submitted/Written: 12/10/2007 09:36:10 PM / 12/10/2007 09:36:53 PM
Event ID/Source: 51 / ivicd
Event Description:
\Device\IviFilte

Event Record #/Type18375 / Error
Event Submitted/Written: 12/10/2007 09:36:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PnkBstrA service failed to start due to the following error:
%%2

Event Record #/Type18374 / Error
Event Submitted/Written: 12/10/2007 09:36:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type18358 / Warning
Event Submitted/Written: 12/10/2007 08:26:12 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver SnagIt 7 Printer for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, SNAGITP7.GPD, UNIDRV.HLP, SNAGITD7.DLL, STDNAMES.GPD, UNIRES.DLL, SNAGITP7.INI.

Event Record #/Type18356 / Warning
Event Submitted/Written: 12/10/2007 08:25:54 PM
Event ID/Source: 51 / ivicd
Event Description:
\Device\IviFilte



-- End of Deckard's System Scanner: finished at 2007-12-11 19:10:53 ------------

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 12 December 2007 - 07:33 AM

Please disable Spybot S&D’s protection,or it will interfere.
You can enable it after you're clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
C:\WINDOWS\system32\gjllm.ini2
C:\WINDOWS\NV126856126860.TMP
C:\Program Files\Viewpoint
C:\Program Files\nHancer
C:\WINDOWS\system32\Keygen.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E10C98B-7EAA-4744-AF9F-AE3965675B08}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53576182-8680-4434-929B-E48FB2E52455}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywvvt]


Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Also post a new Hijackthis log.
Posted Image
Posted Image

#11 zone22

zone22
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 December 2007 - 10:20 AM

I work on the Java Runtime Environment (JRE) 6 update 3.

C:\WINDOWS\system32\Keygen.exe
A Keygen..... Im going to have good talk with my son about this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14, on 2007-12-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\Fraps\FRAPS.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\PROGRA~1\PeoplePC\ISP6300\Browser\PPShared.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PeoplePC Accelerated\PeoplePC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E10C98B-7EAA-4744-AF9F-AE3965675B08} - (no file)
O2 - BHO: (no name) - {53576182-8680-4434-929B-E48FB2E52455} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - WWW Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F223A063-32B7-4057-856D-A4608CA8DC88}: NameServer = 209.244.0.3 209.244.0.4
O21 - SSODL: E404Helper - {97a77185-aa21-42df-bc31-e960bdb928f6} - e404d.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nHancer Support (nHancer) - Unknown owner - C:\Program Files\nHancer\nHancerService.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 12138 bytes

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 12 December 2007 - 02:23 PM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {2E10C98B-7EAA-4744-AF9F-AE3965675B08} - (no file)
O2 - BHO: (no name) - {53576182-8680-4434-929B-E48FB2E52455} - C:\WINDOWS\system32\mlljg.dll (file missing)
O13 - WWW Prefix:
O21 - SSODL: E404Helper - {97a77185-aa21-42df-bc31-e960bdb928f6} - e404d.dll (file missing)

Exit Hijackthis.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#13 zone22

zone22
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 December 2007 - 09:10 PM

Thanks to you, My pc is running fine now.

Should I keep SUPERAntiSpyware.

Is SUPERAntiSpyware better than a-squared, spy bot search and destroy and ad aware?
or what combination of production should I keep?
I really dislike the idea of updating for different programs to do one thing.

Were you were certified\trained somewhere?
if so can you point me in that direction?

...................................................................................
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/12/2007 at 06:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1358

Scan type : Complete Scan
Total Scan Time : 00:52:39

Memory items scanned : 175
Memory threats detected : 0
Registry items scanned : 7590
Registry threats detected : 4
File items scanned : 33510
File threats detected : 2

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{C2CE5B8F-A1A9-43BE-A2E1-21A2060B0B8B}
HKCR\CLSID\{C2CE5B8F-A1A9-43BE-A2E1-21A2060B0B8B}
HKCR\CLSID\{C2CE5B8F-A1A9-43BE-A2E1-21A2060B0B8B}\InprocServer32
HKCR\CLSID\{C2CE5B8F-A1A9-43BE-A2E1-21A2060B0B8B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MLLJG.DLL

Spyware.Melkosoft (CoolWebSearch Variant)
C:\WINDOWS\SYSTEM32\E404D.DLL




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44, on 2007-12-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\PeoplePC\ISP6300\Browser\PPShared.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Fraps\FRAPS.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nHancer Support (nHancer) - Unknown owner - C:\Program Files\nHancer\nHancerService.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11557 bytes

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 13 December 2007 - 06:31 AM

Is SUPERAntiSpyware better than a-squared, spy bot search and destroy and ad aware?
or what combination of production should I keep?
I really dislike the idea of updating for different programs to do one thing.

Personally i would remove a-squared and keep the rest.

Your log is clean :thumbsup: ,please do the following:

Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm


Were you were certified\trained somewhere?
if so can you point me in that direction?

BC do a traing program,click on the link at the top of this page 'Malware Removal Training Program'.

Also you may want to consider registering at Malware Removal University:
http://www.malwareremoval.com/forum/viewtopic.php?t=233
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users