Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Is Infected


  • Please log in to reply
4 replies to this topic

#1 SickDave

SickDave

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 05 April 2008 - 12:10 PM

Hey guys installed a game and ever since then computer has been acting up, basically it freezes when in normal mode sometimes and bluescreens, ever since the game installed. was thinking harddrive had had it but in safe mode it runs constantly. got the logs for you to check over , ran tests in safe mode. ill try run another dss scan when in normal mode

Cheers

Dave

Deckard's System Scanner v20071014.68
Run by Dave on 2008-04-05 18:02:55
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-04-05 15:01:37 UTC - RP71 - Windows Update
2: 2008-04-05 14:30:39 UTC - RP70 - Removed AGEIA PhysX v7.05.17
1: 2008-04-04 23:51:07 UTC - RP69 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dave.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:07, on 05/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Dave\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dave.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 7050 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 EuMusDesignVirtualAudioCableWdm (Virtual Audio Cable (WDM)) - c:\windows\system32\drivers\vrtaucbl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e980-e325-11ce-bfc1-08002be10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&FB380F3&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&FB380F3&0&0
Service: flpydisk


-- Scheduled Tasks -------------------------------------------------------------

2008-04-05 16:46:21 484 --a------ C:\Windows\Tasks\1-Click Maintenance.job
2008-03-15 02:42:21 338 --a------ C:\Windows\Tasks\McDefragTask.job
2008-03-01 02:00:20 330 --a------ C:\Windows\Tasks\McQcTask.job


-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 18:03:57 0 d-------- C:\Program Files\Trend Micro
2008-04-05 17:30:34 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-05 17:18:53 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-04-05 17:18:52 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-04-05 16:58:58 0 d-------- C:\Users\All Users\Grisoft
2008-04-02 01:16:19 0 d-------- C:\Program Files\MSXML 4.0
2008-04-02 00:50:40 46 --a------ C:\Windows\popcinfo.dat
2008-03-30 22:49:17 0 d-------- C:\Users\All Users\Nero
2008-03-30 22:49:17 0 d-------- C:\Program Files\Nero
2008-03-30 22:49:17 0 d-------- C:\Program Files\Common Files\Nero
2008-03-30 17:22:17 0 d-------- C:\Users\All Users\TuneUp Software
2008-03-30 17:22:05 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-24 21:52:24 95560 --ah----- C:\Windows\system32\mlfcache.dat
2008-03-22 21:51:09 0 d-------- C:\Windows\system32\appmgmt
2008-03-22 21:46:18 0 d-------- C:\Program Files\Common Files\AnimeVamp
2008-03-22 18:28:09 0 d-------- C:\Users\All Users\Adobe
2008-03-22 18:27:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-22 01:56:47 0 d-------- C:\PerfLogs
2008-03-15 20:28:10 0 d-------- C:\Windows\Sun
2008-03-15 18:41:19 0 d-------- C:\Program Files\VirtualDJ
2008-03-14 10:44:17 164 --a------ C:\install.dat
2008-03-13 22:37:47 0 d-------- C:\Program Files\r2 Studios
2008-03-13 22:36:14 31616 --a------ C:\Windows\system32\drivers\vrtaucbl.sys
2008-03-13 22:36:13 0 d-------- C:\Program Files\Virtual Audio Cable
2008-03-13 14:49:37 0 d-a------ C:\Users\All Users\TEMP
2008-03-05 23:22:26 0 d-------- C:\Program Files\Analog Devices


-- Find3M Report ---------------------------------------------------------------

2008-04-05 17:30:34 0 d-------- C:\Users\Dave\AppData\Roaming\SystemRequirementsLab
2008-04-05 15:31:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 13:12:59 0 d-------- C:\Program Files\McAfee
2008-04-05 11:04:22 0 d-------- C:\Program Files\World of Warcraft
2008-04-05 00:42:51 0 d-------- C:\Users\Dave\AppData\Roaming\Winamp
2008-04-05 00:42:51 0 d-------- C:\Users\Dave\AppData\Roaming\Ventrilo
2008-04-05 00:42:51 0 d-------- C:\Program Files\Winamp
2008-04-05 00:42:50 0 d-------- C:\Program Files\UBISOFT
2008-04-05 00:42:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 21:20:20 0 d-------- C:\Program Files\Electronic Arts
2008-04-03 01:04:00 0 d-------- C:\Users\Dave\AppData\Roaming\LimeWire
2008-04-02 12:14:46 0 d-------- C:\Users\Dave\AppData\Roaming\NeroDigital™
2008-04-01 20:50:53 0 d-------- C:\Users\Dave\AppData\Roaming\teamspeak2
2008-04-01 11:46:37 0 d-------- C:\Users\Dave\AppData\Roaming\Azureus
2008-04-01 10:57:29 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-30 22:51:43 0 d-------- C:\Users\Dave\AppData\Roaming\Nero
2008-03-30 22:49:17 0 d-------- C:\Program Files\Common Files
2008-03-30 22:38:07 0 d-------- C:\Users\Dave\AppData\Roaming\Xfire
2008-03-30 21:49:03 0 d-------- C:\Users\Dave\AppData\Roaming\NoNameScript
2008-03-30 21:08:01 0 d-------- C:\Program Files\mIRC
2008-03-30 17:22:29 0 d-------- C:\Users\Dave\AppData\Roaming\TuneUp Software
2008-03-29 19:29:36 0 d-------- C:\Program Files\Common Files\Steam
2008-03-24 18:45:22 0 d-------- C:\Users\Dave\AppData\Roaming\Apple Computer
2008-03-22 18:59:39 0 d-------- C:\Users\Dave\AppData\Roaming\Adobe
2008-03-22 02:07:48 174 --ahs---- C:\Program Files\desktop.ini
2008-03-22 02:00:15 0 d-------- C:\Program Files\Windows Calendar
2008-03-22 02:00:14 0 d-------- C:\Program Files\Windows Sidebar
2008-03-22 02:00:14 0 d-------- C:\Program Files\Movie Maker
2008-03-22 02:00:11 0 d-------- C:\Program Files\Windows Mail
2008-03-22 02:00:09 0 d-------- C:\Program Files\Windows Collaboration
2008-03-22 02:00:08 0 d-------- C:\Program Files\Windows Journal
2008-03-22 02:00:07 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-22 01:59:58 0 d-------- C:\Program Files\Windows Defender
2008-03-18 21:12:07 0 d-------- C:\Program Files\Xfire
2008-03-07 13:31:57 0 d-------- C:\Program Files\Java
2008-03-07 11:02:37 0 d-------- C:\Program Files\Azureus
2008-03-04 00:18:24 0 d-------- C:\Users\Dave\AppData\Roaming\mIRC
2008-02-29 23:09:21 0 d-------- C:\Program Files\Microsoft Games
2008-02-29 16:12:09 0 dr-h----- C:\Users\Dave\AppData\Roaming\SecuROM
2008-02-29 12:57:37 0 d-------- C:\Program Files\Logitech
2008-02-29 09:06:34 0 d-------- C:\Users\Dave\AppData\Roaming\Logitech
2008-02-29 09:01:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-29 09:01:23 0 d-------- C:\Users\Dave\AppData\Roaming\InstallShield
2008-02-28 20:05:22 0 d-------- C:\Users\Dave\AppData\Roaming\Xfire Plus
2008-02-26 10:28:14 0 -rahs---- C:\MSDOS.SYS
2008-02-26 10:28:14 0 -rahs---- C:\IO.SYS
2008-02-24 23:04:24 0 d-------- C:\Program Files\iTunes
2008-02-24 23:03:34 0 d-------- C:\Program Files\Bonjour
2008-02-24 23:03:23 0 d-------- C:\Program Files\QuickTime
2008-02-24 23:02:37 0 d-------- C:\Program Files\Apple Software Update
2008-02-24 23:01:45 0 d-------- C:\Program Files\Common Files\Apple
2008-02-23 18:43:08 0 d-------- C:\Users\Dave\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-02-23 17:17:06 0 d-------- C:\Program Files\MagicDisc
2008-02-22 17:49:12 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-02-22 01:26:16 0 d-------- C:\Users\Dave\AppData\Roaming\SiteAdvisor
2008-02-21 22:02:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-21 19:13:11 0 d-------- C:\Program Files\Valve
2008-02-21 04:00:07 0 d-------- C:\Users\Dave\AppData\Roaming\DivX
2008-02-21 03:59:11 0 d-------- C:\Users\Dave\AppData\Roaming\vlc
2008-02-21 03:58:39 0 d-------- C:\Program Files\VideoLAN
2008-02-21 01:27:54 0 d-------- C:\Program Files\LimeWire
2008-02-19 21:39:58 0 d-------- C:\Program Files\MagicISO
2008-02-19 00:55:43 0 d-------- C:\Program Files\Common Files\Java
2008-02-18 23:03:23 0 d-------- C:\Program Files\SiteAdvisor
2008-02-18 22:53:29 0 d-------- C:\Users\Dave\AppData\Roaming\WinRAR
2008-02-18 09:59:22 0 d-------- C:\Program Files\BitLocker
2008-02-18 09:50:22 0 d-------- C:\Program Files\Stardock
2008-02-18 09:41:07 0 d-------- C:\Users\Dave\AppData\Roaming\Macromedia
2008-02-18 09:40:19 1158 --a------ C:\Windows\mozver.dat
2008-02-17 23:51:03 0 d-------- C:\Program Files\Ventrilo
2008-02-17 23:39:28 0 d-------- C:\Program Files\Windows Live
2008-02-17 23:39:14 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-17 23:28:08 0 --a------ C:\Windows\nsreg.dat
2008-02-17 23:14:39 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-17 22:31:18 0 d-------- C:\Program Files\Common Files\McAfee
2008-02-17 22:31:06 0 d-------- C:\Program Files\McAfee.com
2008-02-17 21:39:38 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment.temp
2008-02-17 21:33:03 0 d-------- C:\Program Files\DivX
2008-02-17 21:33:02 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-02-17 21:09:04 0 d-------- C:\Users\Dave\AppData\Roaming\Mozilla
2008-02-17 20:43:08 0 d-------- C:\Users\Dave\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 07:15 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 22:57]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 16:32 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [13/12/2007 18:43]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [13/12/2007 18:57]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [19/12/2006 06:34]
"NvSvc"="RUNDLL32.exe" [02/11/2006 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [02/11/2006 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [02/11/2006 10:45 C:\Windows\System32\rundll32.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 14:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 19:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\autorun.exe

*Newly Created Service* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\Windows\system32:winsock32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-05 18:05:41 ------------



Kasperskys log -

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 05, 2008 6:02:44 PM
Operating System: Microsoft Windows Vista Professional, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/04/2008
Kaspersky Anti-Virus database records: 684595
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 103503
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:30:39

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\90bd3f79f6b7b3e7e0edf9f293432dea_a93042fd-674a-4a1b-8f26-97fd9d769583 Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040520080406\index.dat Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat{d76ea63d-dd93-11dc-bda4-001d60ca4ed9}.TM.blf Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat{d76ea63d-dd93-11dc-bda4-001d60ca4ed9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat{d76ea63d-dd93-11dc-bda4-001d60ca4ed9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows Live Contacts\dwadeley331@hotmail.com\real\members.stg Object is locked skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows Live Contacts\dwadeley331@hotmail.com\shadow\members.stg Object is locked skipped
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\p18m7mtk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\p18m7mtk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\p18m7mtk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\p18m7mtk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\p18m7mtk.default\XUL.mfl Object is locked skipped
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Dave\AppData\Local\Temp\hsperfdata_Dave\992 Object is locked skipped
C:\Users\Dave\AppData\Local\Temp\~DF1F4F.tmp Object is locked skipped
C:\Users\Dave\AppData\Local\Temp\~DF1F59.tmp Object is locked skipped
C:\Users\Dave\AppData\Local\Temp\~DF26B3.tmp Object is locked skipped
C:\Users\Dave\AppData\Local\Temp\~DF26BD.tmp Object is locked skipped
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\p18m7mtk.default\cert8.db Object is locked skipped
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\p18m7mtk.default\history.dat Object is locked skipped
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\p18m7mtk.default\key3.db Object is locked skipped
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\p18m7mtk.default\parent.lock Object is locked skipped
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\p18m7mtk.default\search.sqlite Object is locked skipped
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\p18m7mtk.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Dave\ntuser.dat Object is locked skipped
C:\Users\Dave\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Dave\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Dave\NTUSER.DAT{d76ea638-dd93-11dc-bda4-001d60ca4ed9}.TM.blf Object is locked skipped
C:\Users\Dave\NTUSER.DAT{d76ea638-dd93-11dc-bda4-001d60ca4ed9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Dave\NTUSER.DAT{d76ea638-dd93-11dc-bda4-001d60ca4ed9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\CSC\v2.0.6\temp\ea-{9ceb3370-f7ab-11dc-a8a4-001d60ca4ed9} Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{efdfc1d6-dd95-11dc-b1d8-001d60ca4ed9}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{efdfc1d6-dd95-11dc-b1d8-001d60ca4ed9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{efdfc1d6-dd95-11dc-b1d8-001d60ca4ed9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0edd409e-0298-11dd-91e5-bff40fa92e6a}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0edd409e-0298-11dd-91e5-bff40fa92e6a}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0edd409e-0298-11dd-91e5-bff40fa92e6a}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Temp\mcmsc_pHTGyw5dUqvuixg Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 SickDave

SickDave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 05 April 2008 - 12:17 PM

Hijackthis log from running on normal mode


Deckard's System Scanner v20071014.68
Run by Dave on 2008-04-05 18:14:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dave.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:50, on 05/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dave\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dave.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8044 bytes

-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 18:03:57 0 d-------- C:\Program Files\Trend Micro
2008-04-05 17:30:34 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-05 17:18:53 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-04-05 17:18:52 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-04-05 16:58:58 0 d-------- C:\Users\All Users\Grisoft
2008-04-02 01:16:19 0 d-------- C:\Program Files\MSXML 4.0
2008-04-02 00:50:40 46 --a------ C:\Windows\popcinfo.dat
2008-03-30 22:49:17 0 d-------- C:\Users\All Users\Nero
2008-03-30 22:49:17 0 d-------- C:\Program Files\Nero
2008-03-30 22:49:17 0 d-------- C:\Program Files\Common Files\Nero
2008-03-30 17:22:17 0 d-------- C:\Users\All Users\TuneUp Software
2008-03-30 17:22:05 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-24 21:52:24 95560 --ah----- C:\Windows\system32\mlfcache.dat
2008-03-22 21:51:09 0 d-------- C:\Windows\system32\appmgmt
2008-03-22 21:46:18 0 d-------- C:\Program Files\Common Files\AnimeVamp
2008-03-22 18:28:09 0 d-------- C:\Users\All Users\Adobe
2008-03-22 18:27:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-22 01:56:47 0 d-------- C:\PerfLogs
2008-03-15 20:28:10 0 d-------- C:\Windows\Sun
2008-03-15 18:41:19 0 d-------- C:\Program Files\VirtualDJ
2008-03-14 10:44:17 164 --a------ C:\install.dat
2008-03-13 22:37:47 0 d-------- C:\Program Files\r2 Studios
2008-03-13 22:36:14 31616 --a------ C:\Windows\system32\drivers\vrtaucbl.sys
2008-03-13 22:36:13 0 d-------- C:\Program Files\Virtual Audio Cable
2008-03-13 14:49:37 0 d-a------ C:\Users\All Users\TEMP
2008-03-05 23:22:26 0 d-------- C:\Program Files\Analog Devices


-- Find3M Report ---------------------------------------------------------------

2008-04-05 17:30:34 0 d-------- C:\Users\Dave\AppData\Roaming\SystemRequirementsLab
2008-04-05 15:31:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 13:12:59 0 d-------- C:\Program Files\McAfee
2008-04-05 11:04:22 0 d-------- C:\Program Files\World of Warcraft
2008-04-05 00:42:51 0 d-------- C:\Users\Dave\AppData\Roaming\Winamp
2008-04-05 00:42:51 0 d-------- C:\Users\Dave\AppData\Roaming\Ventrilo
2008-04-05 00:42:51 0 d-------- C:\Program Files\Winamp
2008-04-05 00:42:50 0 d-------- C:\Program Files\UBISOFT
2008-04-05 00:42:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 21:20:20 0 d-------- C:\Program Files\Electronic Arts
2008-04-03 01:04:00 0 d-------- C:\Users\Dave\AppData\Roaming\LimeWire
2008-04-02 12:14:46 0 d-------- C:\Users\Dave\AppData\Roaming\NeroDigital™
2008-04-01 20:50:53 0 d-------- C:\Users\Dave\AppData\Roaming\teamspeak2
2008-04-01 11:46:37 0 d-------- C:\Users\Dave\AppData\Roaming\Azureus
2008-04-01 10:57:29 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-30 22:51:43 0 d-------- C:\Users\Dave\AppData\Roaming\Nero
2008-03-30 22:49:17 0 d-------- C:\Program Files\Common Files
2008-03-30 22:38:07 0 d-------- C:\Users\Dave\AppData\Roaming\Xfire
2008-03-30 21:49:03 0 d-------- C:\Users\Dave\AppData\Roaming\NoNameScript
2008-03-30 21:08:01 0 d-------- C:\Program Files\mIRC
2008-03-30 17:22:29 0 d-------- C:\Users\Dave\AppData\Roaming\TuneUp Software
2008-03-29 19:29:36 0 d-------- C:\Program Files\Common Files\Steam
2008-03-24 18:45:22 0 d-------- C:\Users\Dave\AppData\Roaming\Apple Computer
2008-03-22 18:59:39 0 d-------- C:\Users\Dave\AppData\Roaming\Adobe
2008-03-22 02:07:48 174 --ahs---- C:\Program Files\desktop.ini
2008-03-22 02:00:15 0 d-------- C:\Program Files\Windows Calendar
2008-03-22 02:00:14 0 d-------- C:\Program Files\Windows Sidebar
2008-03-22 02:00:14 0 d-------- C:\Program Files\Movie Maker
2008-03-22 02:00:11 0 d-------- C:\Program Files\Windows Mail
2008-03-22 02:00:09 0 d-------- C:\Program Files\Windows Collaboration
2008-03-22 02:00:08 0 d-------- C:\Program Files\Windows Journal
2008-03-22 02:00:07 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-22 01:59:58 0 d-------- C:\Program Files\Windows Defender
2008-03-18 21:12:07 0 d-------- C:\Program Files\Xfire
2008-03-07 13:31:57 0 d-------- C:\Program Files\Java
2008-03-07 11:02:37 0 d-------- C:\Program Files\Azureus
2008-03-04 00:18:24 0 d-------- C:\Users\Dave\AppData\Roaming\mIRC
2008-02-29 23:09:21 0 d-------- C:\Program Files\Microsoft Games
2008-02-29 16:12:09 0 dr-h----- C:\Users\Dave\AppData\Roaming\SecuROM
2008-02-29 12:57:37 0 d-------- C:\Program Files\Logitech
2008-02-29 09:06:34 0 d-------- C:\Users\Dave\AppData\Roaming\Logitech
2008-02-29 09:01:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-29 09:01:23 0 d-------- C:\Users\Dave\AppData\Roaming\InstallShield
2008-02-28 20:05:22 0 d-------- C:\Users\Dave\AppData\Roaming\Xfire Plus
2008-02-26 10:28:14 0 -rahs---- C:\MSDOS.SYS
2008-02-26 10:28:14 0 -rahs---- C:\IO.SYS
2008-02-24 23:04:24 0 d-------- C:\Program Files\iTunes
2008-02-24 23:03:34 0 d-------- C:\Program Files\Bonjour
2008-02-24 23:03:23 0 d-------- C:\Program Files\QuickTime
2008-02-24 23:02:37 0 d-------- C:\Program Files\Apple Software Update
2008-02-24 23:01:45 0 d-------- C:\Program Files\Common Files\Apple
2008-02-23 18:43:08 0 d-------- C:\Users\Dave\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-02-23 17:17:06 0 d-------- C:\Program Files\MagicDisc
2008-02-22 17:49:12 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-02-22 01:26:16 0 d-------- C:\Users\Dave\AppData\Roaming\SiteAdvisor
2008-02-21 22:02:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-21 19:13:11 0 d-------- C:\Program Files\Valve
2008-02-21 04:00:07 0 d-------- C:\Users\Dave\AppData\Roaming\DivX
2008-02-21 03:59:11 0 d-------- C:\Users\Dave\AppData\Roaming\vlc
2008-02-21 03:58:39 0 d-------- C:\Program Files\VideoLAN
2008-02-21 01:27:54 0 d-------- C:\Program Files\LimeWire
2008-02-19 21:39:58 0 d-------- C:\Program Files\MagicISO
2008-02-19 00:55:43 0 d-------- C:\Program Files\Common Files\Java
2008-02-18 23:03:23 0 d-------- C:\Program Files\SiteAdvisor
2008-02-18 22:53:29 0 d-------- C:\Users\Dave\AppData\Roaming\WinRAR
2008-02-18 09:59:22 0 d-------- C:\Program Files\BitLocker
2008-02-18 09:50:22 0 d-------- C:\Program Files\Stardock
2008-02-18 09:41:07 0 d-------- C:\Users\Dave\AppData\Roaming\Macromedia
2008-02-18 09:40:19 1158 --a------ C:\Windows\mozver.dat
2008-02-17 23:51:03 0 d-------- C:\Program Files\Ventrilo
2008-02-17 23:39:28 0 d-------- C:\Program Files\Windows Live
2008-02-17 23:39:14 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-17 23:28:08 0 --a------ C:\Windows\nsreg.dat
2008-02-17 23:14:39 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-17 22:31:18 0 d-------- C:\Program Files\Common Files\McAfee
2008-02-17 22:31:06 0 d-------- C:\Program Files\McAfee.com
2008-02-17 21:39:38 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment.temp
2008-02-17 21:33:03 0 d-------- C:\Program Files\DivX
2008-02-17 21:33:02 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-02-17 21:09:04 0 d-------- C:\Users\Dave\AppData\Roaming\Mozilla
2008-02-17 20:43:08 0 d-------- C:\Users\Dave\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 07:15 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 22:57]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 16:32 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [13/12/2007 18:43]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [13/12/2007 18:57]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [19/12/2006 06:34]
"NvSvc"="RUNDLL32.exe" [02/11/2006 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [02/11/2006 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [02/11/2006 10:45 C:\Windows\System32\rundll32.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 14:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 19:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\Windows\system32:winsock32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-05 18:16:33 ------------

#3 SickDave

SickDave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 05 April 2008 - 03:50 PM

shameless bump, really need help

#4 SickDave

SickDave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2008 - 06:06 AM

really need help, problem is still bad, worse than ever, please help

#5 bricat

bricat

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 16 April 2008 - 01:56 PM

Please download ComboFix from either of these two locations

BleepingComputerComboFix
geeks to go combofix

And save it to your DESKTOP.

* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Post back with the log from ComboFix and a new HJT log please.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users