Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection Mrofinu72 Involved, Please Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 rhoerus

rhoerus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 06 April 2008 - 07:16 PM

Hello, I have referred to a few other threads here in an attempt to rid my computer of this problem, however the virus has been very tenacious, resisting several different malware removal programs.

Symptoms:

System popups notifying me that my computer is infected; upon clicking them, IE windows appears trying to sell me software to correct it.
Google/Yahoo searches are hijacked and results send me to sites other than what I searched for.
Program listed in the title (mrofinu72.exe) continually appears and will not go away even when ended; I suspect it is either the main culprit or one of the major players
Task Manager is deactivated
Desktop image gets reset to one saying my system in infected with a link to software sales page as before

I have run SmitFraudFix, but this has only been partially successful in fixing the problem; given a few minutes or a reboot the popups and all other symptoms reappear. Other programs that have not been successful at removing it (at least by using system scans) are: Spybot, Malwarebytes, AVG Anti-Spyware, CC Cleaner.

Below are log files from DSS. Thank you in advance for any help you can give me.

Deckard's System Scanner v20071014.68
Run by Daniel Chmielewski on 2008-04-06 20:06:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
62: 2008-04-06 20:05:27 UTC - RP611 - Removed Java™ 6 Update 3
61: 2008-04-06 18:59:50 UTC - RP610 - Removed Netflix Movie Viewer
60: 2008-04-06 18:50:44 UTC - RP609 - Installed Java™ 6 Update 5
59: 2008-04-06 13:37:56 UTC - RP608 - ComboFix created restore point
58: 2008-04-06 02:26:10 UTC - RP607 - System Checkpoint


-- First Restore Point --
1: 2008-01-09 00:37:58 UTC - RP550 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Daniel Chmielewski.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:46 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\devnz\gbpvr\GBPVRTray.exe
C:\Program Files\HIP\HIP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\DEVNZ\GBPVR\PVRX2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Daniel Chmielewski\Desktop\dss.exe
C:\DOCUME~1\DANIEL~1\Desktop\Daniel Chmielewski.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {3343CFEA-2E07-0C86-5712-5900B8B58ECA} - C:\WINDOWS\system32\aktuiu.dll (file missing)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: HIP.lnk = C:\Program Files\HIP\HIP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143690039608
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6914 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\DANIEL~1\Desktop\backups\) ------------

backup-20080405-220827-317 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080405-221009-799 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080405-232828-762 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-005855-597 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-005910-707 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-010641-998 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-010649-184 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-010931-926 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-011028-158 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-011748-127 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080406-011748-255 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080406-011748-262 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080406-011748-305 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080406-011748-394 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080406-011748-490 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080406-011748-510 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080406-011748-593 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080406-011748-950 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-011810-141 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080406-150117-443 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Stealth - c:\windows\system32\drivers\stealth.sys <Not Verified; Generic; STEALTH>
R3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>

S3 atinevxx (ATI WDM Rage Theater Video NSP) - c:\windows\system32\drivers\atinevxx.sys
S3 JL2005C (Dual Mode Camera) - c:\windows\system32\drivers\jl2005c.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - d:\autorun\pcandis5.sys (file missing)
S3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys (file missing)
S3 WMP11V27 (Instant Wireless PCI Card V2.7 Driver) - c:\windows\system32\drivers\wmp11v27.sys <Not Verified; The Linksys Group, Inc; Instant Wireless PCI Card>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 GB-PVR Recording Service - "c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe" <Not Verified; WelltonWay; GB-PVR Recording Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: DISPLAY\NTATIVRV01\5&F7C21CD&0&80000008&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVRV01\5&F7C21CD&0&80000008&01&00
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Instant Wireless PCI Card V2.7
Device ID: PCI\VEN_14E4&DEV_4301&SUBSYS_43011737&REV_02\3&61AAA01&0&68
Manufacturer: The Linksys Group, Inc.
Name: Instant Wireless PCI Card V2.7
PNP Device ID: PCI\VEN_14E4&DEV_4301&SUBSYS_43011737&REV_02\3&61AAA01&0&68
Service: WMP11V27


-- Scheduled Tasks -------------------------------------------------------------

2008-04-05 21:47:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 20:02:32 28416 --a------ C:\WINDOWS\voiceip.dll
2008-04-06 20:02:32 24576 --a------ C:\WINDOWS\swin32.dll
2008-04-06 20:02:32 12544 --a------ C:\WINDOWS\stcloader.exe
2008-04-06 20:02:32 0 d-------- C:\Program Files\stc
2008-04-06 20:02:31 19200 --a------ C:\WINDOWS\mssvr.exe
2008-04-06 20:02:31 31232 --a------ C:\WINDOWS\mspphe.dll
2008-04-06 20:02:31 19968 --a------ C:\WINDOWS\cdsm32.dll
2008-04-06 20:02:31 29952 --a------ C:\WINDOWS\bokja.exe
2008-04-06 20:02:30 10752 --a------ C:\WINDOWS\bjam.dll
2008-04-06 20:02:30 22272 --a------ C:\WINDOWS\2020search2.dll
2008-04-06 20:02:30 21760 --a------ C:\WINDOWS\2020search.dll
2008-04-06 20:02:29 23296 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-04-06 20:02:29 0 d-------- C:\Program Files\zango
2008-04-06 20:02:29 0 d-------- C:\Program Files\seekmo
2008-04-06 20:02:29 0 d-------- C:\Program Files\180search assistant
2008-04-06 20:02:28 28160 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-04-06 20:02:28 29696 --a------ C:\WINDOWS\180ax.exe
2008-04-06 20:02:28 0 d-------- C:\Program Files\180searchassistant
2008-04-06 20:02:27 8448 --a------ C:\WINDOWS\updatetc.exe
2008-04-06 20:02:27 20480 --a------ C:\WINDOWS\salm.exe
2008-04-06 20:02:27 0 d-------- C:\WINDOWS\FLEOK
2008-04-06 20:02:27 0 d-------- C:\Program Files\180solutions
2008-04-06 20:02:26 16640 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-06 20:02:26 22272 --a------ C:\WINDOWS\saiemod.dll
2008-04-06 20:02:25 24832 --a------ C:\WINDOWS\msapasrc.dll
2008-04-06 20:02:25 13824 --a------ C:\WINDOWS\msa64chk.dll
2008-04-06 20:02:24 31488 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-06 20:02:24 16128 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-06 20:02:24 8960 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-06 20:02:24 20224 --a------ C:\WINDOWS\shdocpl.dll
2008-04-06 20:02:23 13312 --a------ C:\WINDOWS\winsb.dll
2008-04-06 20:02:23 9728 --a------ C:\WINDOWS\shdocpe.dll
2008-04-06 20:02:23 23296 --a------ C:\WINDOWS\ntnut.exe
2008-04-06 20:02:23 18688 --a------ C:\WINDOWS\browserad.dll
2008-04-06 20:02:23 0 d-------- C:\Program Files\Sysmnt
2008-04-06 20:02:22 31232 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-06 20:02:22 24320 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-06 20:02:22 11008 --a------ C:\WINDOWS\avifile32.dll
2008-04-06 20:02:22 16640 --a------ C:\WINDOWS\autodisc32.dll
2008-04-06 20:02:21 10240 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-06 20:02:21 31488 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-06 20:02:21 12032 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-06 20:02:21 30976 --a------ C:\WINDOWS\athprxy32.dll
2008-04-06 20:02:20 20224 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-06 20:02:20 17408 --a------ C:\WINDOWS\asferror32.dll
2008-04-06 20:02:20 29952 --a------ C:\WINDOWS\apphelp32.dll
2008-04-06 20:02:19 31232 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-06 16:02:38 0 d-------- C:\Documents and Settings\Daniel Chmielewski\Application Data\Malwarebytes
2008-04-06 16:02:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 16:02:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-06 10:03:51 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-06 09:37:12 68096 --a------ C:\WINDOWS\zip.exe
2008-04-06 09:37:12 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-06 09:37:12 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-06 09:37:12 98816 --a------ C:\WINDOWS\sed.exe
2008-04-06 09:37:12 80412 --a------ C:\WINDOWS\grep.exe
2008-04-06 09:37:12 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-06 09:37:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-06 09:37:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-05 23:31:15 0 d-------- C:\Documents and Settings\Daniel Chmielewski\Application Data\Grisoft
2008-04-05 23:31:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-05 23:22:49 0 d-------- C:\Program Files\CCleaner
2008-04-05 23:02:06 2670 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 23:01:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-05 23:01:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-05 23:01:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-05 23:01:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-05 23:01:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-05 23:01:23 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-05 23:01:23 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-05 19:24:24 0 d-------- C:\Documents and Settings\Daniel Chmielewski\.housecall6.6
2008-04-05 17:09:37 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-05 17:09:37 2557 --a------ C:\WINDOWS\unins000.dat
2008-04-05 08:45:55 91561 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-03-30 19:09:40 0 d-------- C:\Program Files\DVD Decrypter
2008-03-27 21:45:49 384512 --a------ C:\WINDOWS\system32\BTMIGetKey.dll <Not Verified; BTM Innovation Pty Ltd; >
2008-03-27 21:45:48 0 d-------- C:\Program Files\HIP
2008-03-25 22:05:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Free Labs
2008-03-25 21:49:05 0 d-------- C:\Documents and Settings\Daniel Chmielewski\Application Data\Easy Macro Recorder
2008-03-22 08:48:41 0 d-------- C:\Program Files\MMTaskbar
2008-03-21 22:18:24 0 d-------- C:\Documents and Settings\Daniel Chmielewski\Application Data\Realtime Soft
2008-03-21 19:56:43 0 d-------- C:\Program Files\XBCD


-- Find3M Report ---------------------------------------------------------------

2008-04-06 14:51:46 0 d-------- C:\Program Files\Java
2008-04-05 16:29:30 0 d-------- C:\Program Files\Common Files
2008-04-02 08:16:25 0 d-------- C:\Program Files\StepMania
2008-03-30 19:08:03 0 d-------- C:\Program Files\LIVEUPDATE
2008-03-25 22:38:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 22:38:34 0 d-------- C:\Program Files\ATI Multimedia
2008-03-23 22:37:09 0 d-------- C:\Program Files\FlashFXP
2008-03-02 09:58:15 31 --ah----- C:\WINDOWS\uccspecc.sys
2008-03-02 09:58:15 0 d-------- C:\Program Files\Coupons
2008-02-18 10:52:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-14 20:25:06 0 d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-02-14 20:06:20 91 --a------ C:\WINDOWS\system32\buyurl-mmp.dat
2008-02-08 22:11:22 0 d-------- C:\Program Files\devnz
2008-02-01 21:55:17 229 --a------ C:\WINDOWS\system32\'


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3343CFEA-2E07-0C86-5712-5900B8B58ECA}]
C:\WINDOWS\system32\aktuiu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [01/08/2003 04:55 PM]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [05/05/2003 10:55 AM]
"Tweak UI"="TWEAKUI.CPL" [06/18/2000 03:03 PM C:\WINDOWS\system32\TWEAKUI.CPL]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 03:43 PM]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [12/13/2003 01:17 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 07:36 PM]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [06/18/2006 03:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [01/04/2005 03:17 PM]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE" [04/05/2006 10:03 PM]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

C:\Documents and Settings\Daniel Chmielewski\Start Menu\Programs\Startup\
GBPVRTray.exe.lnk - C:\Program Files\devnz\gbpvr\GBPVRTray.exe [3/9/2008 1:20:38 PM]
HIP.lnk - C:\Program Files\HIP\HIP.exe [3/27/2008 9:45:49 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"runner1"=C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8830cf-dd70-11da-9955-0013d4137e68}]
AutoRun\command- G:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-04-06 20:08:45 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
CPU 1: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1023.53 MiB / 576.45 MiB
Pagefile Memory (total/avail): 2464.83 MiB / 2027.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 10.28 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Fixed (NTFS) - 232.88 GiB total, 128.04 GiB free.

\\.\PHYSICALDRIVE1 - WDC WD2500JB-00REA0 - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD400BB-00CAA1 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\ccxgui\\ccxStream.exe"="C:\\Program Files\\ccxgui\\ccxStream.exe:*:Enabled:ccxStream"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Daniel Chmielewski\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CALLANDOR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Daniel Chmielewski
LOGONSERVER=\\CALLANDOR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp
ULTRAMON_LANGDIR=C:\Program Files\UltraMon\Resources\en
USERDOMAIN=CALLANDOR
USERNAME=Daniel Chmielewski
USERPROFILE=C:\Documents and Settings\Daniel Chmielewski
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Daniel Chmielewski (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{8270831B-8F2F-4B65-8E2C-9712054C38D1}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Remote Wonder 3.04 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitTornado 0.3.7 --> C:\Program Files\BitTornado\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DAEMON Tools --> MsiExec.exe /I{94A7D275-E658-4B29-8C7F-2AAEF6CF453F}
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}
DivX 4.0 Final Codec --> "C:\Program Files\DivXCodec\uninstall.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
FlashFXP --> C:\PROGRA~1\FlashFXP\UNWISE.EXE C:\PROGRA~1\FlashFXP\INSTALL.LOG
GB-PVR --> MsiExec.exe /I{4C39136A-165C-4FFA-9621-5D0BE718C64D}
GoldWave v5.13 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.13" "C:\Program Files\GoldWave\unstall.log"
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Daniel Chmielewski\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Human Interface Programmer (HIP) --> C:\PROGRA~1\HIP\UNWISE.EXE C:\PROGRA~1\HIP\INSTALL.LOG
iPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
IsoBuster 0.99.7.4 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Location Finder --> MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
MultiMon TaskBar 2.1 --> "C:\Program Files\MMTaskbar\unins000.exe"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
The Playa --> "C:\Program Files\The Playa\uninstall.exe"
Tweak UI --> C:\WINDOWS\rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 C:\WINDOWS\Inf\Tweakui.Inf
UltraVNC v1.0.2 --> "C:\Program Files\UltraVNC\unins000.exe"
Uninstall Dual Mode Camera --> "C:\Program Files\JL2005C\unins000.exe"
Unlocker 1.8.1 --> C:\Program Files\Unlocker\uninst.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless PCI Card Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}\Setup.exe" -l0x9
XBCD 1.07 --> C:\Program Files\XBCD\uninst.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type10143 / Error
Event Submitted/Written: 04/06/2008 04:16:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3268, fault address 0x0001c421.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10135 / Error
Event Submitted/Written: 04/06/2008 02:53:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module axplayer.ocx, version 1.2.0.211, fault address 0x0000d711.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10134 / Error
Event Submitted/Written: 04/06/2008 02:52:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module axplayer.ocx, version 1.2.0.211, fault address 0x0000d711.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10071 / Error
Event Submitted/Written: 04/05/2008 08:55:28 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shdocvw.dll, version 6.0.2900.3268, fault address 0x0002424e.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10058 / Error
Event Submitted/Written: 03/30/2008 07:13:45 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft Streets & Trips 2006 -- Error 1706.No valid source could be found for product Microsoft Streets & Trips 2006. The Windows Installer cannot continue.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9207 / Error
Event Submitted/Written: 04/06/2008 06:17:47 PM / 04/06/2008 06:18:15 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type9206 / Error
Event Submitted/Written: 04/06/2008 06:17:47 PM / 04/06/2008 06:18:15 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type9205 / Error
Event Submitted/Written: 04/06/2008 06:17:46 PM / 04/06/2008 06:18:15 PM
Event ID/Source: 10270 / ati2mtag
Event Description:


Event Record #/Type9204 / Error
Event Submitted/Written: 04/06/2008 06:17:45 PM / 04/06/2008 06:18:15 PM
Event ID/Source: 10270 / ati2mtag
Event Description:


Event Record #/Type9203 / Error
Event Submitted/Written: 04/06/2008 06:17:45 PM / 04/06/2008 06:18:15 PM
Event ID/Source: 10270 / ati2mtag
Event Description:




-- End of Deckard's System Scanner: finished at 2008-04-06 20:08:45 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:13 PM

Posted 13 April 2008 - 04:43 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:13 PM

Posted 20 April 2008 - 12:19 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users