Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumonde


  • This topic is locked This topic is locked
2 replies to this topic

#1 XETN

XETN

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 24 April 2008 - 11:15 PM

Hello BleepingComputer mods/admin,

My computer was recently (either today or yesterday) infected with this "Virtumonde" backdoor trojan (I think). I ran a scan with SpyBot and could not remove the problem because Spybot would freeze and end up not removing it. I came across this forum after noticing a user who had his problem fixed. I've done the steps accordingly to the Sticky Post and have my main.txt and extra.txt. Thanks

Main.txt

Deckard's System Scanner v20071014.68
Run by Terence on 2008-04-24 21:04:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-04-25 04:04:37 UTC - RP790 - Deckard's System Scanner Restore Point
47: 2008-04-25 02:27:52 UTC - RP789 - System Checkpoint
46: 2008-04-24 00:27:48 UTC - RP788 - Last known good configuration
45: 2008-04-24 00:27:34 UTC - RP787 - System Checkpoint
44: 2008-04-24 00:27:34 UTC - RP786 - System Checkpoint


-- First Restore Point --
1: 2008-04-24 00:27:25 UTC - RP743 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Terence.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:38 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
P:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Terence\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Terence.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {5220fd7b-a7c4-74e9-5e94-1f8460bc59da} - {ad95cb06-48f1-49e5-9e47-4c7ab7df0225} - C:\WINDOWS\system32\uulvsdcf.dll
O2 - BHO: (no name) - {D36ADBD9-F746-4722-A14F-C9469EEB180D} - C:\WINDOWS\system32\rqRJCTkK.dll (file missing)
O2 - BHO: (no name) - {D5437A53-33F9-49E5-9FF7-87EED6BACFAB} - C:\WINDOWS\system32\fccdccaW.dll (file missing)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\pmnoLEtu.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM23e0b982] Rundll32.exe "C:\WINDOWS\system32\uaaypxds.dll",s
O4 - HKLM\..\Run: [20d38a1e] rundll32.exe "C:\WINDOWS\system32\iaosxuly.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\RunOnce: [SpybotDeletingB311] command /c del "C:\WINDOWS\system32\iaosxuly.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6386] cmd /c del "C:\WINDOWS\system32\iaosxuly.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3668] command /c del "C:\WINDOWS\system32\thiysmdt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4502] cmd /c del "C:\WINDOWS\system32\thiysmdt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8822] command /c del "C:\WINDOWS\system32\uaaypxds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9840] cmd /c del "C:\WINDOWS\system32\uaaypxds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB556] command /c del "C:\WINDOWS\system32\iaosxuly.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2761] cmd /c del "C:\WINDOWS\system32\iaosxuly.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7101] command /c del "C:\WINDOWS\system32\rqRJCTkK.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7641] cmd /c del "C:\WINDOWS\system32\rqRJCTkK.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7335] command /c del "C:\WINDOWS\system32\thiysmdt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5817] cmd /c del "C:\WINDOWS\system32\thiysmdt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8131] command /c del "C:\WINDOWS\system32\uaaypxds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5151] cmd /c del "C:\WINDOWS\system32\uaaypxds.dll_old"
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian.exe
O4 - Global Startup: Logitech SetPoint.lnk = P:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138442945717
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143181788250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://inside.sfsu.edu/mail04b/dwa7W.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: pmnoLEtu - C:\WINDOWS\SYSTEM32\pmnoLEtu.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12163 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech, Inc.; Logitech SetPoint™>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 npkcrypt - c:\program files\gravity\ro\npkcrypt.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/XP>
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 MSSQL$SONY_MEDIAMGR - c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe -ssony_mediamgr (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 SQLAgent$SONY_MEDIAMGR - c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe -i sony_mediamgr (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-24 18:25:28 342 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-04-23 22:25:16 426 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{898CB376-955E-4B26-8A6E-FA1E180DA5D9}.job
2008-04-14 12:24:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2008-04-24 21:06:20 0 d-------- C:\Program Files\Trend Micro
2008-04-24 20:46:41 0 d-------- C:\Program Files\Enigma Software Group
2008-04-24 20:03:38 0 d-------- C:\VundoFix Backups
2008-04-24 18:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-24 17:52:59 100416 --a------ C:\WINDOWS\system32\uulvsdcf.dll
2008-04-24 17:52:06 420871 --ahs---- C:\WINDOWS\system32\KkTCJRqr.ini2
2008-04-24 13:01:32 100416 --a------ C:\WINDOWS\system32\yochvqah.dll
2008-04-24 12:59:19 88640 --a------ C:\WINDOWS\system32\whqmwsic.dll
2008-04-24 12:57:32 88640 --a------ C:\WINDOWS\system32\xuyrmevx.dll
2008-04-23 17:27:15 422112 --ahs---- C:\WINDOWS\system32\Waccdccf.ini2
2008-04-23 17:22:07 37888 --a------ C:\WINDOWS\system32\pmnoLEtu.dll
2008-04-22 18:53:19 0 d-------- C:\Documents and Settings\Terence\Application Data\HTML Executable
2008-04-22 18:53:16 0 d-------- C:\Program Files\Common Files\HTML Executable Viewer
2008-04-22 18:53:11 0 d-------- C:\Program Files\free-mahjong-games
2008-04-13 14:41:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-07 12:38:40 0 d-------- C:\Program Files\iTunes
2008-04-03 23:20:25 0 d-------- C:\Program Files\Seagate
2008-03-30 16:04:26 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-30 15:45:27 0 d-------- C:\Program Files\SopCast
2008-03-29 22:03:55 0 d-------- C:\Program Files\Maxis


-- Find3M Report ---------------------------------------------------------------

2008-04-24 20:45:06 0 d-------- C:\Documents and Settings\Terence\Application Data\LimeWire
2008-04-24 20:44:50 0 d-------- C:\Program Files\LimeWire
2008-04-24 20:33:14 0 d-------- C:\Program Files\Trillian Pro
2008-04-23 17:30:54 0 d-------- C:\Documents and Settings\Terence\Application Data\uTorrent
2008-04-22 18:53:16 0 d-------- C:\Program Files\Common Files
2008-04-21 15:50:50 0 d-------- C:\Program Files\WS_FTP
2008-04-13 08:14:57 0 d-------- C:\Program Files\Common Files\Intuit
2008-04-07 12:38:47 0 d-------- C:\Program Files\iPod
2008-04-07 12:37:38 0 d-------- C:\Program Files\QuickTime
2008-04-06 22:54:34 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-05 16:18:51 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-05 16:18:51 0 d-------- C:\Program Files\WinAVIVideoConverter
2008-04-05 16:18:51 0 d-------- C:\Program Files\TGTSoft
2008-04-05 16:18:51 0 d-------- C:\Program Files\TagRename
2008-04-05 16:18:51 0 d-------- C:\Program Files\Real Alternative
2008-04-05 16:18:50 0 d-------- C:\Program Files\Movie Maker
2008-04-05 16:18:50 0 d-------- C:\Program Files\MagicISO
2008-04-05 16:18:50 0 d-------- C:\Program Files\LiveMath
2008-04-05 16:18:50 0 d-------- C:\Program Files\Intel
2008-04-05 16:18:50 0 d-------- C:\Program Files\FreeRIP3
2008-04-05 16:18:50 0 d-------- C:\Program Files\dvdSanta
2008-04-05 16:18:50 0 d-------- C:\Program Files\DivX
2008-04-05 16:18:49 0 d-------- C:\Program Files\CONEXANT
2008-04-05 16:18:49 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-04-05 16:18:49 0 d-------- C:\Program Files\BitTorrent
2008-04-05 16:18:49 0 d-------- C:\Program Files\AIM
2008-04-03 23:20:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 19:20:29 0 d-------- C:\Program Files\Java
2008-03-29 22:15:17 581 --a----c- C:\WINDOWS\eReg.dat
2008-03-21 17:09:53 0 d-------- C:\Documents and Settings\Terence\Application Data\Adobe
2008-03-16 22:26:25 0 d-------- C:\Documents and Settings\Terence\Application Data\Uniblue
2008-03-16 22:17:18 0 d-------- C:\Program Files\Uniblue
2008-03-15 19:53:40 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-14 22:29:23 2528 --a------ C:\Documents and Settings\Terence\Application Data\$_hpcst$.hpc
2008-02-14 20:50:09 691545 --a------ C:\WINDOWS\unins001.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad95cb06-48f1-49e5-9e47-4c7ab7df0225}]
04/24/2008 05:53 PM 100416 --a------ C:\WINDOWS\system32\uulvsdcf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D36ADBD9-F746-4722-A14F-C9469EEB180D}]
C:\WINDOWS\system32\rqRJCTkK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5437A53-33F9-49E5-9FF7-87EED6BACFAB}]
C:\WINDOWS\system32\fccdccaW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]
04/23/2008 05:22 PM 37888 --a------ C:\WINDOWS\system32\pmnoLEtu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 04:10 AM C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"BM23e0b982"="C:\WINDOWS\system32\uaaypxds.dll" []
"20d38a1e"="C:\WINDOWS\system32\iaosxuly.dll" []
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 03:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 11:31 AM]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [04/02/2008 09:50 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB311"=command /c del "C:\WINDOWS\system32\iaosxuly.dll_old"
"SpybotDeletingD6386"=cmd /c del "C:\WINDOWS\system32\iaosxuly.dll_old"
"SpybotDeletingB3668"=command /c del "C:\WINDOWS\system32\thiysmdt.dll_old"
"SpybotDeletingD4502"=cmd /c del "C:\WINDOWS\system32\thiysmdt.dll_old"
"SpybotDeletingB8822"=command /c del "C:\WINDOWS\system32\uaaypxds.dll_old"
"SpybotDeletingD9840"=cmd /c del "C:\WINDOWS\system32\uaaypxds.dll_old"
"SpybotDeletingB556"=command /c del "C:\WINDOWS\system32\iaosxuly.dll_old"
"SpybotDeletingD2761"=cmd /c del "C:\WINDOWS\system32\iaosxuly.dll_old"
"SpybotDeletingB7101"=command /c del "C:\WINDOWS\system32\rqRJCTkK.dll_old"
"SpybotDeletingD7641"=cmd /c del "C:\WINDOWS\system32\rqRJCTkK.dll_old"
"SpybotDeletingB7335"=command /c del "C:\WINDOWS\system32\thiysmdt.dll_old"
"SpybotDeletingD5817"=cmd /c del "C:\WINDOWS\system32\thiysmdt.dll_old"
"SpybotDeletingB8131"=command /c del "C:\WINDOWS\system32\uaaypxds.dll_old"
"SpybotDeletingD5151"=cmd /c del "C:\WINDOWS\system32\uaaypxds.dll_old"

C:\Documents and Settings\Terence\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian Pro\trillian.exe [12/11/2007]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - P:\Logitech\SetPoint\SetPoint.exe [12/11/2007 7:44:40 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\WINDOWS\system32\pmnoLEtu.dll [04/23/2008 05:22 PM 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 11:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnoLEtu]
pmnoLEtu.dll 04/23/2008 05:22 PM 37888 C:\WINDOWS\system32\pmnoLEtu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRJCTkK

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cade75f1-ae3e-11db-81da-0015f2a57854}]
AutoRun\command- R:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.255.255.255 serial.alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

8142 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-24 21:07:55 ------------

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 759.29 MiB / 227.15 MiB
Pagefile Memory (total/avail): 1087.36 MiB / 676.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.69 MiB

C: is Fixed (NTFS) - 29.25 GiB total, 15.35 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Fixed (FAT32) - 8 GiB total, 2.29 GiB free.
I: is CDROM (No Media)
J: is Removable (No Media)
K: is Fixed (NTFS) - 46.87 GiB total, 17.68 GiB free.
M: is Fixed (NTFS) - 21.35 GiB total, 19.68 GiB free.
N: is Fixed (NTFS) - 23.78 GiB total, 21.79 GiB free.
O: is Fixed (NTFS) - 47.42 GiB total, 14.18 GiB free.
P: is Fixed (NTFS) - 46.9 GiB total, 40.86 GiB free.

\\.\PHYSICALDRIVE0 - ST3200822A - 186.31 GiB - 5 partitions
\PARTITION0 - Installable File System - 46.9 GiB - P:
\PARTITION1 - Extended w/Extended Int 13 - 139.41 GiB - K: - M: - N: - O:

\\.\PHYSICALDRIVE1 - WDC WD400BD-60LRA0 - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 8.01 GiB - H:
\PARTITION1 - Extended w/Extended Int 13 - 29.25 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Trillian Pro\\trillian.exe"="C:\\Program Files\\Trillian Pro\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"="C:\\Program Files\\WS_FTP\\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Terence\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TERENCE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Terence
LOGONSERVER=\\TERENCE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Terence\LOCALS~1\Temp
TMP=C:\DOCUME~1\Terence\LOCALS~1\Temp
USERDOMAIN=TERENCE
USERNAME=Terence
USERPROFILE=C:\Documents and Settings\Terence
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Terence (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoUpdate -->
BitTorrent 4.0.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP210 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0009
Canon MP210 series User Registration --> C:\Program Files\Canon\IJEREG\MP210 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon PIXMA iP3000 --> C:\WINDOWS\system32\CNMCP61.exe "-PRINTERNAMECanon PIXMA iP3000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dvdSanta 4.00 --> "C:\Program Files\dvdSanta\unins000.exe"
EAX™ Unified (SHELL) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX™ Unified (SHELL)\Uninst.isu"
Free Mahjong Games version 1.0 --> "C:\Program Files\free-mahjong-games\unins000.exe"
Free Mp3 Wma Converter V 1.6.3 --> "C:\Program Files\Free Audio Pack\unins000.exe"
Freecorder Toolbar --> C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG
Freecorder Toolbar 3.0 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
FreeRIP v3.04 --> "C:\Program Files\FreeRIP3\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HTML Executable IERuntime --> C:\Program Files\Common Files\HTML Executable Viewer\{AF358AB7-0CEF-40B5-A569-D27F8F38232D}\heieunin.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
iSilo --> C:\Program Files\iSilo\iSilo\ISWSetup.exe /u
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.8.0 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
LS_HSI -->
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition --> MsiExec.exe /I{40261D0A-A385-4C1A-A7DE-5F270D9B1033}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe"
Replay Media Catcher --> C:\PROGRA~1\REPLAY~2\UNWISE.EXE C:\PROGRA~1\REPLAY~2\INSTALL.LOG
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
SeaTools for Windows --> MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SopCast 2.0.4 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins001.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Tag&Rename 3.4 --> "C:\Program Files\TagRename\unins000.exe"
Trillian --> C:\Program Files\Trillian Pro\trillian.exe /uninstall
Trillian Pro 3.1 Build 121 --> "C:\Program Files\Trillian Pro\unins000.exe"
Uniblue PowerSuite --> "C:\Program Files\Uniblue\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
USB Dual Vibration Joystick --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39A68007-970B-4A78-9519-64D4B13824F9}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebFldrs XP -->
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB898549 --> "C:\WINDOWS\$NtUninstallKB898549$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Photos Easy Upload Tool --> C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins000.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9519 / Error
Event Submitted/Written: 04/24/2008 05:53:08 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 728657799.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type9518 / Error
Event Submitted/Written: 04/24/2008 05:53:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x03d11568.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type9511 / Error
Event Submitted/Written: 04/24/2008 01:40:33 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 705833620.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type9510 / Error
Event Submitted/Written: 04/24/2008 01:40:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type9509 / Error
Event Submitted/Written: 04/24/2008 00:59:46 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 724002146.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type39907 / Warning
Event Submitted/Written: 04/23/2008 05:02:48 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type39862 / Warning
Event Submitted/Written: 04/23/2008 00:03:25 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type39861 / Warning
Event Submitted/Written: 04/22/2008 11:25:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type39817 / Warning
Event Submitted/Written: 04/22/2008 00:52:47 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type39812 / Warning
Event Submitted/Written: 04/21/2008 10:49:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-04-24 21:07:55 ------------

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:02 PM

Posted 25 April 2008 - 12:33 PM

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:02 PM

Posted 03 May 2008 - 12:40 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users