Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Delextra.exe/spools.exe/many Other Things Wrong


  • This topic is locked This topic is locked
3 replies to this topic

#1 Saruto

Saruto

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 26 April 2008 - 09:37 PM

My main problem is chronicled in this thread here: http://www.bleepingcomputer.com/forums/t/143932/wlctrl32dlluserinitexe-problem/


Logs:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-26 22:25:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-04-27 02:25:56 UTC - RP1264 - Deckard's System Scanner Restore Point
66: 2008-04-27 01:25:55 UTC - RP1263 - Restore Operation
65: 2008-04-25 01:49:43 UTC - RP1262 - System Checkpoint
64: 2008-04-24 01:28:10 UTC - RP1261 - System Checkpoint
63: 2008-04-21 20:53:50 UTC - RP1260 - System Checkpoint


-- First Restore Point --
1: 2008-02-27 22:04:25 UTC - RP1198 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 17.26 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:24 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Client\svchost32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lcss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
c:\delextra.exe
C:\DOCUME~1\ADMINI~1\desktop\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\Client\svchost32.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O2 - BHO: (no name) - {6AC0E951-26FE-49CC-877E-C87BCE3CD298} - C:\WINDOWS\system32\ssttu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {0c54e61c-141e-1e0a-37a4-562bf402d6ee} - {ee6d204f-b265-4a73-a0e1-e141c16e45c0} - C:\WINDOWS\system32\yalbnrju.dll (file missing)
O2 - BHO: BrowsingProgram - {F8EACE56-0AF4-3AE3-6EF8-F8CC39675729} - C:\Program Files\BrowsingProgram\BrowsingProgram-2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BM77c85174] Rundll32.exe "C:\WINDOWS\system32\didhfexg.dll",s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [74fb62e8] rundll32.exe "C:\WINDOWS\system32\__c009E3.dat",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
O4 - HKLM\..\Run: [440F] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\440F.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [A00F1DB2B8.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F1DB2B8.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\WINDOWS\TEMP\EA0.tmp.exe
O4 - HKCU\..\Run: [kavir] C:\WINDOWS\kavir.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PanasonicX800PCSoftwareSuite Detect.lnk = ?
O4 - Global Startup: PanasonicX800PCSoftwareSuite TS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O20 - Winlogon Notify: __c0088D36 - C:\WINDOWS\system32\__c0088D36.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jqvm465hmygebkpp6 - Unknown owner - C:\WINDOWS\system32\lcss.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 11234 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\ADMINI~1\desktop\backups\) ------------

backup-20080426-213711-558 O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
backup-20080426-213712-795 O20 - Winlogon Notify: __c0088D36 - C:\WINDOWS\system32\__c0088D36.dat

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Djp38 - c:\windows\system32\drivers\djp38.sys
R0 TPkd - c:\windows\system32\drivers\tpkd.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys
R2 PStrip - c:\windows\system32\drivers\pstrip.sys
R2 XPROTECTOR - c:\windows\system32\drivers\movitel.sys
R3 NVR0Dev - c:\windows\nvoclock.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys

S2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~e\core\bvrpmpr5.sys (file missing)
S3 dump_wmimmc - c:\ijji\english\gunbound revolution\gameguard\dump_wmimmc.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys
S3 Iot85 - c:\windows\system32\drivers\iot85.sys
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 Pwd63 - c:\windows\system32\drivers\pwd63.sys
S3 RivaTuner32 - c:\program files\rivatuner v2.06\rivatuner32.sys
S3 x800bus (Panasonic X800 Composite Device driver (WDM)) - c:\windows\system32\drivers\x800bus.sys
S3 x800mdfl (Panasonic X800 Modem Filter) - c:\windows\system32\drivers\x800mdfl.sys
S3 x800mdm (Panasonic X800 Modem Drivers) - c:\windows\system32\drivers\x800mdm.sys
S3 XDva004 - c:\windows\system32\xdva004.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe"
R2 jqvm465hmygebkpp6 - "c:\windows\system32\lcss.exe"
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice

S2 Schedule (Task Scheduler) - c:\windows\system32\drivers\spools.exe (file missing)
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)
S4 Ntfssat -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-26 10:48:01 464 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-04-19 18:47:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-12 03:00:37 378 --a------ C:\WINDOWS\Tasks\XoftSpySE.job


-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 22:15:42 13136 --a------ C:\delextra.exe
2008-04-26 22:14:54 0 d-------- C:\!KillBox
2008-04-26 22:09:36 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-26 22:08:53 10880 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-04-26 22:08:53 0 d-------- C:\Program Files\PrevxCSI
2008-04-26 22:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-04-26 20:24:04 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-04-26 19:01:25 24448 --a------ C:\WINDOWS\system32\drivers\Iot85.sys
2008-04-26 18:57:32 2855 --a------ C:\WINDOWS\system32\userinit.PIF
2008-04-26 18:49:32 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-26 18:49:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-26 18:48:37 24448 --a------ C:\WINDOWS\system32\drivers\Pwd63.sys
2008-04-26 18:36:37 24448 --a------ C:\WINDOWS\system32\drivers\Hot52.sys
2008-04-26 18:25:00 0 d-------- C:\WINDOWS\ERUNT
2008-04-26 18:03:03 8704 --a------ C:\Documents and Settings\Guest.THESMACHINE\cftmon.exe
2008-04-26 17:53:56 10513 --a------ C:\startup.exe
2008-04-26 16:43:41 19931 --a------ C:\WINDOWS\system32\drivers\hosts
2008-04-26 16:43:41 19931 --a------ C:\WINDOWS\hosts
2008-04-26 16:43:40 39520 --a------ C:\winhost.exe
2008-04-26 16:43:28 14414 --a------ C:\sysr.exe
2008-04-26 16:35:29 48971 -r-hs---- C:\WINDOWS\system32\lcss.exe
2008-04-26 15:31:16 8704 --a------ C:\Documents and Settings\Administrator\cftmon.exe
2008-04-26 14:34:30 8704 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-26 11:27:01 131584 --a------ C:\WINDOWS\kavir.exe
2008-04-26 11:17:03 15169 --a------ C:\WINDOWS\7475.exe
2008-04-26 11:09:21 24448 --a------ C:\WINDOWS\system32\drivers\Djp38.sys
2008-04-26 11:07:17 0 d-------- C:\WINDOWS\system32\Client
2008-04-25 21:38:24 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-25 15:13:36 0 d-------- C:\Program Files\LiveAntispy
2008-04-25 15:13:24 37636 --a------ C:\WINDOWS\system32\__c008101A.exe
2008-04-21 20:30:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Softplicity
2008-04-21 20:30:30 0 d-------- C:\Program Files\TotalAudioConverter
2008-04-21 12:16:05 86016 --a------ C:\WINDOWS\system32\__c00F8BDA.dat
2008-04-17 11:10:16 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-16 12:24:41 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-16 12:24:36 0 d-------- C:\Program Files\Windows Live
2008-04-16 12:24:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 05:43:07 30208 --a------ C:\WINDOWS\system32\__c0060655.exe
2008-04-07 01:26:57 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-07 01:25:53 0 d--h----- C:\Documents and Settings\Administrator\Application Data\ijjigame
2008-04-07 01:25:11 0 d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-04-07 00:40:38 0 d-------- C:\ijji
2008-04-06 23:44:33 0 d-------- C:\Program Files\Advanced GIF Optimizer
2008-04-06 22:35:29 0 d-------- C:\Program Files\Kongsoft
2008-04-06 22:28:27 0 d-------- C:\Program Files\AV2MP3
2008-04-06 17:20:58 0 d-------- C:\Documents and Settings\Administrator\fontconfig
2008-04-06 05:29:31 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-04-06 05:29:30 9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-04-06 05:29:30 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-04-06 05:29:30 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-04-06 05:29:30 0 d-------- C:\Program Files\Free FLV Converter
2008-04-06 03:49:45 0 d-------- C:\IME
2008-04-06 00:21:37 0 d-------- C:\Program Files\KeyHoleTV
2008-04-05 21:58:08 0 d-------- C:\Program Files\FBrowsingAdvisor
2008-04-05 21:58:08 0 d-------- C:\Program Files\FBrowserAdvisor
2008-04-01 01:14:22 92672 --a------ C:\WINDOWS\system32\__c00D2C94.dat
2008-03-29 18:01:00 27904 --a------ C:\WINDOWS\system32\drivers\xPADFL02.sys
2008-03-26 00:49:10 0 d-------- C:\Documents and Settings\Guest.THESMACHINE\Application Data\acccore


-- Find3M Report ---------------------------------------------------------------

2008-04-26 22:06:41 0 d-------- C:\Program Files\XoftSpySE
2008-04-26 21:31:32 0 d-------- C:\Program Files\Dl_cats
2008-04-26 18:54:49 0 d-------- C:\Program Files\CinemaForge
2008-04-26 18:54:49 0 d-------- C:\Program Files\BFG
2008-04-26 18:54:49 0 d-------- C:\Program Files\BabysittingMania_at
2008-04-26 18:54:49 0 d-------- C:\Program Files\Azureus
2008-04-26 18:54:49 0 d-------- C:\Program Files\AC3Filter
2008-04-26 17:49:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-04-26 16:17:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-26 15:31:50 0 d-------- C:\Program Files\BrowsingProgram
2008-04-26 15:31:14 22291 -----n--- C:\WINDOWS\system32\__c0088D36.dat
2008-04-25 23:16:29 5125 --a------ C:\xcrashdump.dat
2008-04-25 21:38:24 0 d-------- C:\Program Files\Common Files
2008-04-25 21:38:22 0 d-------- C:\Program Files\Common Files\Real
2008-04-20 12:16:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-04-16 12:25:24 0 d-------- C:\Program Files\MSN Messenger
2008-04-14 19:06:07 0 d-------- C:\Program Files\mIRC
2008-04-13 12:16:36 0 d-------- C:\Program Files\Movie Maker
2008-04-11 16:59:32 0 d-------- C:\Program Files\LimeWire
2008-04-08 12:40:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 17:22:51 0 d-------- C:\Program Files\SMPlayer
2008-04-01 17:34:41 0 d-------- C:\Program Files\StepMania CVS
2008-03-31 11:04:03 0 d-------- C:\Program Files\Zoom Player
2008-03-24 14:21:48 0 d-------- C:\Program Files\Soulseek-Test
2008-03-22 11:26:44 92672 --a------ C:\WINDOWS\system32\__c00A0CD2.dat
2008-03-21 17:20:44 92672 --a------ C:\WINDOWS\system32\__c007B640.dat
2008-03-21 00:12:17 0 d-------- C:\Program Files\lilith
2008-03-19 05:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys
2008-03-19 02:33:17 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-19 02:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-03-19 02:19:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-19 02:19:01 0 d-------- C:\Program Files\Mobipocket.com
2008-03-19 02:07:11 0 d-------- C:\Program Files\Plucker
2008-03-19 01:49:48 0 d-------- C:\Program Files\GowerPoint.com
2008-03-19 01:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mobipocket
2008-03-18 23:01:28 71576 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-18 00:00:23 0 d-------- C:\Program Files\MSXML 6.0
2008-03-17 18:40:57 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-03-17 18:24:15 0 d-------- C:\Program Files\ImTOO
2008-03-17 10:12:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-03-16 20:01:14 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-16 20:00:46 0 d-------- C:\Program Files\Roxio
2008-03-16 20:00:04 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-16 19:53:33 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-16 19:53:11 0 d-------- C:\Program Files\Research In Motion
2008-03-12 12:40:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-12 12:37:47 0 d-------- C:\Program Files\QuickTime
2008-03-11 20:22:34 0 d-------- C:\Program Files\AIM
2008-03-10 18:41:32 0 d-------- C:\Program Files\Mount&Blade
2008-03-09 13:13:58 0 d-------- C:\Program Files\iTunes
2008-03-09 13:13:48 0 d-------- C:\Program Files\iPod
2008-03-09 13:13:16 0 d-------- C:\Program Files\Bonjour
2008-03-09 13:12:09 0 d-------- C:\Program Files\Apple Software Update
2008-03-09 13:11:55 0 d-------- C:\Program Files\Common Files\Apple
2008-03-09 13:11:41 111 --a------ C:\Documents and Settings\Administrator\Application Data\iScrobbler.ini
2008-03-09 13:11:41 161567 --a------ C:\Documents and Settings\Administrator\Application Data\.iScrobbler
2008-03-09 09:58:36 0 d-------- C:\Program Files\Winamp
2008-03-06 08:04:50 0 d-------- C:\Program Files\Padus
2008-03-06 04:02:19 0 d-------- C:\Program Files\Pcsx2
2008-03-05 04:23:31 0 d-------- C:\Program Files\psx emulation cheater
2008-03-03 08:31:06 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-03 05:47:24 86016 --a------ C:\WINDOWS\system32\__c00F6779.dat
2008-03-03 05:32:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-03-03 05:27:35 0 d-------- C:\Program Files\Common Files\DirectX
2008-03-01 16:27:08 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-03-01 16:27:07 0 d-------- C:\Program Files\DScaler5
2008-03-01 16:27:05 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-03-01 16:27:04 0 d-------- C:\Program Files\RealMedia
2008-03-01 16:26:53 0 d-------- C:\Program Files\SHOUTcast Source
2008-03-01 16:26:48 0 d-------- C:\Program Files\DSP-worx
2008-02-29 00:19:28 0 d-------- C:\Program Files\DivX
2008-02-24 16:04:48 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-18 00:24:49 201699 ---hs---- C:\WINDOWS\system32\uttss.bak2
2008-02-05 00:17:32 86016 --a------ C:\WINDOWS\system32\__c0050CF9.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AC0E951-26FE-49CC-877E-C87BCE3CD298}]
C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee6d204f-b265-4a73-a0e1-e141c16e45c0}]
C:\WINDOWS\system32\yalbnrju.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8EACE56-0AF4-3AE3-6EF8-F8CC39675729}]
12/30/2007 04:48 PM 1019904 --a------ C:\Program Files\BrowsingProgram\BrowsingProgram-2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Optimum Online"="C:\Program Files\Optimum Online\Netsurf.exe" [09/02/2005 05:43 PM]
"SoundMan"="SOUNDMAN.EXE" [11/15/2004 06:20 AM C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [06/08/2004 12:31 PM C:\WINDOWS\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [09/11/2006 04:40 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/2006 04:40 AM]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [09/08/2005 02:55 PM]
"BM77c85174"="C:\WINDOWS\system32\didhfexg.dll" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/19/2007 02:26 PM]
"nwiz"="nwiz.exe" [04/19/2007 02:26 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/19/2007 02:26 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 08:56 AM]
"imjpmig"="C:\IME\IMJP\imjpmig.exe" [02/20/2001 10:54 AM]
"74fb62e8"="C:\WINDOWS\system32\__c009E3.dat" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/25/2008 09:38 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Administrator\cftmon.exe" [04/26/2008 11:07 AM]
"440F"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\440F.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 05:22 PM]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/04/2007 02:21 PM]
"A00F1DB2B8.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F1DB2B8.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 08:25 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 07:09 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"@"="" []
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Administrator\cftmon.exe" [04/26/2008 11:07 AM]
"WintelUpdate"="C:\WINDOWS\TEMP\EA0.tmp.exe" []
"kavir"="C:\WINDOWS\kavir.exe" [04/26/2008 11:27 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [11/6/2005 2:52:43 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [9/3/2005 5:54:17 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
PanasonicX800PCSoftwareSuite Detect.lnk - C:\Program Files\Panasonic\Panasonic X800 PC Software Suite\connmngmntbox.exe [5/16/2006 9:14:21 PM]
PanasonicX800PCSoftwareSuite TS.lnk - C:\Program Files\Panasonic\Panasonic X800 PC Software Suite\ectaskscheduler.exe [5/16/2006 9:14:22 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1 (0x1)
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\Client\svchost32.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0088D36]
C:\WINDOWS\system32\__c0088D36.dat 04/26/2008 03:31 PM 22291 C:\WINDOWS\system32\__c0088D36.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Djp38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iot85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads5.kaspersky-labs.com
127.0.0.1 downloads-eu1.kaspersky-labs.com
127.0.0.1 downloads-eu2.kaspersky-labs.com
127.0.0.1 downloads-eu3.kaspersky-labs.com

619 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-26 22:29:14 ------------

Extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3700+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 1023.48 MiB / 629.41 MiB
Pagefile Memory (total/avail): 2459.48 MiB / 2212.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.29 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 17.26 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JS-00MHB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1129248616\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1129248616\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137722718\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137722718\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137722718\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137722718\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe"="C:\\Program Files\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\kavir.exe"="C:\\WINDOWS\\kavir.exe:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THESMACHINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LANGUAGE=English (Internal)
LOGONSERVER=\\THESMACHINE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=THESMACHINE
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
Guest.THESMACHINE (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414}
--> MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
--> MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386}
--> MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1}
--> MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18}
--> MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µBook --> C:\Program Files\GowerPoint.com\uBook\uninstall.exe
A Song of Ice and Fire 0.4.1 --> C:\Program Files\Mount&Blade\Modules\ASoIaF041\uninst.exe
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000704}
Adobe After Effects 6.5 --> MsiExec.exe /I{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced GIF Optimizer --> "C:\Program Files\Advanced GIF Optimizer\uninstall.exe"
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arthur's Kindergarten --> C:\Program Files\The Learning Company\Arthur's Kindergarten\uninstall.exe
Aston 1.9.1 --> c:\Aston\unins12.exe
Audio/Video To MP3 Maker version 3.11 --> "C:\Program Files\AV2MP3\unins000.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Azureus Launcher --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.getazureus.com/jws/jws_launch.php?m=725JF5IVM4V6DWJI75TKY4VQHCNGKFWL"
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{D793A12F-E362-48BB-B332-1DA5E936B52D}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BrowsingProgram --> C:\Program Files\BrowsingProgram\uninstall.exe
Carmen Sandiego's ThinkQuick Challenge --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Carmen Sandiego ThinkQuick\Uninst.isu"
Carmen Sandiego Math Detective --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Carmen Math Detective\DeIsL1.isu"
Carmen Sandiego Word Detective v1.0.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Broderbund Software\Carmen Word Detective\DeIsL1.isu"
CD Audio Reader Filter (remove only) --> "C:\Program Files\CD Audio Reader Filter\uninstall.exe"
ClueFinders® 5th Grade Adventures --> C:\Program Files\The Learning Company\ClueFinders® 5th Grade Adventures\uninstall.exe
Coiffeur version 3 (demo) --> "C:\Program Files\Media Art\Coiffeur 3 demo\unins000.exe"
ConvertXtoDVD 2.0.17 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
CryEngine®2 Sandbox™2 --> MsiExec.exe /I{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}
Cycore Effects 1.0 --> C:\WINDOWS\unvise32.exe C:\WINDOWS\Cycore Effects-1.0-Uninstall.log
DC-Bass Source 1.1.0 --> "C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
Dell Color Printer 725 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcfUNST.EXE -NOLICENSE
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
DirectVobSub (remove only) --> "C:\Program Files\DirectVobSub\uninstall.exe"
DiscJuggler --> MsiExec.exe /I{C3C538E5-524C-4253-AA74-0EEEF34990EA}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DScaler 5 Mpeg Decoders --> "C:\Program Files\DScaler5\unins000.exe"
Easy CD Ripper 2.30 --> C:\Program Files\Kongsoft\Easy CD Ripper\uninst.exe
EuroTalk Talk Now Multi-Language --> C:\PROGRA~1\EuroTalk\TALKNO~1\UNWISE.EXE C:\PROGRA~1\EuroTalk\TALKNO~1\INSTALL.LOG
FBrowsingAdvisor --> "C:\Program Files\FBrowsingAdvisor\unins000.exe"
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\Matroska Pack\ffdshow\unins000.exe"
Fiction Book Designer --> MsiExec.exe /I{4A6A2737-C809-4C23-9DD0-34C861DAC1CE}
Free FLV Converter V 4.2 --> "C:\Program Files\Free FLV Converter\unins000.exe"
Free iPod Video Converter 1.34 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
Free PS Convert driver --> "C:\Program Files\psconvert\unins000.exe"
Freetar Hero - v0.1 Beta --> C:\WINDOWS\system32\javaws.exe -uninstall "http://freetar.antonstruyk.com/webstart/Freetar_Hero.jnlp"
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Gunbound Revolution --> "c:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Icy Tower v1.3.1 --> "c:\games\icytower1.3\unins000.exe"
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 7 --> "C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
Invision 2.0 Build 3515 --> C:\PROGRA~1\mIRC\UNWISE.EXE C:\PROGRA~1\mIRC\INSTALL.LOG
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iScrobbler --> C:\Program Files\iTunes\UninstalliScrobble.exe
IsoBuster 1.9 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_13 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142130}
Java 2 SDK, SE v1.4.2_13 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142130}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KeyHoleTV --> "C:\Program Files\KeyHoleTV\uninstall.exe"
Kid Pix Studio Deluxe --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Kid Pix Studio Deluxe\Uninstall.xml"
Liberty's Kids --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Liberty's Kids\Uninstall.xml"
LimeWire --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EAC1077D-EB12-4515-B8B1-2E55AA026D3E}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Little Shop of Treasures --> "c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\Little Shop of Treasures.rguninst"
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Longhorn MSN Skin --> C:\Program Files\MSN Messenger\UninstLonghornMSN.exe
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MathGV 3.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\MathGV\MathGV 3_1\DeIsL1.isu" -c"C:\Program Files\MathGV\MathGV 3_1\_ISREG32.DLL"
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
MatroskaProp (remove only) --> C:\Program Files\Matroska Pack\MSE\MatroskaProp-uninstall.exe
MediaLife --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{362BFFCD-8274-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Global IME for Office XP (Japanese) --> MsiExec.exe /X{590FF409-868E-4222-AEE3-71C32FCBC14D}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SOAP Toolkit 3.0 --> MsiExec.exe /I{BCB4C18A-ACA6-4383-8688-E19933A705DD}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C# 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe
Microsoft Visual C# 2005 Express Edition - ENU --> MsiExec.exe /X{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft XNA Game Studio Express (Beta) --> MsiExec.exe /I{26DBF096-6283-43E2-B7A3-4C36785C635C}
MindPoint Quiz Show Lite --> C:\WINDOWS\unvise32.exe C:\Program Files\MindPoint\Quiz Show\QSUNINSTLT.LOG
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mobipocket Reader 6.1 --> MsiExec.exe /I{7078C6C2-F5A5-4A5F-86A8-CD1301CA07DF}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MuggleNet.com's Harry Potter and the Prisoner of Azkaban Screensaver --> C:\WINDOWS\st6unst.exe -n "C:\WINDOWS\system32\ST6UNST.LOG"
MuggleNet.com's Harry Potter and the Prisoner of Azkaban Screensaver (C:\WINDOWS\system32\) --> C:\WINDOWS\st6unst.exe -n "C:\WINDOWS\system32\ST6UNST.000"
MuggleNet.com's Harry Potter and the Prisoner of Azkaban Screensaver (C:\WINDOWS\system32\) #3 --> C:\WINDOWS\st6unst.exe -n "C:\WINDOWS\system32\ST6UNST.001"
Native Instruments Traktor DJ Studio v2.5.3 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
NiceMC Media DVD Pro Player 1.4 --> "C:\Program Files\NiceMC\unins000.exe"
Nick Aracde Toolbar --> C:\Program Files\nickarcade\uninstall.exe -uninstall -prompt
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Oregon Trail 5 --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Oregon Trail 5\Uninstall.xml"
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Panasonic X800 PC Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBD15DE1-D57E-47CB-AF36-ABA26E90DD9B}\Setup.exe" -l0x9 anything
Panasonic X800 Software --> C:\Program Files\Panasonic\Panasonic X800\PMCDUninstall.exe
Paradise Pet Salon Free Trial --> "C:\Program Files\ParadisePetSalon_at\unins000.exe"
PipPlus --> MsiExec.exe /I{28706B95-C23E-4949-A01A-64626724F43F}
PlayMP3z --> C:\Program Files\PlayMP3z\uninstall.exe
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninst
PowerStrip 3 (remove only) --> C:\Program Files\PowerStrip\uninstal.exe
Prevx CSI --> "C:\Program Files\PrevxCSI\\PrevxCSI.exe" /prop UNINSTALL=Y
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Ragnarok Sakray --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU272.inf
Rand McNally New Millennium --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rand McNally\New Millennium\Uninst.isu"
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
Reader Rabbit's® Math Ages 6 - 9 --> C:\Program Files\The Learning Company\Reader Rabbit's® Math Ages 6 - 9\uninstall.exe
RealArcade --> "c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst"
RealMedia (remove only) --> "C:\Program Files\RealMedia\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RivaTuner v2.06 --> "C:\Program Files\RivaTuner v2.06\uninstall.exe"
Roxio Media Manager --> MsiExec.exe /X{303379C9-8610-4CCF-AF37-C4BF8998C591}
RPG Maker XP - Postality Knights Edition ENHANCED --> MsiExec.exe /I{6F45C51F-A0E8-4547-83C8-CCDD4B0E4877}
RPGXP --> MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SHOUTcast Source (remove only) --> "C:\Program Files\SHOUTcast Source\uninstall.exe"
Skype 2.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
SMPlayer Extra Codecs 20071007 --> "C:\Program Files\SMPlayer\unins000.exe"
SocksCap V2 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SocksCapV2\DeIsL1.isu" -c"C:\Program Files\SocksCapV2\_ISREG32.DLL"
Sonic DVDit Pro --> MsiExec.exe /I{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}
Sony ACID Pro 5.0 --> MsiExec.exe /X{76902AF9-DA86-419D-B533-077643124722}
Sony Media Manager 2.0 --> MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
SoulSeek 157 test 8 --> "C:\Program Files\Soulseek-Test\uninstall.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
TotalAudioConverter --> "C:\Program Files\TotalAudioConverter\unins000.exe"
Treasure Cove! CD --> C:\WINDOWS\IsUninst.exe -f"C:\The Learning Company\TCVCD\Uninst\DeIsL1.isu"
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Toolbar (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarInstaller.exe /u /k
Virtual Visage version 3.1 (demo) --> "C:\Program Files\Media Art\Visage 3 demo\unins000.exe"
Where in the World Is Carmen Sandiego? Treasures of Knowledge --> C:\Program Files\The Learning Company\Where in the World Is Carmen Sandiego\Treasures of Knowledge\uninstall.exe
Where in Time is Carmen Sandiego? v3.0 Demo --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Broderbund Software\Where in Time is Carmen Sandiego v3.0 Demo\DeIsL1.isu"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WS4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F31D6DDB-68BD-4242-A7A0-D9A7258AFD08}\setup.exe" -l0x9
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahtzee Download Edition --> "c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\Yahtzee Download Edition.rguninst"
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type20319 / Error
Event Submitted/Written: 04/26/2008 09:56:20 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: with error: The server name or address could not be resolved

Event Record #/Type20318 / Error
Event Submitted/Written: 04/26/2008 09:53:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost32.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [svchost32.exe!ws!]

Event Record #/Type20310 / Error
Event Submitted/Written: 04/26/2008 09:35:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost32.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [svchost32.exe!ws!]

Event Record #/Type20301 / Error
Event Submitted/Written: 04/26/2008 09:24:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost32.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [svchost32.exe!ws!]

Event Record #/Type20293 / Error
Event Submitted/Written: 04/26/2008 08:35:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost32.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [svchost32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13256 / Error
Event Submitted/Written: 04/26/2008 10:24:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type13255 / Error
Event Submitted/Written: 04/26/2008 10:24:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2

Event Record #/Type13254 / Error
Event Submitted/Written: 04/26/2008 10:24:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%2

Event Record #/Type13247 / Error
Event Submitted/Written: 04/26/2008 10:22:04 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The dlcf_device service failed to start due to the following error:
%%1053

Event Record #/Type13246 / Error
Event Submitted/Written: 04/26/2008 10:22:04 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the dlcf_device service to connect.



-- End of Deckard's System Scanner: finished at 2008-04-26 22:29:14 ------------

===============================================================


I am at my wits end, which usually doesn't happen. Any help appreciated.

BC AdBot (Login to Remove)

 


#2 Saruto

Saruto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 28 April 2008 - 12:18 AM

I can't seem to edit my post above but I ran a MBam-Anti-Malware scan and it found a bunch of crap. Here it is. THIS IS NOT A BUMP/////I CANT EDIT MY POST

Malwarebytes' Anti-Malware 1.11
Database version: 688

Scan type: Full Scan (C:\|)
Objects scanned: 202853
Time elapsed: 1 hour(s), 38 minute(s), 36 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 39
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 65

Memory Processes Infected:
C:\WINDOWS\system32\Client\svchost32.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\__c0088D36.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\basefif32.dll (Trojan.Downloader) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iot85 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iot85 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\iot85 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iot85 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pwd63 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pwd63 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\pwd63 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pwd63 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.seekmotoolband.1 (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0088d36 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> No action taken.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kavir (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM77c85174 (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\client\svchost32.exe -> No action taken.

Folders Infected:
C:\Program Files\LiveAntispy (Rogue.LiveAntispy) -> No action taken.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> No action taken.

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
C:\Deckard\System Scanner\20080426222541\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLK3C.tmp (Rogue.EvidenceEliminator) -> No action taken.
C:\Deckard\System Scanner\20080426222541\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tem72.tmp.exe (Adware.Agent) -> No action taken.
C:\Deckard\System Scanner\20080426222541\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tem7A.tmp.exe (Adware.SaveNow) -> No action taken.
C:\Deckard\System Scanner\20080426222541\backup\WINDOWS\temp\EA0.tmp (Trojan.Downloader) -> No action taken.
C:\Deckard\System Scanner\20080426222541\backup\WINDOWS\temp\F0D.tmp (Trojan.Downloader) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0583126.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0583130.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0583135.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0584130.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0584136.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0584175.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0584180.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0585175.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0585180.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0586175.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0586180.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0587175.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0587180.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0587190.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0587194.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0588190.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0588195.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0589204.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1262\A0589226.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1263\A0589279.sys (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A9FABAE9-01FC-46AD-AF85-81C503733A71}\RP1263\A0589280.dll (Trojan.DownLoader) -> No action taken.
C:\WINDOWS\system32\drivers\Hot52.sys (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\Iot85.sys (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\Pwd63.sys (Trojan.Downloader) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> No action taken.
C:\WINDOWS\system32\Client\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\cftmon.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\nivavir.config (Trojan.Agent) -> No action taken.
C:\WINDOWS\kavir.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\cftmon.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0050CF9.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c007B640.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c007ED11.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0088D36.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00A0CD2.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00ACB87.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00D2C94.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00F6779.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00F8BDA.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\coco.exe.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\baseubtbn32.dll (Trojan.Agent) -> No action taken.
C:\sysr.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\basefif32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\__c0060655.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c008101A.exe (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Guest.THESMACHINE\cftmon.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Guest.THESMACHINE\Local Settings\Temp\cd133.tmp (Heuristics.Malware) -> No action taken.

#3 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 02 May 2008 - 10:29 AM

Welcoming to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

If you have not resolved these issues yet, you have some bad ones. There is a Vundo infection but these are much worse:
http://www.bleepingcomputer.com/startups/s....exe-22320.html
http://www.bleepingcomputer.com/startups/s....exe-12549.html
http://www.sophos.com/security/analyses/vi...32agobottm.html

steal confidential information
- carry out DDoS flooder attacks
- silently download, install and run new software
- disable anti-virus and security related applications

A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

Let us know what you have decided to do in your next post. If your issues are resolved, please post to let me know so I can close your topic.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#4 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 09 May 2008 - 06:06 AM

There has been no response to this topic in a week
This topic is closed

Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users