Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups For Virus Scanners


  • This topic is locked This topic is locked
8 replies to this topic

#1 davie cooper

davie cooper

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 23 May 2008 - 06:15 AM

I am getting popups from some online scanner saying I am infected ?

I have norton 360 installed but it doesnt find anything during the scans.

I also get messages from my winpatrol saying that 2 new startup programs have been detected and should I allow , I always click no but they keep appearing.

I used Deckard's System Scanner (DSS) and tried to run kaspersky's online scanner but the virus update always fails ??

Also on Security Centre it says that Automatic Updates is turned off , I cant get it to turn on.

Here is a copy of Deckard's System Scanner. Is this all the info you need ?

Deckard's System Scanner v20071014.68
Run by geo g on 2008-05-23 11:56:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2008-05-23 10:56:59 UTC - RP182 - Deckard's System Scanner Restore Point
17: 2008-05-22 11:26:01 UTC - RP181 - Last known good configuration
16: 2008-05-22 11:21:31 UTC - RP180 - Restore Operation
15: 2008-05-21 03:11:08 UTC - RP179 - Last known good configuration
14: 2008-05-21 03:11:02 UTC - RP178 - Registry First Aid registry scan


-- First Restore Point --
1: 2008-05-21 03:11:01 UTC - RP165 - Installed NHL® 08


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as geo g.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-23 11:58:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\geo g\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.254
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - C:\WINDOWS\system32\khffgEvt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: (no name) - {4ECCCC99-7D86-4594-8A67-43F783BE6A26} - C:\WINDOWS\system32\mlJBRJCr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {F26A55E4-10B4-40FE-BD43-1264D00D3BA5} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: about://internet (HKCU)
O15 - Trusted Zone: http://mcafee.com (HKCU)
O15 - Trusted Zone: https://mcafee.com (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} () - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} () - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} () - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205888818359
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} () - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} () - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} () - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{5526FA66-6F0D-49A0-88A8-1167B07FF26B}: NameServer = 10.172.128.1
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: khffgEvt - C:\WINDOWS\system32\khffgEvt.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 11120 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
R3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 RTLWUSB (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver) - c:\windows\system32\drivers\wg111v2.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>

S2 0007831206140425mcinstcleanup (McAfee Application Installer Cleanup (0007831206140425)) -
S2 0025531204886672mcinstcleanup (McAfee Application Installer Cleanup (0025531204886672)) -
S2 0066761206704154mcinstcleanup (McAfee Application Installer Cleanup (0066761206704154)) -
S2 0170021202312266mcinstcleanup (McAfee Application Installer Cleanup (0170021202312266)) -
S2 0231181202434551mcinstcleanup (McAfee Application Installer Cleanup (0231181202434551)) -
S2 0252021204462130mcinstcleanup (McAfee Application Installer Cleanup (0252021204462130)) -
S2 0297341208497331mcinstcleanup (McAfee Application Installer Cleanup (0297341208497331)) -
S3 AresChatServer (Ares Chatroom server) -
S4 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 08:14:13 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-05-22 03:04:34 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-05-14 10:26:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-23 and 2008-05-23 -----------------------------

2008-05-23 08:28:25 115200 --a------ C:\WINDOWS\system32\lgxsdshs.dll
2008-05-23 08:28:21 134144 --a------ C:\WINDOWS\system32\hbicgmll.dll
2008-05-23 08:25:30 2560 --a------ C:\WINDOWS\system32\hegjlarf.exe
2008-05-23 08:22:21 92160 --a------ C:\WINDOWS\system32\wxicoxbi.dll
2008-05-23 08:19:37 126464 --a------ C:\WINDOWS\system32\sbgkrcdu.dll
2008-05-23 08:19:20 707599 --ahs---- C:\WINDOWS\system32\rCJRBJlm.ini2
2008-05-23 08:19:17 370688 --a------ C:\WINDOWS\system32\mlJBRJCr.dll
2008-05-23 02:28:55 126464 --a------ C:\WINDOWS\system32\upnnyxnl.dll
2008-05-23 02:28:45 0 dr-h----- C:\Documents and Settings\geo g\Recent
2008-05-23 01:55:55 652609 --ahs---- C:\WINDOWS\system32\KSBLknmp.ini2
2008-05-23 01:49:00 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-05-23 01:44:06 0 d-------- C:\VundoFix Backups
2008-05-22 12:39:08 135680 --a------ C:\WINDOWS\system32\hyucwlwn.dll
2008-05-22 12:36:08 2560 --a------ C:\WINDOWS\system32\hpajvkvf.exe
2008-05-22 12:33:15 114176 --a------ C:\WINDOWS\system32\clrmfxlp.dll
2008-05-22 12:33:08 126976 --a------ C:\WINDOWS\system32\hrsoqolk.dll
2008-05-22 12:30:08 92160 --a------ C:\WINDOWS\system32\srnxjijm.dll
2008-05-22 12:22:28 0 dr-h----- C:\Documents and Settings\geo g\Application Data\SecuROM
2008-05-22 12:16:07 660492 --ahs---- C:\WINDOWS\system32\YJTBeMoq.ini2
2008-05-21 04:11:03 7864320 --a------ C:\Documents and Settings\geo g\ntuser.dat
2008-05-21 04:10:50 701368 --ahs---- C:\WINDOWS\system32\ddedfMoq.ini2
2008-05-21 04:06:43 58880 --a------ C:\WINDOWS\system32\vtUlLEWq.dll
2008-05-21 04:06:16 0 d-------- C:\Program Files\WindowBlinds
2008-05-21 04:06:15 0 d-------- C:\Program Files\Wallpapers
2008-05-21 04:06:15 0 d-------- C:\Program Files\Icons
2008-05-21 04:06:14 0 d-------- C:\Program Files\IconPackager
2008-05-21 04:06:12 0 d-------- C:\Program Files\Gadgets
2008-05-21 04:06:05 58880 --a------ C:\WINDOWS\system32\efcDWNhi.dll
2008-05-21 04:05:41 58880 --a------ C:\WINDOWS\system32\khffgEvt.dll
2008-05-18 02:26:12 0 d-------- C:\Program Files\UseNeXT
2008-05-15 11:55:24 0 d-------- C:\Program Files\Oxygen Interactive
2008-05-15 08:32:18 0 d-------- C:\Intel
2008-05-15 08:10:57 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-05-14 01:37:56 0 d-------- C:\Documents and Settings\geo g\Application Data\UseNeXT
2008-05-11 09:53:56 0 d-------- C:\Program Files\EA SPORTS
2008-05-11 01:52:22 0 d-------- C:\Documents and Settings\geo g\Application Data\NewsBin
2008-05-11 01:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\NewsBin
2008-05-11 01:28:38 0 d-------- C:\Documents and Settings\geo g\Downloads
2008-05-11 01:28:35 0 d-------- C:\Documents and Settings\geo g\Application Data\NewsLeecher
2008-05-11 01:28:02 0 d-------- C:\Program Files\Giganews Accelerator
2008-05-11 00:08:05 0 d-------- C:\Program Files\Giganews Binary Newsreader
2008-05-10 10:53:28 0 d-------- C:\Program Files\Blaze Media Pro
2008-05-06 09:32:37 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-05-06 09:32:36 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-05-06 09:28:35 1458176 ---h----- C:\WINDOWS\system\Update.exe
2008-05-06 07:43:18 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-05-06 07:43:18 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-05-06 07:43:18 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-05 13:20:31 0 d-------- C:\WINDOWS\Performance
2008-05-05 13:20:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-05 07:56:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-04 09:45:30 408576 --a------ C:\WINDOWS\system32\Smab.dll
2008-05-04 09:45:29 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-05-04 09:45:29 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-05-04 09:45:29 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-05-04 09:45:28 217073 --a------ C:\WINDOWS\meta4.exe
2008-05-04 09:45:11 27648 --ahs---- C:\WINDOWS\system32\Smab0.dll
2008-05-04 09:45:10 31232 -rahs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-05-04 09:45:10 163328 -rahs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-05-04 09:44:48 0 d-------- C:\Program Files\eRightSoft
2008-05-03 16:33:40 0 d-------- C:\Documents and Settings\geo g\Application Data\PPMate
2008-05-03 16:33:39 0 d-------- C:\Program Files\Common Files\Synacast
2008-05-02 08:39:26 9341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-05-02 08:39:18 0 d-------- C:\Program Files\iolo
2008-05-01 07:16:32 0 d-------- C:\Program Files\Virtual Earth 3D
2008-04-28 17:20:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-28 17:18:58 0 d-------- C:\Program Files\Apple Software Update
2008-04-28 17:18:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-26 16:57:48 0 d-------- C:\Documents and Settings\geo g\Application Data\CoreCodec
2008-04-26 16:57:27 0 d-------- C:\Program Files\Haali
2008-04-25 08:11:43 0 d-------- C:\Documents and Settings\geo g\Application Data\Configuration
2008-04-25 07:58:35 0 d-------- C:\Program Files\DriverGuide DriverScan
2008-04-25 07:45:27 0 d-------- C:\My Drivers
2008-04-25 07:43:39 110592 --a------ C:\WINDOWS\system32\ccrpbds6.dll <Not Verified; Common Controls Replacement Project (CCRP); CCRPBrowseDlgSvr6.BrowseDialog>
2008-04-25 07:43:36 0 d-------- C:\Program Files\DriverGuide Toolkit
2008-04-24 11:02:55 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-24 11:00:10 56 -rahs---- C:\WINDOWS\system32\28DF03CB8E.sys
2008-04-24 10:27:38 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-04-24 10:27:26 0 d-------- C:\Program Files\Gabest
2008-04-24 10:27:15 0 d-------- C:\Program Files\AutoGK
2008-04-23 18:19:03 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-23 18:16:17 0 d-------- C:\Program Files\Cryo


-- Find3M Report ---------------------------------------------------------------

2008-05-23 11:58:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-23 02:30:01 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000002-80651102}.dat
2008-05-23 02:30:01 24 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000002-80651102}.dat
2008-05-23 01:49:22 0 d-------- C:\Program Files\PowerISO
2008-05-22 12:22:39 0 d-------- C:\Documents and Settings\geo g\Application Data\uTorrent
2008-05-22 12:22:36 0 d-------- C:\Program Files\SpeedFan
2008-05-22 10:37:54 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-22 10:33:10 0 d-------- C:\Program Files\PeerGuardian2
2008-05-17 01:39:40 0 d-------- C:\Program Files\SopCast
2008-05-15 11:39:11 0 d-------- C:\Program Files\a-squared Free
2008-05-14 00:24:08 0 d-------- C:\Program Files\NewsLeecher
2008-05-13 01:04:20 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-05-12 19:26:58 0 d-------- C:\Program Files\DC++
2008-05-10 09:12:21 0 d-------- C:\Program Files\Common Files
2008-05-06 10:26:50 0 d-------- C:\Documents and Settings\geo g\Application Data\Vso
2008-05-06 10:26:47 668 --a------ C:\Documents and Settings\geo g\Application Data\vso_ts_preview.xml
2008-05-06 09:32:34 0 d-------- C:\Program Files\VSO
2008-05-05 09:43:21 0 d-------- C:\Program Files\DivX
2008-05-05 08:16:18 0 d-------- C:\Documents and Settings\geo g\Application Data\Adobe
2008-05-05 08:15:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-03 08:56:40 0 d-------- C:\Documents and Settings\geo g\Application Data\GrabIt
2008-05-02 08:49:50 0 d-------- C:\Documents and Settings\geo g\Application Data\iolo
2008-04-28 17:21:04 0 d-------- C:\Program Files\QuickTime
2008-04-25 07:43:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-24 10:29:06 645 --a------ C:\Documents and Settings\geo g\Application Data\AutoGK.ini
2008-04-24 04:21:48 0 d-------- C:\Program Files\PCPitstop
2008-04-22 18:43:30 0 d-------- C:\Program Files\RFA 6
2008-04-22 12:47:50 0 d-------- C:\Program Files\Norton 360
2008-04-20 12:30:32 0 d-------- C:\Program Files\MagicISO
2008-04-20 03:24:00 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-19 08:40:16 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-19 01:52:26 0 d-------- C:\Program Files\Yahoo!
2008-04-19 01:42:58 0 d-------- C:\Documents and Settings\geo g\Application Data\Symantec
2008-04-19 01:06:55 0 d-------- C:\Program Files\Symantec
2008-04-17 19:28:50 0 d-------- C:\Documents and Settings\geo g\Application Data\Uniblue
2008-04-17 03:15:31 0 d-------- C:\Program Files\Alex Feinman
2008-04-14 10:05:23 0 d-------- C:\Program Files\uTorrent
2008-04-12 13:27:39 0 d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-04-10 10:35:11 0 d-------- C:\Program Files\Panda Security
2008-04-06 11:04:44 0 d-------- C:\Program Files\everest
2008-04-06 02:08:58 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-04-04 13:56:16 0 d-------- C:\Documents and Settings\geo g\Application Data\Ahead
2008-04-02 13:49:20 0 d-------- C:\Program Files\Paragon Software
2008-04-02 03:24:09 0 d-------- C:\Documents and Settings\geo g\Application Data\DivX
2008-04-02 02:35:45 0 d-------- C:\Documents and Settings\geo g\Application Data\Dr. DivX 2.0 OSS
2008-04-01 22:56:17 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-01 22:56:17 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-01 08:40:22 0 d-------- C:\Program Files\DC++ 0.705
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:02:32 0 d-------- C:\Program Files\GrabIt
2008-03-29 00:57:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-25 11:30:06 0 d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-13 10:08:46 38912 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-03-13 09:25:46 32768 --a------ C:\WINDOWS\system32\iolobtdfg.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}]
21/05/2008 04:05 58880 --a------ C:\WINDOWS\system32\khffgEvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ECCCC99-7D86-4594-8A67-43F783BE6A26}]
23/05/2008 08:19 370688 --a------ C:\WINDOWS\system32\mlJBRJCr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F26A55E4-10B4-40FE-BD43-1264D00D3BA5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [02/08/2007 17:59]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [04/07/2007 20:59]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 21:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 17:38]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [31/03/2008 16:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [18/09/2005 19:40]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [17/10/2007 03:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]

C:\Documents and Settings\geo g\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\Memturbo 4\MemTurbo.exe [02/02/2008 18:58:14]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [02/02/2008 19:01:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}"= C:\WINDOWS\system32\khffgEvt.dll [21/05/2008 04:05 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffgEvt]
khffgEvt.dll 21/05/2008 04:05 58880 C:\WINDOWS\system32\khffgEvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 02/02/2008 19:22 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\WINDOWS\system32\mlJBRJCr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
*Newly Created Service* - PGFILTER



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8519 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-23 11:59:29 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2038.42 MiB / 1476.06 MiB
Pagefile Memory (total/avail): 3930.66 MiB / 3313.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.23 MiB

C: is Fixed (NTFS) - 39.06 GiB total, 26.14 GiB free.
D: is Fixed (NTFS) - 109.99 GiB total, 29.87 GiB free.
E: is Fixed (NTFS) - 76.96 GiB total, 16.7 GiB free.
F: is Fixed (NTFS) - 72.06 GiB total, 21.87 GiB free.
G: is CDROM (No Media)
H: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-22NCB1 - 149.05 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 39.06 GiB - C:
\PARTITION1 (bootable) - Installable File System - 109.99 GiB - D:

\\.\PHYSICALDRIVE1 - Toshiba USB 2.0 Ext. HDD USB Device - 149.02 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 76.96 GiB - E:
\PARTITION1 - Installable File System - 72.06 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"G:\\Utils\\UpgradeWizard\\UpgradeBT\\upgradeBThub.exe"="G:\\Utils\\UpgradeWizard\\UpgradeBT\\upgradeBThub.exe:*:Enabled:BT Home Hub Upgrade Wizard"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\geo g\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GEO_G
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\geo g
LOGONSERVER=\\GEO_G
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GEOG~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GEOG~1\LOCALS~1\Temp
USERDOMAIN=GEO_G
USERNAME=geo g
USERPROFILE=C:\Documents and Settings\geo g
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

geo g (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> "C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe"
--> C:\Documents and Settings\geo g\Local Settings\Application Data\{56759C22-EA1E-4BE5-A903-72F67D450F43}\setup_blazemp.exe
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\Motive\btbb\UninstallHelper.exe
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.1 --> "C:\Program Files\a-squared Free\unins000.exe"
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVI/MPEG/RM/WMV Joiner 4.82 --> "C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
AVS Video Converter 4.3.1.371 --> "C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Blaze Media Pro --> "C:\Documents and Settings\geo g\Local Settings\Application Data\{56759C22-EA1E-4BE5-A903-72F67D450F43}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
BT Broadband Desktop Help --> C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Broadband Talk Softphone 3.1 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Colin McRae Rally 2005 --> D:\Program Files\Codemasters\Colin McRae Rally 2005\Uninst.exe /pid:{8BAD4440-26D7-4A40-B844-066D2AF3550C} /asd
ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
ConvertXtoDVD 3.0.0.9 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Dassault Systemes Software Prerequisites x86 --> MsiExec.exe /I{9877BCD9-6698-4951-AE19-D5F398D83D5A}
DC++ 0.705 --> "C:\Program Files\DC++ 0.705\uninstall.exe"
Diskeeper 2007 Pro Premier --> MsiExec.exe /X{6461F54A-2927-4EE1-9B38-DB5AA0E7795A}
DriverGuide DriverScan --> C:\Program Files\DriverGuide DriverScan\uninstall.exe
DriverGuide Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D13D318A-43CB-4D0C-9EF6-E1B01FF25279}\setup.exe"
DU Meter --> "C:\Program Files\DU Meter\unins000.exe"
EA SPORTS online 2008 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
FastStone Capture 5.3 --> C:\Program Files\FastStone Capture\uninst.exe
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Giganews Accelerator --> MsiExec.exe /I{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}
Giganews Binary Newsreader 5 --> "C:\Program Files\Giganews Binary Newsreader\unins000.exe"
GrabIt 1.7.1 Beta (build 960) --> "C:\Program Files\GrabIt\unins000.exe"
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotspot Shield 1.03a --> C:\Program Files\Hotspot Shield\Uninstall.exe
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
iolo technologies' System Mechanic Professional 7 --> "C:\Program Files\iolo\System Mechanic Professional 7\unins000.exe"
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.5.3 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MakeTorrent v2.1 --> "C:\Program Files\Maketorrent 2\uninstall.exe"
Memturbo ™ 4 --> "C:\Program Files\Memturbo 4\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b5) --> C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsLeecher v3.8 Final --> "C:\Program Files\NewsLeecher\unins000.exe"
No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Add-on Pack --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_1_0_38\Temp{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}.exe" /X
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Spyware Scan -->
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Paragon Hard Disk Manager 2008 Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9E4BB29-FA98-401B-9EDE-9906906E33DE}\Setup.exe" -l0x9
PC Pitstop Driver Alert 1.0 --> "C:\Program Files\PCPitstop\Driver Alert\unins000.exe"
PC Pitstop Optimize 1.5 --> "C:\Program Files\PCPitstop\Optimize\unins000.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Registry First Aid --> "C:\Program Files\RFA 6\unins000.exe"
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Roland Garros 2001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39A77F0D-61C4-4FC9-ADFE-8C71AE692400}\setup.exe" -uninst
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SopCast 2.0.4 --> C:\Program Files\SopCast\uninst.exe
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPER © Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.2.52 --> C:\Program Files\TVUPlayer\uninst.exe
UEFA EURO 2008™ --> MsiExec.exe /X{94894501-EC12-432B-B8E2-AA8470CC6266}
UseNeXT --> "C:\Program Files\UseNeXT\unins001.exe"
Video Editor --> C:\Program Files\Xilisoft\Video Editor\Uninstall.exe
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
Vista Drive Icon 1.3 --> C:\Program Files\Vista Drive Icon\uninst.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
WebFldrs XP -->
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xilisoft Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3.52\Uninstall.exe
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4502 / Error
Event Submitted/Written: 05/23/2008 11:54:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module mljbrjcr.dll, version 0.0.0.0, fault address 0x0003109f.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type4500 / Error
Event Submitted/Written: 05/23/2008 10:51:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x00000200.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type4499 / Error
Event Submitted/Written: 05/23/2008 08:16:18 AM
Event ID/Source: 1 / DUMeterSvc
Event Description:
Service starting failed : "System Error. Code: 111.
The file name is too long"

Event Record #/Type4466 / Error
Event Submitted/Written: 05/23/2008 01:45:36 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4465 / Error
Event Submitted/Written: 05/23/2008 01:01:40 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module qomfdedd.dll, version 0.0.0.0, fault address 0x0003109f.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16227 / Error
Event Submitted/Written: 05/23/2008 08:16:13 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The DU Meter Service service hung on starting.

Event Record #/Type16205 / Error
Event Submitted/Written: 05/23/2008 01:52:41 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The DU Meter Service service hung on starting.

Event Record #/Type16193 / Error
Event Submitted/Written: 05/23/2008 01:45:51 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type16138 / Error
Event Submitted/Written: 05/23/2008 00:34:54 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The DU Meter Service service hung on starting.

Event Record #/Type16093 / Error
Event Submitted/Written: 05/22/2008 05:12:13 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The DU Meter Service service hung on starting.



-- End of Deckard's System Scanner: finished at 2008-05-23 11:59:29 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:56 PM

Posted 23 May 2008 - 09:39 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

================


Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 davie cooper

davie cooper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 23 May 2008 - 02:56 PM

Thanks for your reply and help.

Here is the combofix log

ComboFix 08-05-21.3 - geo g 2008-05-23 20:31:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1459 [GMT 1:00]
Running from: C:\Documents and Settings\geo g\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM4712ce19.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system\update.exe
C:\WINDOWS\system32\ddedfMoq.ini
C:\WINDOWS\system32\ddedfMoq.ini2
C:\WINDOWS\system32\efcDWNhi.dll
C:\WINDOWS\system32\khffgEvt.dll
C:\WINDOWS\system32\KSBLknmp.ini
C:\WINDOWS\system32\KSBLknmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBRJCr.dll
C:\WINDOWS\system32\plxfmrlc.ini
C:\WINDOWS\system32\rCJRBJlm.ini
C:\WINDOWS\system32\rCJRBJlm.ini2
C:\WINDOWS\system32\shsdsxgl.ini
C:\WINDOWS\system32\vtUlLEWq.dll
C:\WINDOWS\system32\YJTBeMoq.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-23 20:25 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-23 20:24 . 2008-05-23 20:24 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-23 12:05 . 2008-05-23 12:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 12:05 . 2008-05-23 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 11:56 . 2008-05-23 11:56 <DIR> d-------- C:\Deckard
2008-05-23 08:28 . 2008-05-23 08:28 134,144 --a------ C:\WINDOWS\system32\hbicgmll.dll
2008-05-23 08:28 . 2008-05-23 08:28 115,200 --a------ C:\WINDOWS\system32\lgxsdshs.dll
2008-05-23 08:22 . 2008-05-23 08:22 92,160 --a------ C:\WINDOWS\system32\wxicoxbi.dll
2008-05-23 08:19 . 2008-05-23 08:19 126,464 --a------ C:\WINDOWS\system32\sbgkrcdu.dll
2008-05-23 02:28 . 2008-05-23 02:28 126,464 --a------ C:\WINDOWS\system32\upnnyxnl.dll
2008-05-23 01:55 . 2008-05-23 01:55 370,688 --a------ C:\WINDOWS\system32\pmnkLBSK.dll_old
2008-05-23 01:49 . 2008-05-23 01:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-05-23 01:44 . 2008-05-23 01:48 <DIR> d-------- C:\VundoFix Backups
2008-05-23 01:19 . 2008-05-23 02:27 269 --a------ C:\WINDOWS\wininit.ini
2008-05-22 12:39 . 2008-05-22 12:39 135,680 --a------ C:\WINDOWS\system32\hyucwlwn.dll
2008-05-22 12:33 . 2008-05-22 12:33 126,976 --a------ C:\WINDOWS\system32\hrsoqolk.dll
2008-05-22 12:33 . 2008-05-22 12:33 114,176 --a------ C:\WINDOWS\system32\clrmfxlp.dll
2008-05-22 12:30 . 2008-05-22 12:30 92,160 --a------ C:\WINDOWS\system32\srnxjijm.dll
2008-05-22 12:22 . 2008-05-22 12:22 <DIR> dr-h----- C:\Documents and Settings\geo g\Application Data\SecuROM
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\WindowBlinds
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\Wallpapers
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\Icons
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\IconPackager
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\Gadgets
2008-05-19 11:45 . 2008-05-19 11:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-19 11:45 . 2008-05-19 11:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 02:26 . 2008-05-18 02:26 <DIR> d-------- C:\Program Files\UseNeXT
2008-05-15 11:55 . 2008-05-15 11:55 <DIR> d-------- C:\Program Files\Oxygen Interactive
2008-05-15 08:33 . 2008-02-15 12:45 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-15 08:10 . 2008-05-15 08:10 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-14 01:37 . 2008-05-20 19:23 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\UseNeXT
2008-05-11 09:53 . 2008-05-11 09:53 <DIR> d-------- C:\Program Files\EA SPORTS
2008-05-11 01:52 . 2008-05-13 19:14 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\NewsBin
2008-05-11 01:52 . 2008-05-13 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NewsBin
2008-05-11 01:28 . 2008-05-11 01:28 <DIR> d-------- C:\Program Files\Giganews Accelerator
2008-05-11 01:28 . 2008-05-16 22:16 <DIR> d-------- C:\Documents and Settings\geo g\Downloads
2008-05-11 01:28 . 2008-05-16 01:23 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\NewsLeecher
2008-05-11 00:08 . 2008-05-12 00:22 <DIR> d-------- C:\Program Files\Giganews Binary Newsreader
2008-05-10 10:53 . 2008-05-10 10:54 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-05-06 09:32 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-05-06 09:32 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-05-06 09:32 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-05-06 09:32 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-05-06 09:28 . 2008-05-06 09:28 0 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-06 07:43 . 2008-05-06 07:43 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-05-06 07:43 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-05-06 07:43 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-05 13:20 . 2008-05-05 13:20 <DIR> d-------- C:\WINDOWS\Performance
2008-05-05 13:20 . 2008-05-06 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-04 09:44 . 2008-05-04 09:44 <DIR> d-------- C:\Program Files\eRightSoft
2008-05-03 16:33 . 2008-05-03 16:33 <DIR> d-------- C:\Program Files\Common Files\Synacast
2008-05-03 16:33 . 2008-05-03 16:33 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\PPMate
2008-05-02 08:39 . 2008-05-02 08:39 <DIR> d-------- C:\Program Files\iolo
2008-05-02 08:39 . 2006-07-24 18:51 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2008-05-01 07:16 . 2008-05-01 07:16 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-28 17:20 . 2008-04-28 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-28 17:18 . 2008-04-28 17:18 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-28 17:18 . 2008-04-28 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-26 17:02 . 2008-04-26 17:03 26 --a------ C:\WINDOWS\dvdSanta.INI
2008-04-26 16:57 . 2008-04-26 16:57 <DIR> d-------- C:\Program Files\Haali
2008-04-26 16:57 . 2008-04-26 16:57 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\CoreCodec
2008-04-25 08:11 . 2008-04-25 08:11 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\Configuration
2008-04-25 07:58 . 2008-04-25 07:58 <DIR> d-------- C:\Program Files\DriverGuide DriverScan
2008-04-25 07:45 . 2008-04-25 07:45 <DIR> d-------- C:\My Drivers
2008-04-25 07:43 . 2008-04-25 08:11 <DIR> d-------- C:\Program Files\DriverGuide Toolkit
2008-04-25 07:43 . 2005-12-06 14:06 903,352 --a------ C:\WINDOWS\system32\Codejock.CommandBars.v9.81.ocx
2008-04-25 07:43 . 2005-12-06 14:06 526,520 --a------ C:\WINDOWS\system32\Codejock.DockingPane.v9.81.ocx
2008-04-25 07:43 . 2005-12-06 14:06 428,216 --a------ C:\WINDOWS\system32\Codejock.ReportControl.v9.81.ocx
2008-04-25 07:43 . 2005-12-06 14:06 334,008 --a------ C:\WINDOWS\system32\Codejock.TaskPanel.v9.81.ocx
2008-04-25 07:43 . 2004-03-09 01:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-04-25 07:43 . 2001-11-29 09:57 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2008-04-24 11:02 . 2008-04-24 11:06 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-24 11:00 . 2008-04-24 11:00 56 -rahs---- C:\WINDOWS\system32\28DF03CB8E.sys
2008-04-24 10:27 . 2008-04-24 10:27 <DIR> d-------- C:\Program Files\Gabest
2008-04-24 10:27 . 2008-04-24 10:27 <DIR> d-------- C:\Program Files\AutoGK
2008-04-24 10:27 . 2008-04-24 10:27 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-04-23 18:19 . 2008-04-23 18:19 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-04-23 18:16 . 2008-04-23 18:16 <DIR> d-------- C:\Program Files\Cryo
2008-04-23 00:29 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-23 00:29 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-04-23 00:29 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-23 00:29 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-04-23 00:29 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-23 00:29 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-04-23 00:29 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-23 00:29 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-04-23 00:23 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-04-23 00:23 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-04-23 00:23 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-04-23 00:23 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-04-23 00:23 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-04-23 00:22 . 2008-04-23 00:22 324 --a------ C:\WINDOWS\game.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 19:25 --------- d-----w C:\Program Files\Java
2008-05-23 19:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 19:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 12:14 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-23 12:11 --------- d-----w C:\Documents and Settings\geo g\Application Data\uTorrent
2008-05-23 00:49 --------- d-----w C:\Program Files\PowerISO
2008-05-22 11:22 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 09:37 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
2008-05-22 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-05-17 00:39 --------- d-----w C:\Program Files\SopCast
2008-05-15 10:39 --------- d-----w C:\Program Files\a-squared Free
2008-05-13 23:24 --------- d-----w C:\Program Files\NewsLeecher
2008-05-13 00:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-05-12 18:26 --------- d-----w C:\Program Files\DC++
2008-05-06 09:26 --------- d-----w C:\Documents and Settings\geo g\Application Data\Vso
2008-05-06 08:32 --------- d-----w C:\Program Files\VSO
2008-05-05 08:43 --------- d-----w C:\Program Files\DivX
2008-05-05 07:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-03 07:56 --------- d-----w C:\Documents and Settings\geo g\Application Data\GrabIt
2008-05-02 07:49 --------- d-----w C:\Documents and Settings\geo g\Application Data\iolo
2008-05-02 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-04-28 16:21 --------- d-----w C:\Program Files\QuickTime
2008-04-25 06:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 03:21 --------- d-----w C:\Program Files\PCPitstop
2008-04-22 17:43 --------- d-----w C:\Program Files\RFA 6
2008-04-22 11:47 --------- d-----w C:\Program Files\Norton 360
2008-04-20 11:30 --------- d-----w C:\Program Files\MagicISO
2008-04-20 02:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-19 07:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-04-19 00:52 --------- d-----w C:\Program Files\Yahoo!
2008-04-19 00:42 --------- d-----w C:\Documents and Settings\geo g\Application Data\Symantec
2008-04-19 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-19 00:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-19 00:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-19 00:06 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-19 00:06 --------- d-----w C:\Program Files\Symantec
2008-04-18 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-17 18:28 --------- d-----w C:\Documents and Settings\geo g\Application Data\Uniblue
2008-04-17 02:15 --------- d-----w C:\Program Files\Alex Feinman
2008-04-14 09:05 --------- d-----w C:\Program Files\uTorrent
2008-04-12 12:27 --------- d-----w C:\Program Files\WinAVI Video Converter 9.0
2008-04-10 09:35 --------- d-----w C:\Program Files\Panda Security
2008-04-06 10:57 --------- d-----w C:\Program Files\ERUNT
2008-04-06 10:04 --------- d-----w C:\Program Files\everest
2008-04-06 01:08 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-04-04 12:56 --------- d-----w C:\Documents and Settings\geo g\Application Data\Ahead
2008-04-02 12:49 --------- d-----w C:\Program Files\Paragon Software
2008-04-02 02:24 --------- d-----w C:\Documents and Settings\geo g\Application Data\DivX
2008-04-02 01:35 --------- d-----w C:\Documents and Settings\geo g\Application Data\Dr. DivX 2.0 OSS
2008-04-01 07:40 --------- d-----w C:\Program Files\DC++ 0.705
2008-03-31 13:02 --------- d-----w C:\Program Files\GrabIt
2008-03-25 10:30 --------- d-----w C:\Program Files\AVI MPEG RM WMV Joiner
2008-02-02 18:13 87,608 ----a-w C:\Documents and Settings\geo g\Application Data\inst.exe
2008-02-02 18:13 47,360 ----a-w C:\Documents and Settings\geo g\Application Data\pcouffin.sys
2007-08-16 21:11 423,416 ----a-w C:\Program Files\preview_vista.bmp
2007-08-16 21:11 423,416 ----a-w C:\Program Files\preview.bmp
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-17 03:54 2582288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-02 17:59 292152]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 20:59 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-03-31 16:11 725352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\geo g\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\Memturbo 4\MemTurbo.exe [2008-02-02 18:58:14 2314752]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-02-02 19:01:19 1172992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-02-02 19:22 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-02-16 19:49 149024 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2008-02-15 12:46 159744 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2008-02-15 12:46 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2008-02-15 12:46 135168 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-13 13:05 16239616 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-13 03:38]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 09:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-23 19:37:19 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-22 02:04:34 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 20:37:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-23 20:40:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-23 19:40:31

Pre-Run: 27,852,169,216 bytes free
Post-Run: 27,896,352,768 bytes free

318 --- E O F --- 2008-05-16 23:28:36

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:56 PM

Posted 24 May 2008 - 07:59 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\hbicgmll.dll
C:\WINDOWS\system32\lgxsdshs.dll
C:\WINDOWS\system32\wxicoxbi.dll
C:\WINDOWS\system32\sbgkrcdu.dll
C:\WINDOWS\system32\upnnyxnl.dll
C:\WINDOWS\system32\pmnkLBSK.dll_old
C:\WINDOWS\system32\hyucwlwn.dll
C:\WINDOWS\system32\hrsoqolk.dll
C:\WINDOWS\system32\clrmfxlp.dll
C:\WINDOWS\system32\srnxjijm.dll
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 davie cooper

davie cooper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 26 May 2008 - 02:25 AM

Here are my ComboFix & SUPERAntiSpyware logs.


ComboFix 08-05-21.3 - geo g 2008-05-24 18:01:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1274 [GMT 1:00]
Running from: C:\Documents and Settings\geo g\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\geo g\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\clrmfxlp.dll
C:\WINDOWS\system32\hbicgmll.dll
C:\WINDOWS\system32\hrsoqolk.dll
C:\WINDOWS\system32\hyucwlwn.dll
C:\WINDOWS\system32\lgxsdshs.dll
C:\WINDOWS\system32\pmnkLBSK.dll_old
C:\WINDOWS\system32\sbgkrcdu.dll
C:\WINDOWS\system32\srnxjijm.dll
C:\WINDOWS\system32\upnnyxnl.dll
C:\WINDOWS\system32\wxicoxbi.dll
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\geo g\Application Data\inst.exe
C:\WINDOWS\system32\clrmfxlp.dll
C:\WINDOWS\system32\hbicgmll.dll
C:\WINDOWS\system32\hrsoqolk.dll
C:\WINDOWS\system32\hyucwlwn.dll
C:\WINDOWS\system32\lgxsdshs.dll
C:\WINDOWS\system32\sbgkrcdu.dll
C:\WINDOWS\system32\srnxjijm.dll
C:\WINDOWS\system32\upnnyxnl.dll
C:\WINDOWS\system32\wxicoxbi.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-23 20:25 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-23 20:24 . 2008-05-23 20:24 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-23 12:05 . 2008-05-23 12:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 12:05 . 2008-05-23 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 11:56 . 2008-05-23 11:56 <DIR> d-------- C:\Deckard
2008-05-23 01:49 . 2008-05-23 01:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-05-23 01:44 . 2008-05-23 01:48 <DIR> d-------- C:\VundoFix Backups
2008-05-23 01:19 . 2008-05-23 21:57 325 --a------ C:\WINDOWS\wininit.ini
2008-05-22 12:22 . 2008-05-22 12:22 <DIR> dr-h----- C:\Documents and Settings\geo g\Application Data\SecuROM
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\WindowBlinds
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\Wallpapers
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\Icons
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\IconPackager
2008-05-21 04:06 . 2008-05-07 15:38 <DIR> d-------- C:\Program Files\Gadgets
2008-05-19 11:45 . 2008-05-19 11:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-19 11:45 . 2008-05-19 11:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 02:26 . 2008-05-18 02:26 <DIR> d-------- C:\Program Files\UseNeXT
2008-05-15 11:55 . 2008-05-15 11:55 <DIR> d-------- C:\Program Files\Oxygen Interactive
2008-05-15 08:33 . 2008-02-15 12:45 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-15 08:10 . 2008-05-15 08:10 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-14 01:37 . 2008-05-20 19:23 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\UseNeXT
2008-05-11 09:53 . 2008-05-11 09:53 <DIR> d-------- C:\Program Files\EA SPORTS
2008-05-11 01:52 . 2008-05-13 19:14 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\NewsBin
2008-05-11 01:52 . 2008-05-13 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NewsBin
2008-05-11 01:28 . 2008-05-11 01:28 <DIR> d-------- C:\Program Files\Giganews Accelerator
2008-05-11 01:28 . 2008-05-16 22:16 <DIR> d-------- C:\Documents and Settings\geo g\Downloads
2008-05-11 01:28 . 2008-05-16 01:23 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\NewsLeecher
2008-05-11 00:08 . 2008-05-12 00:22 <DIR> d-------- C:\Program Files\Giganews Binary Newsreader
2008-05-10 10:53 . 2008-05-10 10:54 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-05-06 09:32 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-05-06 09:32 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-05-06 09:32 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-05-06 09:32 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-05-06 09:28 . 2008-05-06 09:28 0 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-06 07:43 . 2008-05-06 07:43 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-05-06 07:43 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-05-06 07:43 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-05 13:20 . 2008-05-05 13:20 <DIR> d-------- C:\WINDOWS\Performance
2008-05-05 13:20 . 2008-05-06 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-04 09:44 . 2008-05-04 09:44 <DIR> d-------- C:\Program Files\eRightSoft
2008-05-03 16:33 . 2008-05-03 16:33 <DIR> d-------- C:\Program Files\Common Files\Synacast
2008-05-03 16:33 . 2008-05-03 16:33 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\PPMate
2008-05-02 08:39 . 2008-05-02 08:39 <DIR> d-------- C:\Program Files\iolo
2008-05-02 08:39 . 2006-07-24 18:51 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2008-05-01 07:16 . 2008-05-01 07:16 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-28 17:20 . 2008-04-28 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-28 17:18 . 2008-04-28 17:18 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-28 17:18 . 2008-04-28 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-26 17:02 . 2008-04-26 17:03 26 --a------ C:\WINDOWS\dvdSanta.INI
2008-04-26 16:57 . 2008-04-26 16:57 <DIR> d-------- C:\Program Files\Haali
2008-04-26 16:57 . 2008-04-26 16:57 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\CoreCodec
2008-04-25 08:11 . 2008-04-25 08:11 <DIR> d-------- C:\Documents and Settings\geo g\Application Data\Configuration
2008-04-25 07:58 . 2008-04-25 07:58 <DIR> d-------- C:\Program Files\DriverGuide DriverScan
2008-04-25 07:45 . 2008-04-25 07:45 <DIR> d-------- C:\My Drivers
2008-04-25 07:43 . 2008-04-25 08:11 <DIR> d-------- C:\Program Files\DriverGuide Toolkit
2008-04-25 07:43 . 2005-12-06 14:06 903,352 --a------ C:\WINDOWS\system32\Codejock.CommandBars.v9.81.ocx
2008-04-25 07:43 . 2005-12-06 14:06 526,520 --a------ C:\WINDOWS\system32\Codejock.DockingPane.v9.81.ocx
2008-04-25 07:43 . 2005-12-06 14:06 428,216 --a------ C:\WINDOWS\system32\Codejock.ReportControl.v9.81.ocx
2008-04-25 07:43 . 2005-12-06 14:06 334,008 --a------ C:\WINDOWS\system32\Codejock.TaskPanel.v9.81.ocx
2008-04-25 07:43 . 2004-03-09 01:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-04-25 07:43 . 2001-11-29 09:57 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2008-04-24 11:02 . 2008-04-24 11:06 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-24 11:00 . 2008-04-24 11:00 56 -rahs---- C:\WINDOWS\system32\28DF03CB8E.sys
2008-04-24 10:27 . 2008-04-24 10:27 <DIR> d-------- C:\Program Files\Gabest
2008-04-24 10:27 . 2008-04-24 10:27 <DIR> d-------- C:\Program Files\AutoGK
2008-04-24 10:27 . 2008-04-24 10:27 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 09:51 --------- d-----w C:\Documents and Settings\geo g\Application Data\uTorrent
2008-05-24 09:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 19:25 --------- d-----w C:\Program Files\Java
2008-05-23 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 19:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 12:14 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-23 00:49 --------- d-----w C:\Program Files\PowerISO
2008-05-22 11:22 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 09:37 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
2008-05-22 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-05-17 00:39 --------- d-----w C:\Program Files\SopCast
2008-05-15 10:39 --------- d-----w C:\Program Files\a-squared Free
2008-05-13 23:24 --------- d-----w C:\Program Files\NewsLeecher
2008-05-13 00:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-05-12 18:26 --------- d-----w C:\Program Files\DC++
2008-05-06 09:26 --------- d-----w C:\Documents and Settings\geo g\Application Data\Vso
2008-05-06 08:32 --------- d-----w C:\Program Files\VSO
2008-05-05 08:43 --------- d-----w C:\Program Files\DivX
2008-05-05 07:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-03 07:56 --------- d-----w C:\Documents and Settings\geo g\Application Data\GrabIt
2008-05-02 07:49 --------- d-----w C:\Documents and Settings\geo g\Application Data\iolo
2008-05-02 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-04-28 16:21 --------- d-----w C:\Program Files\QuickTime
2008-04-25 06:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 03:21 --------- d-----w C:\Program Files\PCPitstop
2008-04-23 17:16 --------- d-----w C:\Program Files\Cryo
2008-04-22 17:43 --------- d-----w C:\Program Files\RFA 6
2008-04-22 11:47 --------- d-----w C:\Program Files\Norton 360
2008-04-20 11:30 --------- d-----w C:\Program Files\MagicISO
2008-04-20 02:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-19 07:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-04-19 00:52 --------- d-----w C:\Program Files\Yahoo!
2008-04-19 00:42 --------- d-----w C:\Documents and Settings\geo g\Application Data\Symantec
2008-04-19 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-19 00:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-19 00:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-19 00:06 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-19 00:06 --------- d-----w C:\Program Files\Symantec
2008-04-18 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-17 18:28 --------- d-----w C:\Documents and Settings\geo g\Application Data\Uniblue
2008-04-17 02:15 --------- d-----w C:\Program Files\Alex Feinman
2008-04-14 09:05 --------- d-----w C:\Program Files\uTorrent
2008-04-12 12:27 --------- d-----w C:\Program Files\WinAVI Video Converter 9.0
2008-04-10 09:35 --------- d-----w C:\Program Files\Panda Security
2008-04-06 10:57 --------- d-----w C:\Program Files\ERUNT
2008-04-06 10:04 --------- d-----w C:\Program Files\everest
2008-04-06 01:08 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-04-04 12:56 --------- d-----w C:\Documents and Settings\geo g\Application Data\Ahead
2008-04-02 12:49 --------- d-----w C:\Program Files\Paragon Software
2008-04-02 02:24 --------- d-----w C:\Documents and Settings\geo g\Application Data\DivX
2008-04-02 01:35 --------- d-----w C:\Documents and Settings\geo g\Application Data\Dr. DivX 2.0 OSS
2008-04-01 07:40 --------- d-----w C:\Program Files\DC++ 0.705
2008-03-31 13:02 --------- d-----w C:\Program Files\GrabIt
2008-03-25 10:30 --------- d-----w C:\Program Files\AVI MPEG RM WMV Joiner
2008-02-02 18:13 47,360 ----a-w C:\Documents and Settings\geo g\Application Data\pcouffin.sys
2007-08-16 21:11 423,416 ----a-w C:\Program Files\preview_vista.bmp
2007-08-16 21:11 423,416 ----a-w C:\Program Files\preview.bmp
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-23_20.40.05.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 19:37:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 17:06:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 17:13:04 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 12:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2008-05-24 17:06:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-17 03:54 2582288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-02 17:59 292152]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 20:59 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-03-31 16:11 725352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\geo g\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\Memturbo 4\MemTurbo.exe [2008-02-02 18:58:14 2314752]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-02-02 19:01:19 1172992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-02-02 19:22 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-02-16 19:49 149024 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2008-02-15 12:46 159744 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2008-02-15 12:46 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2008-02-15 12:46 135168 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-13 13:05 16239616 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-13 03:38]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 09:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-24 17:06:22 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-22 02:04:34 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 18:06:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2008-05-24 18:09:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 17:09:38
ComboFix2.txt 2008-05-23 19:40:38

Pre-Run: 27,898,261,504 bytes free
Post-Run: 27,885,506,560 bytes free

303 --- E O F --- 2008-05-16 23:28:36






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/24/2008 at 07:59 PM

Application Version : 4.1.1046

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Complete Scan
Total Scan Time : 01:23:03

Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 6005
Registry threats detected : 6
File items scanned : 115262
File threats detected : 7

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{514A5C49-0C7D-42c3-A71B-38864A269B7A}
HKCR\CLSID\{514A5C49-0C7D-42C3-A71B-38864A269B7A}
HKCR\CLSID\{514A5C49-0C7D-42C3-A71B-38864A269B7A}\InprocServer32
HKCR\CLSID\{514A5C49-0C7D-42C3-A71B-38864A269B7A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WXICOXBI.DLL
HKCR\CLSID\{514A5C49-0C7D-42C3-A71B-38864A269B7A}
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SRNXJIJM.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WXICOXBI.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ADDFD759-88D7-4D81-AB28-35BC32038C43}\RP180\A0025816.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ADDFD759-88D7-4D81-AB28-35BC32038C43}\RP180\A0025852.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ADDFD759-88D7-4D81-AB28-35BC32038C43}\RP186\A0026588.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ADDFD759-88D7-4D81-AB28-35BC32038C43}\RP186\A0026590.DLL

Registry Cleaner Trial
HKU\S-1-5-21-1606980848-299502267-682003330-1004\Software\SoftwareOnline.com

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:56 PM

Posted 26 May 2008 - 10:58 AM

Please post a new log from DSS.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 davie cooper

davie cooper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 27 May 2008 - 04:01 AM

Hi Buckeye_Sam.

Ive been at the computer for a few hours here and there over the past few days and everything seems to be back to normal !!!!!

I'll post the DSS Log for you to look at to make sure everything is fine again.

Thanks for taking the time out to help me with this , its really very much APPRECIATED.



Deckard's System Scanner v20071014.68
Run by geo g on 2008-05-27 09:55:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as geo g.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-27 09:55:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\geo g\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.254
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: about://internet (HKCU)
O15 - Trusted Zone: http://mcafee.com (HKCU)
O15 - Trusted Zone: https://mcafee.com (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} () - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} () - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} () - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} () - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205888818359
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} () - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} () - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} () - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} () - http://plugin.driveragent.com/files/driveragent.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{5526FA66-6F0D-49A0-88A8-1167B07FF26B}: NameServer = 10.172.128.1
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 11098 bytes

-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-27 03:32:42 0 dr-h----- C:\Documents and Settings\geo g\Recent
2008-05-26 10:39:44 0 d-------- C:\Program Files\Max DVD to AVI Converter 4.0
2008-05-26 00:31:58 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-26 00:31:55 0 d-------- C:\Documents and Settings\geo g\Application Data\SystemRequirementsLab
2008-05-24 18:32:32 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-24 18:32:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-24 18:32:25 0 d-------- C:\Documents and Settings\geo g\Application Data\SUPERAntiSpyware.com
2008-05-23 20:30:41 68096 --a------ C:\WINDOWS\zip.exe
2008-05-23 20:30:41 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-23 20:30:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-23 20:30:41 98816 --a------ C:\WINDOWS\sed.exe
2008-05-23 20:30:41 80412 --a------ C:\WINDOWS\grep.exe
2008-05-23 20:30:41 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-23 20:30:40 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-23 20:30:40 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-23 20:24:06 0 d-------- C:\Program Files\Common Files\Java
2008-05-23 12:05:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 12:05:07 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 01:49:00 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-05-23 01:44:06 0 d-------- C:\VundoFix Backups
2008-05-22 12:22:28 0 dr-h----- C:\Documents and Settings\geo g\Application Data\SecuROM
2008-05-21 04:11:03 8126464 --a------ C:\Documents and Settings\geo g\ntuser.dat
2008-05-21 04:06:16 0 d-------- C:\Program Files\WindowBlinds
2008-05-21 04:06:15 0 d-------- C:\Program Files\Wallpapers
2008-05-21 04:06:15 0 d-------- C:\Program Files\Icons
2008-05-21 04:06:14 0 d-------- C:\Program Files\IconPackager
2008-05-21 04:06:12 0 d-------- C:\Program Files\Gadgets
2008-05-18 02:26:12 0 d-------- C:\Program Files\UseNeXT
2008-05-15 11:55:24 0 d-------- C:\Program Files\Oxygen Interactive
2008-05-15 08:32:18 0 d-------- C:\Intel
2008-05-15 08:10:57 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-05-14 01:37:56 0 d-------- C:\Documents and Settings\geo g\Application Data\UseNeXT
2008-05-11 09:53:56 0 d-------- C:\Program Files\EA SPORTS
2008-05-11 01:52:22 0 d-------- C:\Documents and Settings\geo g\Application Data\NewsBin
2008-05-11 01:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\NewsBin
2008-05-11 01:28:38 0 d-------- C:\Documents and Settings\geo g\Downloads
2008-05-11 01:28:35 0 d-------- C:\Documents and Settings\geo g\Application Data\NewsLeecher
2008-05-11 01:28:02 0 d-------- C:\Program Files\Giganews Accelerator
2008-05-11 00:08:05 0 d-------- C:\Program Files\Giganews Binary Newsreader
2008-05-10 10:53:28 0 d-------- C:\Program Files\Blaze Media Pro
2008-05-06 09:32:37 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-05-06 09:32:36 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-05-06 07:43:18 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-05-06 07:43:18 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-05-06 07:43:18 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-05 13:20:31 0 d-------- C:\WINDOWS\Performance
2008-05-05 13:20:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-05 07:56:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-04 09:45:30 408576 --a------ C:\WINDOWS\system32\Smab.dll
2008-05-04 09:45:29 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-05-04 09:45:29 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-05-04 09:45:29 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-05-04 09:45:28 217073 --a------ C:\WINDOWS\meta4.exe
2008-05-04 09:45:11 27648 --ahs---- C:\WINDOWS\system32\Smab0.dll
2008-05-04 09:45:10 31232 -rahs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-05-04 09:45:10 163328 -rahs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-05-04 09:44:48 0 d-------- C:\Program Files\eRightSoft
2008-05-03 16:33:40 0 d-------- C:\Documents and Settings\geo g\Application Data\PPMate
2008-05-03 16:33:39 0 d-------- C:\Program Files\Common Files\Synacast
2008-05-02 08:39:26 9341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-05-02 08:39:18 0 d-------- C:\Program Files\iolo
2008-05-01 07:16:32 0 d-------- C:\Program Files\Virtual Earth 3D
2008-04-28 17:20:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-28 17:18:58 0 d-------- C:\Program Files\Apple Software Update
2008-04-28 17:18:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-05-27 09:54:58 0 d-------- C:\Documents and Settings\geo g\Application Data\uTorrent
2008-05-27 03:34:05 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000002-80651102}.dat
2008-05-27 03:34:05 24 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000002-80651102}.dat
2008-05-27 03:14:42 0 d-------- C:\Program Files\PeerGuardian2
2008-05-27 00:34:10 0 d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-05-26 10:05:22 0 d-------- C:\Documents and Settings\geo g\Application Data\Vso
2008-05-26 10:05:12 668 --a------ C:\Documents and Settings\geo g\Application Data\vso_ts_preview.xml
2008-05-26 09:04:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-24 18:32:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 20:25:07 0 d-------- C:\Program Files\Java
2008-05-23 20:24:06 0 d-------- C:\Program Files\Common Files
2008-05-23 01:49:22 0 d-------- C:\Program Files\PowerISO
2008-05-22 12:22:36 0 d-------- C:\Program Files\SpeedFan
2008-05-22 10:37:54 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-17 01:39:40 0 d-------- C:\Program Files\SopCast
2008-05-15 11:39:11 0 d-------- C:\Program Files\a-squared Free
2008-05-14 00:24:08 0 d-------- C:\Program Files\NewsLeecher
2008-05-13 01:04:20 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-05-12 19:26:58 0 d-------- C:\Program Files\DC++
2008-05-06 09:32:34 0 d-------- C:\Program Files\VSO
2008-05-05 09:43:21 0 d-------- C:\Program Files\DivX
2008-05-05 08:16:18 0 d-------- C:\Documents and Settings\geo g\Application Data\Adobe
2008-05-05 08:15:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-03 08:56:40 0 d-------- C:\Documents and Settings\geo g\Application Data\GrabIt
2008-05-02 08:49:50 0 d-------- C:\Documents and Settings\geo g\Application Data\iolo
2008-04-28 17:21:04 0 d-------- C:\Program Files\QuickTime
2008-04-26 16:57:48 0 d-------- C:\Documents and Settings\geo g\Application Data\CoreCodec
2008-04-26 16:57:27 0 d-------- C:\Program Files\Haali
2008-04-25 08:11:43 0 d-------- C:\Program Files\DriverGuide Toolkit
2008-04-25 08:11:43 0 d-------- C:\Documents and Settings\geo g\Application Data\Configuration
2008-04-25 07:58:36 0 d-------- C:\Program Files\DriverGuide DriverScan
2008-04-25 07:43:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-24 11:06:13 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-24 11:00:10 56 -rahs---- C:\WINDOWS\system32\28DF03CB8E.sys
2008-04-24 10:29:06 645 --a------ C:\Documents and Settings\geo g\Application Data\AutoGK.ini
2008-04-24 10:27:39 0 d-------- C:\Program Files\AutoGK
2008-04-24 10:27:38 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-04-24 10:27:26 0 d-------- C:\Program Files\Gabest
2008-04-24 04:21:48 0 d-------- C:\Program Files\PCPitstop
2008-04-23 18:19:03 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-23 18:16:17 0 d-------- C:\Program Files\Cryo
2008-04-22 18:43:30 0 d-------- C:\Program Files\RFA 6
2008-04-22 12:47:50 0 d-------- C:\Program Files\Norton 360
2008-04-20 12:30:32 0 d-------- C:\Program Files\MagicISO
2008-04-20 03:24:00 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-19 08:40:16 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-19 01:52:26 0 d-------- C:\Program Files\Yahoo!
2008-04-19 01:42:58 0 d-------- C:\Documents and Settings\geo g\Application Data\Symantec
2008-04-19 01:06:55 0 d-------- C:\Program Files\Symantec
2008-04-17 19:28:50 0 d-------- C:\Documents and Settings\geo g\Application Data\Uniblue
2008-04-17 03:15:31 0 d-------- C:\Program Files\Alex Feinman
2008-04-14 10:05:23 0 d-------- C:\Program Files\uTorrent
2008-04-10 10:35:11 0 d-------- C:\Program Files\Panda Security
2008-04-06 11:04:44 0 d-------- C:\Program Files\everest
2008-04-06 02:08:58 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-04-04 13:56:16 0 d-------- C:\Documents and Settings\geo g\Application Data\Ahead
2008-04-02 13:49:20 0 d-------- C:\Program Files\Paragon Software
2008-04-02 03:24:09 0 d-------- C:\Documents and Settings\geo g\Application Data\DivX
2008-04-02 02:35:45 0 d-------- C:\Documents and Settings\geo g\Application Data\Dr. DivX 2.0 OSS
2008-04-01 22:56:17 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-01 22:56:17 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-01 08:40:22 0 d-------- C:\Program Files\DC++ 0.705
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:02:32 0 d-------- C:\Program Files\GrabIt
2008-03-29 00:57:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-13 10:08:46 38912 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-03-13 09:25:46 32768 --a------ C:\WINDOWS\system32\iolobtdfg.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [02/08/2007 17:59]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [04/07/2007 20:59]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 21:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 17:38]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [31/03/2008 16:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [18/09/2005 19:40]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [17/10/2007 03:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]

C:\Documents and Settings\geo g\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\Memturbo 4\MemTurbo.exe [02/02/2008 18:58:14]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [02/02/2008 19:01:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 02/02/2008 19:22 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a029aa46-d181-11dc-a43d-ca4803cb6657}]
AutoRun\command- H:\OnSpcLCK.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-05-27 09:55:37 ------------

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:56 PM

Posted 27 May 2008 - 02:05 PM

Looks good to me! :)

Just a few last things and you should be good to go! :thumbsup:


First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.

How to install and use the Windows XP Recovery Console



===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:56 PM

Posted 16 June 2008 - 07:56 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users