Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection/malware And Possibly Other Worms And Trojans.


  • Please log in to reply
1 reply to this topic

#1 wesmantooth

wesmantooth

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 26 May 2008 - 05:12 PM

Hey, I have been having virus problems and use to have kaspersky on free trial but don't have it anymore, and not going to pay for it. I have used the free spyware doctor from google and the norton anit virus from google and they seem to find some rogue spayware and cookie trackers and from time to time the virtumonde trojon along with another trojan. I use the remove feature but always seem to just reinstall themsleves onto my computer like an hour later. Anyways, i am posting my logs on here and hope to hear something soon. Thanks



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-26 15:03:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2008-05-26 22:03:31 UTC - RP581 - Deckard's System Scanner Restore Point
82: 2008-05-26 21:45:55 UTC - RP580 - Spyware Doctor: Cleaning Threats
81: 2008-05-26 01:03:26 UTC - RP579 - Spyware Doctor: Cleaning Threats
80: 2008-05-25 02:24:27 UTC - RP578 - Spyware Doctor: Cleaning Threats
79: 2008-05-25 02:23:19 UTC - RP577 - Spyware Doctor: Cleaning Threats


-- First Restore Point --
1: 2008-05-12 21:52:09 UTC - RP499 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.66 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:18 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {29C08A93-7F9A-4001-922F-FE3060E13DB4} - C:\WINDOWS\System32\geButsqn.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SXG Advisor - {65990097-F699-4216-9270-80572B89D23F} - C:\WINDOWS\dopfwrlgfm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINDOWS\System32\khfDsqqp.dll (file missing)
O2 - BHO: (no name) - {E386FB01-A9D2-4411-9C76-A939CC5BC044} - C:\WINDOWS\System32\cbXqpOge.dll
O2 - BHO: (no name) - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM9fddb80b] Rundll32.exe "C:\WINDOWS\system32\yifjuwku.dll",s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Softany Monitor Control] C:\Program Files\Softany\Monitor Control\MonitorControl.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177378152548
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177378386235
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: khfDsqqp - khfDsqqp.dll (file missing)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9585 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080510-035156-138 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080510-035156-312 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
backup-20080510-035156-428 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080510-035156-470 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
backup-20080510-035156-917 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080510-044158-581 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-220943-164 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080512-220943-168 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080512-220943-260 O3 - Toolbar: The egodktf - {00C1B214-1408-4F51-90AE-7EDAC2FAC36E} - C:\WINDOWS\egodktf.dll (file missing)
backup-20080512-220943-865 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080512-220943-897 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-221159-615 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
backup-20080512-221255-321 O4 - HKLM\..\Run: [9cee8b97] rundll32.exe "C:\WINDOWS\System32\trijdpxr.dll",b
backup-20080512-221255-328 O4 - HKLM\..\Run: [BM9fddb80b] Rundll32.exe "C:\WINDOWS\System32\cmsbwiqv.dll",s
backup-20080512-221417-211 O4 - HKCU\..\Run: [Rsmu] "C:\PROGRA~1\MANTEC~1\wucrtupd.exe" -vt yazb
backup-20080512-221417-354 O4 - HKCU\..\Run: [Xjylh] "C:\Program Files\Common Files\s?mbols\m?config.exe"
backup-20080512-221949-281 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-223439-104 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-224625-869 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-231336-532 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-233859-754 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-234147-862 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-234606-301 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-234920-692 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080512-235935-905 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080513-002234-993 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080513-002934-372 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080523-005518-457 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20080523-005518-969 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780} - c:\windows\temp\46.tmp (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-24 18:24:35 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-23 20:19:25 424 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-25 20:33:02 2560 --a------ C:\WINDOWS\system32\dtlhpdlf.exe
2008-05-25 20:32:53 90896 --a------ C:\WINDOWS\system32\yifjuwku.dll
2008-05-24 18:29:24 0 d-------- C:\Program Files\iPod
2008-05-24 18:29:18 0 d-------- C:\Program Files\iTunes
2008-05-24 18:28:08 0 d-------- C:\Program Files\QuickTime
2008-05-24 18:26:57 0 d-------- C:\Program Files\Common Files\Apple
2008-05-24 18:24:33 0 d-------- C:\Program Files\Apple Software Update
2008-05-24 18:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-24 01:34:52 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-24 00:20:17 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-24 00:19:22 0 d-------- C:\WINDOWS\Prefetch
2008-05-23 23:47:33 0 d-------- C:\WINDOWS\provisioning
2008-05-23 23:47:33 0 d-------- C:\WINDOWS\peernet
2008-05-23 23:31:45 100608 --a------ C:\WINDOWS\system32\eflfplci.dll
2008-05-23 23:28:49 2560 --a------ C:\WINDOWS\system32\ipwlncjl.exe
2008-05-23 23:28:45 83200 --a------ C:\WINDOWS\system32\yblqirvw.dll
2008-05-23 23:26:27 91008 --a------ C:\WINDOWS\system32\ghrcjxbq.dll
2008-05-23 22:26:43 0 d-------- C:\VundoFix Backups
2008-05-23 22:10:17 2560 --a------ C:\WINDOWS\system32\ywgdvqmd.exe
2008-05-23 22:04:18 100608 --a------ C:\WINDOWS\system32\fyjxrpuy.dll
2008-05-23 22:01:59 91008 --a------ C:\WINDOWS\system32\tjgnhefb.dll
2008-05-23 20:39:43 2560 --a------ C:\WINDOWS\system32\hawhsqng.exe
2008-05-23 20:36:42 100608 --a------ C:\WINDOWS\system32\pkiptqex.dll
2008-05-23 20:34:46 91008 --a------ C:\WINDOWS\system32\snfgaacw.dll
2008-05-23 20:31:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-23 20:19:29 0 d-------- C:\Program Files\Spyware Doctor
2008-05-23 20:19:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-05-23 20:19:13 0 d-------- C:\Program Files\Norton Security Scan
2008-05-23 17:40:08 2560 --a------ C:\WINDOWS\system32\kvoaroht.exe
2008-05-23 17:37:09 100608 --a------ C:\WINDOWS\system32\hiqdgkuc.dll
2008-05-23 17:31:49 91008 --a------ C:\WINDOWS\system32\iclnesbg.dll
2008-05-23 16:53:11 100608 --a------ C:\WINDOWS\system32\iuexxidt.dll
2008-05-23 16:50:57 2560 --a------ C:\WINDOWS\system32\dsbkpyku.exe
2008-05-23 16:50:51 91008 --a------ C:\WINDOWS\system32\brcgfbrj.dll
2008-05-23 16:17:08 2560 --a------ C:\WINDOWS\system32\gsomnirm.exe
2008-05-23 16:14:08 100608 --a------ C:\WINDOWS\system32\owcrcqii.dll
2008-05-23 16:05:49 91008 --a------ C:\WINDOWS\system32\hpttaeth.dll
2008-05-23 14:27:06 91008 --a------ C:\WINDOWS\system32\uymwjpvn.dll
2008-05-23 14:26:24 931842 --ahs---- C:\WINDOWS\system32\egOpqXbc.ini2
2008-05-23 14:26:21 315168 --a------ C:\WINDOWS\system32\cbXqpOge.dll
2008-05-22 21:22:50 100016 --a------ C:\WINDOWS\system32\euxolvlo.dll
2008-05-22 21:19:50 2560 --a------ C:\WINDOWS\system32\xwovsppw.exe
2008-05-22 21:17:07 90224 --a------ C:\WINDOWS\system32\mpylfhns.dll
2008-05-22 00:31:56 2560 --a------ C:\WINDOWS\system32\ykyxwxeg.exe
2008-05-22 00:28:56 99952 --a------ C:\WINDOWS\system32\kohsnclb.dll
2008-05-22 00:26:37 90208 --a------ C:\WINDOWS\system32\xrpeikkv.dll
2008-05-21 23:19:26 99952 --a------ C:\WINDOWS\system32\lwnufkae.dll
2008-05-21 23:13:26 2560 --a------ C:\WINDOWS\system32\lmqvitsw.exe
2008-05-21 23:11:09 90208 --a------ C:\WINDOWS\system32\pfvavpal.dll
2008-05-21 01:37:39 2560 --a------ C:\WINDOWS\system32\ployocgs.exe
2008-05-21 01:34:39 100000 --a------ C:\WINDOWS\system32\caymwiii.dll
2008-05-21 01:31:39 90224 --a------ C:\WINDOWS\system32\iaknjxrs.dll
2008-05-20 01:38:02 99984 --a------ C:\WINDOWS\system32\hdjsntwx.dll
2008-05-20 01:35:01 2560 --a------ C:\WINDOWS\system32\vdlqwffg.exe
2008-05-20 01:29:42 90208 --a------ C:\WINDOWS\system32\swukoniv.dll
2008-05-20 00:00:59 3337 --ahs---- C:\WINDOWS\system32\XyxHNqss.ini2
2008-05-20 00:00:55 314432 --a------ C:\WINDOWS\system32\ssqNHxyX.dll
2008-05-19 22:52:27 2560 --a------ C:\WINDOWS\system32\jbyavttf.exe
2008-05-19 22:47:08 90160 --a------ C:\WINDOWS\system32\oedogped.dll
2008-05-19 22:46:27 1002360 --ahs---- C:\WINDOWS\system32\gfLTAcfe.ini2
2008-05-19 22:46:20 314432 --a------ C:\WINDOWS\system32\efcATLfg.dll
2008-05-19 21:50:55 2560 --a------ C:\WINDOWS\system32\gvqiqcbo.exe
2008-05-19 20:59:55 2560 --a------ C:\WINDOWS\system32\eaoxdlfx.exe
2008-05-19 20:53:55 99856 --a------ C:\WINDOWS\system32\ovxiffku.dll
2008-05-19 20:50:55 90160 --a------ C:\WINDOWS\system32\mgvqiqcb.dll
2008-05-19 20:48:06 90160 --a------ C:\WINDOWS\system32\sgkxgbfq.dll
2008-05-19 18:42:19 2560 --a------ C:\WINDOWS\system32\qiudbbcm.exe
2008-05-19 18:39:19 99856 --a------ C:\WINDOWS\system32\fnergday.dll
2008-05-19 18:33:59 90160 --a------ C:\WINDOWS\system32\sghjowrh.dll
2008-05-18 18:37:58 2048 --a------ C:\WINDOWS\system32\exnprlkg.exe
2008-05-18 18:34:58 98880 --a------ C:\WINDOWS\system32\remhhlqt.dll
2008-05-18 18:32:42 90272 --a------ C:\WINDOWS\system32\rqhctqnn.dll
2008-05-18 14:00:43 2048 --a------ C:\WINDOWS\system32\ykvqftkr.exe
2008-05-18 13:54:44 98880 --a------ C:\WINDOWS\system32\qdkadagh.dll
2008-05-18 13:51:44 90272 --a------ C:\WINDOWS\system32\tqmtqwcd.dll
2008-05-17 13:59:28 2048 --a------ C:\WINDOWS\system32\myrtebmb.exe
2008-05-17 13:56:29 98960 --a------ C:\WINDOWS\system32\onwmqbqj.dll
2008-05-17 13:53:29 90224 --a------ C:\WINDOWS\system32\ccuowcvc.dll
2008-05-16 13:55:50 2048 --a------ C:\WINDOWS\system32\vympshsq.exe
2008-05-16 13:52:52 98896 --a------ C:\WINDOWS\system32\gjnlxaxc.dll
2008-05-16 13:50:39 82992 --a------ C:\WINDOWS\system32\ghlnxywy.dll
2008-05-16 13:50:30 90240 --a------ C:\WINDOWS\system32\ijcikvsd.dll
2008-05-16 13:49:48 1009390 --ahs---- C:\WINDOWS\system32\lRXFPXyb.ini2
2008-05-16 13:49:44 314448 --a------ C:\WINDOWS\system32\byXPFXRl.dll
2008-05-15 23:29:51 2048 --a------ C:\WINDOWS\system32\obwuxaxv.exe
2008-05-15 23:28:53 98960 --a------ C:\WINDOWS\system32\jevguvyr.dll
2008-05-15 23:28:21 90304 --a------ C:\WINDOWS\system32\rwhejoqy.dll
2008-05-15 23:27:40 1333486 --ahs---- C:\WINDOWS\system32\RqtAJRqr.ini2
2008-05-15 23:27:35 314480 --a------ C:\WINDOWS\system32\rqRJAtqR.dll
2008-05-15 22:15:07 2693 --ahs---- C:\WINDOWS\system32\xycLRXbc.ini2
2008-05-15 22:14:59 314480 --a------ C:\WINDOWS\system32\cbXRLcyx.dll
2008-05-15 15:37:03 98960 --a------ C:\WINDOWS\system32\kkfpsjmy.dll
2008-05-15 15:34:03 2048 --a------ C:\WINDOWS\system32\pocbvbgc.exe
2008-05-15 15:28:03 90304 --a------ C:\WINDOWS\system32\uwpgbvcg.dll
2008-05-15 13:24:41 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-15 12:41:08 0 d-------- C:\Program Files\Funcom
2008-05-15 06:19:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-14 15:34:04 2048 --a------ C:\WINDOWS\system32\tgeaueev.exe
2008-05-14 15:31:06 98928 --a------ C:\WINDOWS\system32\txkvaqgd.dll
2008-05-14 15:25:32 90208 --a------ C:\WINDOWS\system32\tvhffher.dll
2008-05-13 15:28:26 98944 --a------ C:\WINDOWS\system32\hlojoste.dll
2008-05-13 15:25:44 2048 --a------ C:\WINDOWS\system32\upjijsvp.exe
2008-05-13 15:25:25 90240 --a------ C:\WINDOWS\system32\ysbhrrhk.dll
2008-05-13 01:16:05 2112 --a------ C:\WINDOWS\system32\ymdaeaok.exe
2008-05-13 01:13:06 98928 --a------ C:\WINDOWS\system32\xeeyjwax.dll
2008-05-13 01:10:49 90240 --a------ C:\WINDOWS\system32\xlgsleoq.dll
2008-05-13 00:28:25 2048 --a------ C:\WINDOWS\system32\wwuilvpb.exe
2008-05-13 00:21:51 0 d-------- C:\Program Files\kaspersky
2008-05-13 00:01:40 98896 --a------ C:\WINDOWS\system32\qhxtvxdl.dll
2008-05-13 00:01:03 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-13 00:01:03 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-13 00:00:35 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-12 23:59:52 0 d-------- C:\program file
2008-05-12 23:59:21 90176 --a------ C:\WINDOWS\system32\rjcyacro.dll
2008-05-12 23:55:42 0 d-------- C:\Program Files\kav
2008-05-12 23:37:49 90240 --a------ C:\WINDOWS\system32\gkdqhyjt.dll
2008-05-12 23:37:08 1045439 --ahs---- C:\WINDOWS\system32\uBeLVvut.ini2
2008-05-12 23:37:02 314480 --a------ C:\WINDOWS\system32\tuvVLeBu.dll
2008-05-12 23:24:35 207136 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-12 23:24:35 3477536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-12 23:24:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-12 17:51:58 83008 --a------ C:\WINDOWS\system32\trijdpxr.dll
2008-05-12 17:48:58 2048 --a------ C:\WINDOWS\system32\eioucehs.exe
2008-05-12 17:45:59 98896 --a------ C:\WINDOWS\system32\nwohsebr.dll
2008-05-12 17:43:42 90176 --a------ C:\WINDOWS\system32\cmsbwiqv.dll
2008-05-12 17:42:56 1010087 --ahs---- C:\WINDOWS\system32\nqstuBeg.ini2
2008-05-12 14:51:56 314480 -----n--- C:\WINDOWS\system32\qoMcCrSL.dll
2008-05-12 14:45:01 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-11 15:52:33 98912 --a------ C:\WINDOWS\system32\qcnpkrdr.dll
2008-05-11 15:49:32 2048 --a------ C:\WINDOWS\system32\klpjyegv.exe
2008-05-11 15:46:40 83024 -----n--- C:\WINDOWS\system32\tctohgop.dll
2008-05-11 15:46:31 90208 --a------ C:\WINDOWS\system32\tsesmwhu.dll
2008-05-10 15:50:58 2048 --a------ C:\WINDOWS\system32\tmmeysiv.exe
2008-05-10 15:47:58 98896 --a------ C:\WINDOWS\system32\qhbxhdqq.dll
2008-05-10 15:45:03 90304 --a------ C:\WINDOWS\system32\xhdkcfjf.dll
2008-05-10 04:03:10 1942 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 03:49:54 0 d-------- C:\Program Files\Trend Micro
2008-05-10 03:48:05 0 d-------- C:\!KillBox
2008-05-10 03:28:32 68096 --a------ C:\WINDOWS\zip.exe
2008-05-10 03:28:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-10 03:28:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-10 03:28:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-10 03:28:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-10 03:28:32 98816 --a------ C:\WINDOWS\sed.exe
2008-05-10 03:28:32 80412 --a------ C:\WINDOWS\grep.exe
2008-05-10 03:28:32 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-10 02:57:31 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-10 02:27:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-10 02:27:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-10 02:27:06 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-10 02:27:05 25600 --a------ C:\WINDOWS\b2new.exe
2008-05-10 00:23:40 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-05-24 21:31:27 0 d-------- C:\Program Files\Steam
2008-05-24 20:31:22 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-24 18:36:54 0 d-------- C:\Program Files\PokerStars
2008-05-24 18:26:57 0 d-------- C:\Program Files\Common Files
2008-05-23 23:47:53 0 d-------- C:\Program Files\Messenger
2008-05-23 23:47:33 0 d-------- C:\Program Files\Movie Maker
2008-05-23 23:45:13 0 d-------- C:\Program Files\Windows NT
2008-05-23 22:30:30 0 d-------- C:\Program Files\Java
2008-05-19 20:47:09 0 d-------- C:\Program Files\World of Warcraft
2008-05-17 23:40:10 0 d-------- C:\Program Files\AIM6
2008-05-06 23:50:42 0 d-------- C:\Program Files\DivX
2008-03-31 14:14:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-03-29 22:59:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Acreon
2008-03-05 15:50:12 80896 --a------ C:\WINDOWS\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29C08A93-7F9A-4001-922F-FE3060E13DB4}]
C:\WINDOWS\System32\geButsqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65990097-F699-4216-9270-80572B89D23F}]
C:\WINDOWS\dopfwrlgfm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
C:\WINDOWS\System32\khfDsqqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E386FB01-A9D2-4411-9C76-A939CC5BC044}]
05/23/2008 02:26 PM 315168 --a------ C:\WINDOWS\System32\cbXqpOge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 12:32 PM C:\WINDOWS\KHALMNPR.Exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/05/2008 08:20 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 01:08 AM C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/04/2007 06:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 06:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [10/04/2007 06:14 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [10/04/2007 07:38 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"BM9fddb80b"="C:\WINDOWS\system32\yifjuwku.dll" [05/25/2008 08:32 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 02:43 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 12:56 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 09:15 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" []
"Softany Monitor Control"="C:\Program Files\Softany\Monitor Control\MonitorControl.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/06/2007 02:28 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [04/08/2008 10:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/6/2007 2:28:41 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINDOWS\System32\khfDsqqp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDsqqp]
khfDsqqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\cbXqpOge

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 ,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-26 15:06:23 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 6000+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 3071.36 MiB / 2469.93 MiB
Pagefile Memory (total/avail): 3679.04 MiB / 3253.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 6.66 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-00GVC0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\qqQs.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\qqQs.exe:*:Enabled:DHCP Client"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WESMANTO-RJI2CI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\WESMANTO-RJI2CI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=WESMANTO-RJI2CI
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Age of Conan - Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Catalyst Registration --> MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E}
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Microsoft Application Compatibility Toolkit 5.0 --> MsiExec.exe /X{BBB3F622-D848-4CDA-B282-CC53627432F0}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Videora iPod Converter 3.05 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\System32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
WinPcap 3.1 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type6682 / Error
Event Submitted/Written: 05/26/2008 03:55:21 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module nspr4.dll, version 4.6.8.0, fault address 0x000027a8.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type6681 / Error
Event Submitted/Written: 05/25/2008 10:47:21 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module nspr4.dll, version 4.6.8.0, fault address 0x000027a8.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type6680 / Error
Event Submitted/Written: 05/25/2008 03:38:09 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ageofconan.exe, version 1.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x69565c2e.
Processing media-specific event for [ageofconan.exe!ws!]

Event Record #/Type6679 / Error
Event Submitted/Written: 05/25/2008 02:17:27 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application AgeOfConan.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6674 / Warning
Event Submitted/Written: 05/24/2008 09:29:44 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9296 / Error
Event Submitted/Written: 05/26/2008 02:54:19 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type9294 / Warning
Event Submitted/Written: 05/25/2008 11:10:37 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type9243 / Warning
Event Submitted/Written: 05/24/2008 02:37:45 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type9068 / Error
Event Submitted/Written: 05/23/2008 10:18:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type9048 / Error
Event Submitted/Written: 05/23/2008 08:34:01 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-05-26 15:06:23 ------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:49 AM

Posted 27 May 2008 - 09:14 PM

Hello wesmantooth and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users