Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Anti Virus Programs Are Blocked,, Help Pls..

  • This topic is locked This topic is locked
3 replies to this topic

#1 blueraven301


  • Members
  • 3 posts
  • Local time:05:55 AM

Posted 06 June 2008 - 08:45 AM

Hi everyone!

Something weird is happening with my computer. During startup, 3 error messages appear:

The instruction at "0x549df6f9" reference memory at "0x549d6f9". The memory could not be "read".
Click OK to terminate the program.
Click on CANCEL to debug the program.


Error loading C:\Windows\System32\yojmnvrg.dll

The specified module could not be found.



The app module:

G:\Program Files \ antivir professional edition classic \ avgnt.exe

cannot be found or has been modified or destroyed. The AVGNT.exe cannot be started.
Please check your installation.

I've tried searching my computer for viruses and spywares using ad-aware, avira and super antispyware but that doesn't seem to work because they get mysteriously blocked and just leave me with error messages.

Any help would be greatly appreciated. Thx

Here's the log:

Deckard's System Scanner v20071014.68
Run by Carlo on 2008-06-07 05:25:26
Computer is in Normal Mode.

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-06-06 21:25:37 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-06 18:25:39 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.66 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-07 05:29:24
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.0.2800.1106)
Boot mode: Normal

Running processes:
G:\Program Files\AntiVir PersonalEdition Classic\sched.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe
D:\Program Files\QuickTime\QTTask.exe
G:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Program Files\uTorrent\uTorrent.exe
G:\Program Files\SuperAntispyware\SUPERAntiSpyware.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\Program Files\Mozilla Firefox\firefox.exe
G:\Downloads\Sarah Silverman Program\dss.exe
D:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: TBSB02678 - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - C:\Program Files\Quicknation\YouTubeDownload-Convert.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "G:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartupDelayer] "D:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [Internet Firewall Layer] tsqla.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebcamMaxMoniter] "g:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [BM33f8d09e] Rundll32.exe "C:\WINDOWS\System32\yojmnvrg.dll",s
O4 - HKLM\..\Run: [Microsoft Windows Update] ReKey.exe
O4 - HKLM\..\Run: [Windows USB Monitor] servupdate.exe
O4 - HKLM\..\RunServices: [Internet Firewall Layer] tsqla.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] ReKey.exe
O4 - HKLM\..\RunServices: [Windows USB Monitor] servupdate.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] ReKey.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SuperAntispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] ReKey.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] ReKey.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Network Service] Realteks.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] vuwlnrl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Internet Firewall Layer] tsqla.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Internet Security Service] mysqlwin32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Offical Disc] hhnwwyguvs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hotefix] msnmanegers.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Update] ReKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Update] ipil.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [hotefix] msnmanegers.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Windows Update] ReKey.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Network Service] Realteks.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Service Agent] vuwlnrl.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Internet Firewall Layer] tsqla.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Internet Security Service] mysqlwin32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Offical Disc] hhnwwyguvs.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [hotefix] msnmanegers.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Windows Update] ReKey.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Update] ipil.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [hotefix] msnmanegers.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Windows Update] ReKey.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk.disabled = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/chuzzle/popcaploader.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{71163CC3-4435-4E1E-948E-2A7FDFB7803F}: NameServer =
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SuperAntispyware\SASWINLO.dll
O20 - Winlogon Notify: jkkKefCu - C:\WINDOWS\System32\
O20 - Winlogon Notify: qomlkjg - C:\WINDOWS\System32\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: cag2bhw8gdhkx - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Microsoft Windows Update (flys.q8pilots.net) - Unknown owner - C:\WINDOWS\system32\ReKey.exe
O23 - Service: hha9fxb3pjwbh - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - D:\Program Files\Nero
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - D:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
O23 - Service: Windows Central Process - Unknown owner - C:\WINDOWS\system32\svshost.exe

End of file - 11163 bytes

-- HijackThis Fixed Entries (C:\Program Files\HijackThis\backups\) -------------

backup-20070905-201224-669 O23 - Service: cag2bhw8gdhkx - Unknown owner - C:\WINDOWS\system32\svshost.exe
backup-20070905-201224-879 O23 - Service: Windows NT Session Manager (WINNTSMSS) - Unknown owner - C:\WINDOWS\system\smss.exe (file missing)
backup-20070905-201224-890 O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
backup-20070905-201224-973 O4 - HKLM\..\Run: [mmsass] mmdmm.exe
backup-20071002-235131-246 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
backup-20071002-235131-522 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
backup-20071002-235132-192 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
backup-20080112-214353-207 O4 - HKLM\..\Run: [WinDLL (vinampd.exe)] rundll32.exe C:\WINDOWS\System32\vinampd.exe,start
backup-20080112-214353-382 O4 - HKLM\..\Run: [WinDLL (tqurity.exe)] rundll32.exe C:\WINDOWS\System32\tqurity.exe,start
backup-20080112-214353-477 O4 - HKLM\..\Run: [WinDLL (msygl32.exe)] rundll32.exe C:\WINDOWS\System32\msygl32.exe,start
backup-20080112-214353-986 O4 - HKLM\..\Run: [WinDLL (mysnlive.exe)] rundll32.exe C:\WINDOWS\System32\mysnlive.exe,start
backup-20080213-225854-533 O4 - HKLM\..\RunServices: [fafa] zqyd.exe
backup-20080213-225854-753 O4 - HKLM\..\Run: [pronto] zcyb.exe
backup-20080213-225854-773 O4 - HKLM\..\Run: [fafa] zqyd.exe
backup-20080213-225854-928 O4 - HKLM\..\RunServices: [pronto] zcyb.exe
backup-20080229-025733-941 O23 - Service: hha9fxb3pjwbh - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
backup-20080414-010043-186 O4 - HKCU\..\Run: [Offical Disc] hhnwwyguvs.exe
backup-20080414-010043-306 O4 - HKLM\..\Run: [Offical Disc] hhnwwyguvs.exe
backup-20080414-010043-791 O4 - HKLM\..\RunServices: [Offical Disc] hhnwwyguvs.exe
backup-20080414-010258-580 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
backup-20080422-132826-232 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20080422-132826-440 O4 - HKLM\..\RunServices: [Service Monitor] svhda.exe
backup-20080529-135702-700 O4 - HKLM\..\Run: [BM33f8d09e] Rundll32.exe "C:\WINDOWS\System32\ssaclgik.dll",s
backup-20080529-135702-783 O4 - HKLM\..\Run: [WebcamMaxMoniter] "g:\Program Files\WebcamMax\CAMTHINS.exe" /m
backup-20080602-231521-182 O20 - Winlogon Notify: qomlkjg - C:\WINDOWS\
backup-20080602-231521-285 O4 - HKLM\..\Run: [BM33f8d09e] Rundll32.exe "C:\WINDOWS\System32\yojmnvrg.dll",s
backup-20080602-231521-305 O4 - HKLM\..\Run: [WebcamMaxMoniter] "g:\Program Files\WebcamMax\CAMTHINS.exe" /m
backup-20080602-231521-460 O20 - Winlogon Notify: jkkKefCu - C:\WINDOWS\
backup-20080607-012225-284 O4 - HKLM\..\Run: [BM33f8d09e] Rundll32.exe "C:\WINDOWS\System32\yojmnvrg.dll",s
backup-20080607-012225-624 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20080607-012401-441 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20080607-012425-486 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20080607-012425-833 O20 - Winlogon Notify: qomlkjg - C:\WINDOWS\
backup-20080607-012425-983 O20 - Winlogon Notify: jkkKefCu - C:\WINDOWS\

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R2 sbbotdi - d:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>
R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - g:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S2 CamthWDM (WebcamMax, WDM Video Capture) - c:\windows\system32\drivers\camthwdm.sys <Not Verified; YewSoft; Cam Theme>
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys (file missing)
S3 CnxTrLan (Prolink 9000 USB Network Adapter Driver) - c:\windows\system32\drivers\cnxtrlan.sys <Not Verified; Conexant; Conexant USB Network Device>
S3 CnxTrUsb (Prolink 9000 USB Network Interface Device Driver) - c:\windows\system32\drivers\cnxtrusb.sys <Not Verified; Conexant; Conexant USB Network Device>
S3 ISOUSB (Vimicro UVC generic driver) - c:\windows\system32\drivers\vgeneric.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 s3chipid - c:\docume~1\carlo\locals~1\temp\s3chipid.sys (file missing)
S3 SiS7012 (Service for AC'97 Sample Driver (WDM)) - c:\windows\system32\drivers\sis7012.sys <Not Verified; Silicon Integrated Systems Corporation; SiS 7012 Audio Device WDM Driver>
S3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
S3 VMUVC (Vimicro Camera Service VMUVC) - c:\windows\system32\drivers\vmuvc.sys <Not Verified; Vimicro Corporation; Vimicro USB Video Class Camera>
S3 vvftUVC (Vimicro Camera Filter Service VMUVC) - c:\windows\system32\drivers\vvftuvc.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "g:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 SimpTcp (Simple TCP/IP Services) - c:\windows\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R4 flys.q8pilots.net (Microsoft Windows Update) - "c:\windows\system32\rekey.exe" -netsvcs

S2 aawservice (Ad-Aware 2007 Service) - "d:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
S2 Windows Central Process - "c:\windows\system32\svshost.exe" (file missing)
S3 NBService - d:\program files\nero 7\nero backitup\nbservice.exe
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 cag2bhw8gdhkx - "c:\windows\system32\svshost.exe" (file missing)
S4 hha9fxb3pjwbh - "c:\windows\system32\svshost.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-05 13:00:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-02 15:00:01 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job

-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 05:29:59 63 --a------ C:\WINDOWS\System32\x
2008-06-07 05:29:42 655360 --a------ C:\WINDOWS\System32\msoft68024.exe
2008-06-07 04:55:27 0 --a------ C:\adware.exe
2008-06-07 04:54:25 385024 --a------ C:\WINDOWS\System32\hqghumea.dll
2008-06-07 03:51:11 476030 --a------ C:\WINDOWS\System32\ReKey.exe
2008-06-07 02:38:36 0 dr-h----- C:\Documents and Settings\Carlo\Recent
2008-06-07 02:00:10 0 d-------- C:\Documents and Settings\Administrator.ELEAZAR-MMEQJPZ\Application Data\SUPERAntiSpyware.com
2008-06-07 01:52:01 0 d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-06-07 01:39:14 77912 --a------ C:\WINDOWS\System32\udn.exe
2008-06-07 01:39:14 66415 --a------ C:\WINDOWS\System32\dfsgfg.exe
2008-06-07 01:38:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 01:38:00 1059840 --a------ C:\WINDOWS\System32\msoft53576.exe <Not Verified; Microsoft® Windows Defender 32Bit Driver; Microsoft® Windows® Operating System>
2008-06-07 01:31:52 79 --a------ C:\WINDOWS\System32\i
2008-06-06 08:50:10 193536 --a------ C:\WINDOWS\System32\avvg.exe
2008-06-05 22:34:05 0 d--hs---- C:\WINDOWS\ftpcache
2008-06-05 15:27:26 1050112 -----n--- C:\WINDOWS\System32\msoft01088.exe <Not Verified; Microsoft® Windows Defender 32Bit Driver; Microsoft® Windows® Operating System>
2008-06-05 15:20:27 0 d-------- C:\Program Files\AceLogix
2008-06-04 17:35:31 191259 -r-hs---- C:\WINDOWS\System32\servupdate.exe
2008-06-03 19:07:20 50702 -r-hs---- C:\WINDOWS\winthcr.exe
2008-06-02 21:35:19 27 --a------ C:\WINDOWS\System32\kuki.VIR
2008-05-29 16:59:47 0 d-------- C:\Program Files\FreeFixer
2008-05-27 16:34:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-05-27 16:34:27 305152 -r-hs---- C:\WINDOWS\System32\fada.exe
2008-05-27 16:30:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webcammax
2008-05-24 13:14:52 164352 --a------ C:\WINDOWS\System32\unrar.dll
2008-05-24 13:14:49 217088 --a------ C:\WINDOWS\System32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-24 13:14:49 183808 --a------ C:\WINDOWS\System32\Ir50_qcx.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.10 Quick Compressor>
2008-05-24 13:14:49 200192 --a------ C:\WINDOWS\System32\Ir50_qc.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.10 Quick Compressor>
2008-05-24 13:14:49 755200 --a------ C:\WINDOWS\System32\Ir50_32.dll <Not Verified; Intel Corporation; Intel Indeo® video 5.10>
2008-05-24 13:14:49 144384 --a------ C:\WINDOWS\System32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2008-05-24 13:14:49 39936 --a------ C:\WINDOWS\System32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2008-05-24 13:14:48 159839 --a------ C:\WINDOWS\System32\xvidvfw.dll
2008-05-24 13:14:48 755027 --a------ C:\WINDOWS\System32\xvidcore.dll
2008-05-24 13:14:48 612864 --a------ C:\WINDOWS\System32\x264vfw.dll
2008-05-24 13:14:48 630784 --a------ C:\WINDOWS\System32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-05-24 13:14:48 438272 --a------ C:\WINDOWS\System32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-05-24 13:14:48 338432 --a------ C:\WINDOWS\System32\Ir41_qcx.dll <Not Verified; Intel Corporation.; Intel Indeo® Video Interactive Quick Compressor>
2008-05-24 13:14:48 120320 --a------ C:\WINDOWS\System32\Ir41_qc.dll <Not Verified; Intel Corporation.; Intel Indeo® Video Interactive Quick Compressor>
2008-05-24 13:14:46 682496 --a------ C:\WINDOWS\System32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-24 13:14:45 7680 --a------ C:\WINDOWS\System32\ff_vfw.dll
2008-05-24 13:12:52 0 d-------- C:\Documents and Settings\Carlo\Application Data\Media Player Classic
2008-05-18 22:34:41 0 d-------- C:\Documents and Settings\Carlo\Application Data\r2 Studios
2008-05-18 22:34:41 0 d-------- C:\Documents and Settings\All Users\Application Data\r2 Studios
2008-05-18 14:07:19 197 --ahs---- C:\Program Files\Common Files\maxtreme.dat
2008-05-18 14:04:57 0 d-------- C:\Documents and Settings\Carlo\Application Data\Webcammax
2008-05-11 16:24:51 0 d-------- C:\Program Files\iPod

-- Find3M Report ---------------------------------------------------------------

2008-06-07 05:22:19 0 d-------- C:\Documents and Settings\Carlo\Application Data\uTorrent
2008-06-07 03:59:30 0 d-------- C:\Program Files\DivX
2008-06-07 01:39:00 0 d-------- C:\Documents and Settings\Carlo\Application Data\SUPERAntiSpyware.com
2008-06-07 00:40:08 0 d-------- C:\Program Files\Common Files
2008-06-01 16:17:47 2500 --a------ C:\WINDOWS\System32\tmp.reg
2008-06-01 15:51:02 0 d-------- C:\Documents and Settings\Carlo\Application Data\BSplayer Pro
2008-05-19 16:22:36 668 --a------ C:\Documents and Settings\Carlo\Application Data\vso_ts_preview.xml
2008-05-19 16:22:36 0 d-------- C:\Documents and Settings\Carlo\Application Data\Vso
2008-05-18 22:57:34 0 d-------- C:\Documents and Settings\Carlo\Application Data\Auslogics
2008-05-11 17:07:43 0 d-------- C:\Documents and Settings\Carlo\Application Data\DVD Flick
2008-04-18 13:49:59 0 d-------- C:\Documents and Settings\Carlo\Application Data\Adobe
2008-04-13 18:21:47 2550 --a----c- C:\WINDOWS\unins000.dat
2008-04-13 18:19:19 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-04 12:08:22 332 --a----c- C:\WINDOWS\desctemp.dat
2008-03-25 12:12:46 1007 --a------ C:\Documents and Settings\Carlo\Application Data\NMM-MetaData.db

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-05 04:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-05 04:06 1135968]


"SoundMan"="SOUNDMAN.EXE" [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe]
"avgnt"="G:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-21 18:05]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-10-10 13:28]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"StartupDelayer"="D:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2007-12-14 17:11]
"Internet Firewall Layer"="tsqla.exe" []
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"WebcamMaxMoniter"="g:\Program Files\WebcamMax\CAMTHINS.exe" [2006-07-20 21:25]
"BM33f8d09e"="C:\WINDOWS\System32\yojmnvrg.dll" []
"Microsoft Windows Update"="ReKey.exe" [2008-06-07 03:52 C:\WINDOWS\system32\ReKey.exe]
"Windows USB Monitor"="servupdate.exe" [2008-06-04 17:40 C:\WINDOWS\system32\servupdate.exe]

"RamBooster"="C:\Program Files\RamBooster 2.0\Rambooster.exe" [2005-11-17 07:32]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-30 18:20]
"SUPERAntiSpyware"="G:\Program Files\SuperAntispyware\SUPERAntiSpyware.exe" [2008-02-01 13:48]
"Microsoft Windows Update"="ReKey.exe" [2008-06-07 03:52 C:\WINDOWS\system32\ReKey.exe]

"Microsoft Windows Update"=ReKey.exe

"Microsoft Windows Update"=ReKey.exe

"Internet Firewall Layer"=tsqla.exe
"Microsoft Windows Update"=ReKey.exe
"Windows USB Monitor"=servupdate.exe

"Microsoft Windows Update"=ReKey.exe

"Windows Network Service"=Realteks.exe
"Windows Service Agent"=vuwlnrl.exe
"Internet Firewall Layer"=tsqla.exe
"Internet Security Service"=mysqlwin32.exe
"Offical Disc"=hhnwwyguvs.exe
"Microsoft Windows Update"=ReKey.exe
"Windows Update"=ipil.exe

C:\Documents and Settings\Carlo\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-04-30 21:37:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2006-05-04 22:15:58]
BlueSoleil.lnk.disabled [2006-09-16 20:57:02]

"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

"NoToolbarsOnTaskbar"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 G:\Program Files\SuperAntispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKefCu]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlkjg]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\STARDOCK\OBJECT~2\WINDOW~1\fastload.dll 2001-12-20 22:34 24576 C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]


"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-- End of Deckard's System Scanner: finished at 2008-06-07 05:30:22 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 766.48 MiB / 446.68 MiB
Pagefile Memory (total/avail): 2772.21 MiB / 2438.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.75 MiB

C: is Fixed (NTFS) - 5.78 GiB total, 1.04 GiB free.
D: is Fixed (FAT32) - 31.48 GiB total, 15.16 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 149.05 GiB total, 93.67 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG HD161HJ - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - G:

\\.\PHYSICALDRIVE1 - ST340016A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 5.78 GiB - C:
\PARTITION1 - Unknown - 31.49 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Carlo\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
HOMEPATH=\Documents and Settings\Carlo
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;D:\PROGRA~1\Borland\CBUILD~1\Bin;D:\PROGRA~1\Borland\CBUILD~1\Projects\Bpl;D:\Program Files\QuickTime\QTSystem;D:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Ulead Systems\MPEG
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
ProgramFiles=C:\Program Files
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
USERPROFILE=C:\Documents and Settings\Carlo

-- User Profiles ---------------------------------------------------------------

Carlo (admin)
Administrator.ELEAZAR-MMEQJPZ (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\SIS7012\UNINST\unDrvApp.exe C:\Program Files\SIS7012\UNINST\uninst.exe
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Abander TagControl --> D:\Program Files\Abander TagControl\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"D:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Allok 3GP PSP MP4 iPod Video Converter 2.6.2 --> "D:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\unins000.exe"
Anonymity Gateway 2.7 --> "D:\Program Files\Anonymity Gateway\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ashampoo StartUp Tuner 2.00 --> "D:\Program Files\Ashampoo\Ashampoo StartUp Tuner 2\unins000.exe"
AudioShell 1.3.5 --> "C:\Program Files\AudioShell\unins000.exe"
AusLogics BoostSpeed --> "D:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag --> "D:\Program Files\AusLogics Disk Defrag\unins000.exe"
AusLogics System Information --> "D:\Program Files\AusLogics System Information\unins000.exe"
AV Voice Changer Software 3.0 --> D:\PROGRA~1\AVVCS3~1.0\UNWISE.EXE D:\PROGRA~1\AVVCS3~1.0\INSTALL.LOG
AVG Anti-Spyware 7.5 --> G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal – Free Antivirus --> G:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Blobs Peg Solitaire v2.05 --> "C:\Program Files\NCBuy\Blobs Peg Solitaire\unins000.exe"
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
BookWorm Deluxe 1.02 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
Borland C++Builder 6 --> MsiExec.exe /I{2864C41B-EF2D-4640-95A2-526276524519}
BS.Player FREE powered by AdVantage --> "D:\Program Files\Webteh\BSplayer\uninstall.exe"
BS.Player PRO --> "d:\Program Files\Webteh\BSplayerPro\uninstall.exe"
Cacheman 5.50 --> D:\PROGRA~1\CACHEMAN\UNWISE.EXE D:\PROGRA~1\CACHEMAN\install.dat
Camfrog Video Chat 3.94 (remove only) --> "G:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
CCleaner (remove only) --> "G:\Program Files\CCleaner\uninst.exe"
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
Chikka Txt Messenger V4 --> C:\PROGRA~1\ChikkaV4\Uninstaller.exe
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
ConvertXtoDVD --> "D:\Program Files\VSO\ConvertX\3\unins000.exe"
DFX 8 for Winamp --> "D:\Program Files\Winamp\uninstall_dfx.exe"
DH Driver Cleaner Professional Edition --> D:\Program Files\Driver Cleaner Pro\Uninstall.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dog2 Screen Saver --> C:\WINDOWS\dog2.scr /u
dog4 Screen Saver --> C:\WINDOWS\dog4.scr /u
DVD Flick --> "D:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2 --> "G:\Program Files\DVD Shrink\unins000.exe"
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Easy Video Joiner 5.01 --> "D:\Program Files\Easy Video Joiner\unins000.exe"
Easy Video Splitter 1.26 --> "D:\Program Files\Easy Video Splitter\unins000.exe"
FireTune --> C:\WINDOWS\iun6002.exe "D:\Program Files\FireTune\irunin.ini"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623 --> "D:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
Free Mp3 Wma Converter V 1.7.2 --> "D:\Program Files\Free Audio Pack\unins000.exe"
Free Ram Optimizer XP 1.0 --> "C:\Program Files\AceLogix\Free Ram Optimizer\unins000.exe"
FreeFixer --> "C:\Program Files\FreeFixer\Uninstall.exe" "C:\Program Files\FreeFixer\install.log"
getPlus®_dll --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
GFX Sound Enhancer --> "D:\Program Files\Winamp\uninstall_gfx.exe"
Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
GunboundWC --> "G:\Program Files\softnyx\unins000.exe"
HangARoo v2.05 --> "C:\Program Files\NCBuy\HangARoo\unins000.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Carlo\Desktop\carlo\HijackThis.exe /uninstall
HP Deskjet 3740 --> msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
K-Lite Mega Codec Pack 3.8.0 --> "d:\Program Files\K-Lite Codec Pack\unins000.exe"
Kate's Video Cutter 2.8.4 --> "G:\Program Files\Kate's Video Cutter\unins000.exe"
Kate's Video Joiner 2.8.4 --> "G:\Program Files\Kate's Video Joiner\unins000.exe"
LimeWire PRO 4.14.10 --> "D:\Program Files\LimeWire\uninstall.exe"
Malware Removal Tool --> "d:\Program Files\Malware Removal Tool\unins000.exe"
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobiMB Mobile Media Browser --> C:\Program Files\MobiMB Mobile Media Browser\_Unins.exe
MozBackup 1.4.7 --> "d:\Program Files\MozBackup\unins000.exe"
Mozilla Firefox ( --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
mp3Tag 5.9 --> "G:\Program Files\mp3Tag 5\unins000.exe"
Mp3tag v2.40 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
Multilingual Speaking Clock 2.5 --> "C:\Program Files\Speaking Clock\unins000.exe"
MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe
Nero 6 Enterprise Edition --> D:\Program Files\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
Nero 7 Essentials --> MsiExec.exe /X{A2104078-AAA5-449E-95DD-55C9443A1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia Multimedia Converter Pro v2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Nokia\MMConverterPro2\Setup\{08A4C07B-204D-11D6-AF25-00B0D0797201}\Setup.exe"
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Updater --> MsiExec.exe /X{FE5D756F-71E1-47C4-972A-D6775344B40B}
Norton Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PCI Audio Applications --> C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PFConfig 1.0.144 --> D:\Program Files\PFConfig\uninst.exe
PolarClock3 Screen Saver --> C:\WINDOWS\System32\PolarClock3.scr /u
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RamBooster --> C:\Program Files\RamBooster 2.0\Uninst.exe /pid:{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} /asd
ReadManiac 2.5.2 --> "D:\Program Files\ReadManiac\unins000.exe"
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RTLSetup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\SETUP.EXE" -l0x9 REMOVE
SecurDisc Viewer --> MsiExec.exe /X{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033}
SiteGenWiz 1.6 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Enersoft\SiteGenWiz\Uninst.isu"
Softcam 1.5 --> C:\Program Files\Luminositi\SoftCam1.5\SCUninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy --> "C:\WINDOWS\unins000.exe"
SpywareBlaster v3.5.1 --> "G:\Program Files\SpywareBlaster\unins000.exe"
SRS Audio Sandbox --> MsiExec.exe /X{8CC471A6-26FD-450E-A636-D985AE467A9D}
Startup Delayer v2.3 (build 130) --> D:\Program Files\r2 Studios\Startup Delayer\Uninstall.exe
Startup Optimizer 1.6 --> "D:\Program Files\Startup Optimizer\unins000.exe"
StumbleUpon Alerter --> "G:\Program Files\StumbleUpon Alerter\unins000.exe"
Super Screen Recorder 4.0 --> "D:\Program Files\Zeallsoft\Super Screen Recorder\unins000.exe"
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tag&Rename 3.4.5 --> "G:\Program Files\TagRename\unins000.exe"
TMPGEnc DVD Author 3 with DivX Authoring --> MsiExec.exe /I{3E9F2540-DD55-42FB-8EB6-5508EEC54013}
Total Video2DVD Author 2.01 --> "G:\Program Files\Total Video2DVD Author\unins000.exe"
Tweak UI --> "C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Ulead DVD MovieFactory 6 --> C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
Ulead VideoStudio 11 --> C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
Uniblue RegistryBooster 2 --> "g:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VideoLAN VLC media player 0.8.6c --> G:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.07 --> G:\joyce\Video Converter 3\uninstaller.exe
Vimicro UVC USB2.0 PC Camera --> C:\Program Files\InstallShield Installation Information\{71A51A91-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
Webcam and Screen Recorder 4.5.6 --> "d:\Program Files\Webcam and Screen Recorder\unins000.exe"
Winamp --> "D:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
WinAVIVideoConverter --> "D:\Program Files\WinAVIVideoConverter\unins000.exe"
WinDirStat 1.1.2 --> "D:\Program Files\WinDirStat\Uninstall.exe"
Windows Driver Package - Nokia Modem (06/12/2006 --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Installer 3.0 (KB884016) --> C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
WinDS PRO --> "C:\WINDOWS\WinDS PRO\uninstall.exe" "/U:g:\Program Files\WinDS PRO\Uninstall\uninstall.xml"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wise Registry Cleaner 2.9.1 --> "G:\Program Files\Wise Registry Cleaner\unins000.exe"
XSound Enhancer for Winamp 5.x --> "D:\Program Files\Winamp\uninstall_xsound.exe"
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
Youtube-Download-Convert-Toolbar --> regsvr32 /u /s "C:\Program Files\Quicknation\YouTubeDownload-Convert.dll"
ZSMC USB PC Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\Setup.exe" -l0x9

-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.

-- End of Deckard's System Scanner: finished at 2008-06-07 05:30:22 ------------

BC AdBot (Login to Remove)


#2 Thunder


  • Members
  • 3,294 posts
  • Gender:Male
  • Location:Belgium
  • Local time:11:55 PM

Posted 07 June 2008 - 01:35 PM

Hello Blueraven301 and welcome to BleepingComputer,

Print these instructions or save them to your Desktop as a text file,
since you'll need to reboot in safe mode (without networking support), so you'll be unable to connect here.

1. Download SDFix and save it to your Desktop.

Boot your computer in Safe Mode :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows window appears, tap the F8 key continually;
  • Instead of loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Now run SDFix.exe
  • In Safe Mode, double click the SDFix.exe file. Click Install.
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to start SDFix.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt in your next reply, with a new HijackThis log
2. Please visit this webpage for instructions for downloading and running ComboFix:


Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!


Edited by Thunder, 07 June 2008 - 01:36 PM.

Whatever happens, make believe it was intended to ...
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 blueraven301

  • Topic Starter

  • Members
  • 3 posts
  • Local time:05:55 AM

Posted 08 June 2008 - 11:50 PM

Sorry, I couldn't wait for someone to reply so I just decided to reinstall windows. Everything's better now.

#4 Thunder


  • Members
  • 3,294 posts
  • Gender:Male
  • Location:Belgium
  • Local time:11:55 PM

Posted 09 June 2008 - 08:36 AM

Thanks for the feedback, Blueraven301

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
Stand Up & Be Counted --> Posted Image <-- And make a difference

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users