Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection / Ad Popups


  • Please log in to reply
1 reply to this topic

#1 B00mer

B00mer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 10 June 2008 - 03:59 PM

Hey Guys,

My pc been infected by Virtumonde and ad popups for the last few days. Symptoms include, browser (Firefox) extremely slow to load web pages as well random ad popups. Also Spybot picked up Virtumonde and tried removing it bit it wasn't successfully. Also my pc CPU was running at 100% most of the time with winlogin.exe taking almost 50%f the cpu usage which is unusual.

After using VirtumundoBeGone.exe & VundoFix.exe the cpu usage seem to behave somewhat allowing me open up applications.... but it does randomly still goes up to 100% with out even doing anything. I also still get random popups which is really annoying.... so I don't think the problem is still fixed. I tried running Kaspersky Online Scanner as suggested by you guide but it kept on crashing because of all the ad popups.

I ran HijackThis and here are the log files.... Any help is greatly appreciated.


Deckard's System Scanner v20071014.68
Run by Kay on 2008-06-11 04:23:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-06-10 18:23:16 UTC - RP344 - Deckard's System Scanner Restore Point
8: 2008-06-10 10:26:18 UTC - RP343 - System Checkpoint
7: 2008-06-09 09:23:07 UTC - RP342 - Last known good configuration
6: 2008-06-09 09:23:01 UTC - RP341 - Software Distribution Service 3.0
5: 2008-06-09 09:23:01 UTC - RP340 - System Checkpoint


-- First Restore Point --
1: 2008-06-09 09:23:01 UTC - RP336 - Installed ESET NOD32 Antivirus


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 04:27:37
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Valve\Steam\Steam.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Downloads\Firefox\dss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: {342f98c3-59d6-f029-b6a4-85085a77fa70} - {07af77a5-8058-4a6b-920f-6d953c89f243} - C:\WINDOWS\system32\xcbydqhr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95625B2F-398B-4E07-8A72-445B0B7C60DF} - C:\WINDOWS\system32\fCRLcbbA.dll (file missing)
O2 - BHO: (no name) - {9B77B961-370D-4118-BFC6-E90A8A17BF8C} - C:\WINDOWS\system32\nnnmkkLd.dll
O2 - BHO: (no name) - {BF0CA4FC-6378-4062-B546-3CDE8A28B1E0} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Program Files\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [989dce2c] rundll32.exe "C:\WINDOWS\system32\udkthapu.dll",b
O4 - HKLM\..\Run: [BM9baefdb0] Rundll32.exe "C:\WINDOWS\system32\nbyyjwuo.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BootSkin Randomizer] "D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /cycle
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DLD.EXE] D:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8410] command /c del "C:\WINDOWS\system32\fCRLcbbA.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189499335687
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: efcCuTNf - C:\WINDOWS\system32\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINDOWS\system32\pr2agnqb.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe


--
End of file - 11087 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 lfsfilt (Lean File Sharing) - c:\windows\system32\drivers\lfsfilt.sys <Not Verified; XIMETA, Inc.; NDAS® Software>
R0 lpx (LPX Protocol) - c:\windows\system32\drivers\lpx.sys <Not Verified; XIMETA, Inc.; NDAS® Software>
R0 MDPMGRNT - c:\windows\system32\drivers\mdpmgrnt.sys <Not Verified; Mediafour Corporation; Mediafour MacDrive>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R1 MDFSYSNT - c:\windows\system32\drivers\mdfsysnt.sys <Not Verified; Mediafour Corporation; MacDrive>
R3 ASUSVRC (ASUSTeK Virtual Capture Device) - c:\windows\system32\drivers\asusvrc.sys <Not Verified; ASUSTeK COMPUTER INC.; Microsoft® Windows NT® Operating System>
R3 ndasbus (NDAS Bus Driver) - c:\windows\system32\drivers\ndasbus.sys <Not Verified; XIMETA, Inc.; NDAS® Software>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 ndasscsi (NDAS SCSI Miniport Driver) - c:\windows\system32\drivers\ndasscsi.sys <Not Verified; XIMETA, Inc.; NDAS® Software>
S3 SeratoUsb (SeratoUsb driver) - c:\windows\system32\drivers\seratousb.sys <Not Verified; Cristalink Ltd; Serato USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ekrn (Eset Service) - "c:\program files\eset\eset nod32 antivirus\ekrn.exe" <Not Verified; ESET; ESET Smart Security>
R2 LckFldService - c:\windows\system32\lckfldservice.exe <Not Verified; ; LckFldService>
R2 ndassvc (NDAS Service) - "c:\program files\ndas\system\ndassvc.exe" <Not Verified; XIMETA, Inc.; NDAS® Software>
R2 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
Description: Enhanced Display Driver Helper Service
Device ID: ROOT\ASUSOTHERDEVICES\0000
Manufacturer: ASUSTeK
Name: Enhanced Display Driver Helper Service
PNP Device ID: ROOT\ASUSOTHERDEVICES\0000
Service: asuskbnt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ASUS Virtual Video Capture Device Driver
Device ID: SW\{3282D58C-E6CC-4290-976C-28942C85CD9B}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: ASUSTeK
Name: ASUS Virtual Video Capture Device Driver
PNP Device ID: SW\{3282D58C-E6CC-4290-976C-28942C85CD9B}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: asusgsb


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 03:06:51 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-04 18:26:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-15 22:25:49 150 --a------ C:\WINDOWS\Tasks\Backup COD4 Profile.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 01:04:09 0 d-------- C:\VundoFix Backups
2008-06-11 00:42:34 92160 --a------ C:\WINDOWS\system32\udkthapu.dll
2008-06-11 00:41:25 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-11 00:39:33 109056 --a------ C:\WINDOWS\system32\xcbydqhr.dll
2008-06-11 00:37:14 100352 --a------ C:\WINDOWS\system32\nbyyjwuo.dll
2008-06-11 00:36:33 399260 --ahs---- C:\WINDOWS\system32\dLkkmnnn.ini2
2008-06-11 00:36:30 347136 --a------ C:\WINDOWS\system32\nnnmkkLd.dll
2008-06-10 07:32:47 109056 --a------ C:\WINDOWS\system32\brnfvcdd.dll
2008-06-10 07:29:03 92160 --a------ C:\WINDOWS\system32\eyqkwvbu.dll
2008-06-10 07:25:55 100864 --a------ C:\WINDOWS\system32\tqxkivoy.dll
2008-06-09 20:42:49 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-09 19:23:44 92160 --a------ C:\WINDOWS\system32\soqgrhqu.dll
2008-06-09 19:22:51 392372 --ahs---- C:\WINDOWS\system32\AbbcLRCf.ini2
2008-06-09 19:18:15 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-06-09 19:18:15 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-06-09 19:18:15 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-06-09 19:18:15 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-06-09 19:18:14 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-06-09 19:18:13 0 d-------- C:\Program Files\VSO
2008-06-09 06:24:42 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-05 23:49:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\DivX
2008-06-05 22:37:05 0 d-------- C:\Program Files\TVersity
2008-06-05 22:09:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-06-05 21:56:51 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-05 21:56:50 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-06-05 21:56:49 0 d-------- C:\Program Files\ffdshow
2008-06-05 00:48:10 0 d-------- C:\Program Files\Azureus
2008-06-04 04:21:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-04 04:21:28 0 d-------- C:\Documents and Settings\Kay\Application Data\Azureus
2008-06-03 23:01:38 0 d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-06-03 21:03:11 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-06-03 21:03:11 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-06-03 20:45:40 0 d-------- C:\Documents and Settings\Kay\Application Data\Sunbelt Software
2008-06-03 20:45:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-06-03 20:45:03 0 d-------- C:\Program Files\Sunbelt Software
2008-06-02 20:45:06 0 d-------- C:\Program Files\SpeedFan
2008-06-02 19:52:20 0 d-------- C:\WINDOWS\Prefetch
2008-06-02 19:46:55 0 d-------- C:\WINDOWS\system32\scripting
2008-06-02 19:46:55 0 d-------- C:\WINDOWS\system32\en
2008-06-02 19:46:55 0 d-------- C:\WINDOWS\system32\bits
2008-06-02 19:46:55 0 d-------- C:\WINDOWS\l2schemas
2008-06-02 19:45:12 0 d-------- C:\WINDOWS\ServicePackFiles


-- Find3M Report ---------------------------------------------------------------

2008-06-11 00:41:25 0 d-------- C:\Program Files\Common Files
2008-06-10 17:52:52 0 d-------- C:\Documents and Settings\Kay\Application Data\Vso
2008-06-10 17:52:47 1361672 --a------ C:\Documents and Settings\Kay\Application Data\vso_ts_preview.xml
2008-06-10 01:13:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-09 19:18:43 34 --a------ C:\Documents and Settings\Kay\Application Data\pcouffin.log
2008-06-09 19:18:30 47360 --a------ C:\Documents and Settings\Kay\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-09 19:18:30 1144 --a------ C:\Documents and Settings\Kay\Application Data\pcouffin.inf
2008-06-09 19:18:30 7887 --a------ C:\Documents and Settings\Kay\Application Data\pcouffin.cat
2008-06-03 22:50:17 0 d-------- C:\Program Files\RegRecall
2008-06-02 20:21:08 0 d-------- C:\Documents and Settings\Kay\Application Data\Skype
2008-06-02 19:47:16 0 d-------- C:\Program Files\Messenger
2008-06-02 19:46:55 0 d-------- C:\Program Files\Movie Maker
2008-06-02 19:44:59 0 d-------- C:\Program Files\Windows NT
2008-06-02 19:03:51 0 d-------- C:\Documents and Settings\Kay\Application Data\Xfire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07af77a5-8058-4a6b-920f-6d953c89f243}]
11/06/2008 12:39 AM 109056 --a------ C:\WINDOWS\system32\xcbydqhr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95625B2F-398B-4E07-8A72-445B0B7C60DF}]
C:\WINDOWS\system32\fCRLcbbA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B77B961-370D-4118-BFC6-E90A8A17BF8C}]
11/06/2008 12:36 AM 347136 --a------ C:\WINDOWS\system32\nnnmkkLd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF0CA4FC-6378-4062-B546-3CDE8A28B1E0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 04:14 PM]
"RTHDCPL"="RTHDCPL.EXE" [14/11/2006 07:21 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 08:04 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/07/2007 03:02 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/07/2007 03:06 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [20/02/2008 11:06 AM]
"@"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [28/11/2007 12:57 PM]
"989dce2c"="C:\WINDOWS\system32\udkthapu.dll" [11/06/2008 12:42 AM]
"BM9baefdb0"="C:\WINDOWS\system32\nbyyjwuo.dll" [11/06/2008 12:37 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 10:12 AM]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [02/04/2007 09:16 PM]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 08:29 AM]
"BootSkin Randomizer"="D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [24/03/2004 01:37 PM]
"Steam"="D:\Program Files\Valve\Steam\\Steam.exe" [02/06/2008 07:53 PM]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 01:39 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 03:45 PM]
"DLD.EXE"="D:\Program Files\Download Direct\DLD.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 07:05 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB8410"=command /c del "C:\WINDOWS\system32\fCRLcbbA.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

C:\Documents and Settings\Kay\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - D:\Program Files\Stardock\ObjectDock\ObjectDock.exe [6/17/2007 3:40:05 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [7/14/2007 12:17:23 PM]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe [3/20/2006 3:40:20 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{97D73E65-3344-4034-A427-7D08EEB27B59}\Icon3E5562ED7.ico [12/27/2007 4:36:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcCuTNf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 13/03/2007 10:57 AM 221184 D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnmkkLd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a04a3fe-dc1c-11dc-9138-001a4d42126c}]
AutoRun\command- H:\Autorun.exe /run
Shell00\Command- H:\Autorun.exe /run
Shell01\Command- H:\Autorun.exe /action
Shell02\Command- H:\Autorun.exe /uninstall

*Newly Created Service* - SBAPIFS



-- End of Deckard's System Scanner: finished at 2008-06-11 04:29:44 ------------
















Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 2046.42 MiB / 1258.99 MiB
Pagefile Memory (total/avail): 3938.31 MiB / 3180.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.59 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 46.15 GiB free.
D: is Fixed (NTFS) - 298.08 GiB total, 187.34 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Fixed (NTFS) - 55.87 GiB total, 3.46 GiB free.
I: is Fixed (FAT32) - 931.28 GiB total, 459.62 GiB free.

\\.\PHYSICALDRIVE1 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 298.08 GiB - D:

\\.\PHYSICALDRIVE0 - ST380817AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE2 - FUJITSU MHT2060AH PL USB Device - 55.89 GiB - 0 partitions

\\.\PHYSICALDRIVE3 - ST96812A USB Device - 55.89 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 55.87 GiB - H:

\\.\PHYSICALDRIVE4 - WD 10EACS External USB Device - 931.51 GiB - 1 partition
\PARTITION0 - Unknown - 931.51 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kay\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SKYBLASTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kay
LOGONSERVER=\\SKYBLASTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kay\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kay\LOCALS~1\Temp
USERDOMAIN=SKYBLASTER
USERNAME=Kay
USERPROFILE=C:\Documents and Settings\Kay
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Kay (admin)
Guest


-- Add/Remove Programs ---------------------------------------------------------

--> D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
#1 DVD Ripper 6.2 --> D:\Program Files\No1 DVD Ripper\uninst.exe
@BIOS B06.1124.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AE27FE6-05DB-40CB-A29E-2945980ACE27}\setup.exe" -l0x9 -removeonly
AC3Filter (remove only) --> d:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.05.17 --> MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
arniWORX awxDTools - Daemon-Tools ShellExtension - 1.0.6.0 --> "D:\Program Files\DAEMON Tools\unins000.exe"
ASUS GameFace Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D}
ASUS Smart Doctor --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009}
ASUS VideoSecurity Online --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
AudioShell 1.3.5 --> "D:\Program Files\AudioShell\unins000.exe"
Avi2Dvd 0.4.5 beta --> d:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "D:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x1e -removeonly
Battlefield Vietnam™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
BootSkin --> D:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE D:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.2 Patch --> C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch --> C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Singleplayer Patch --> C:\Program Files\InstallShield Installation Information\{D1B7EF59-A3E2-452A-882E-076E1A18D94A}\setup.exe -runfromtemp -l0x0409
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Cisco Systems VPN Client for Windows --> MsiExec.exe /X{97D73E65-3344-4034-A427-7D08EEB27B59}
Combined Community Codec Pack 2008-01-24 --> "D:\Program Files\Combined Community Codec Pack\unins000.exe"
Company of Heroes --> "D:\Program Files\Valve\Steam\steam.exe" steam://uninstall/4560
ConvertXtoDVD 3.1.0.18 --> "d:\Program Files\VSO\ConvertX\3\unins000.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DivX Codec --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Codec 3.1alpha release --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
DivX Content Uploader --> D:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "D:\Program Files\DVD Shrink\unins000.exe"
EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
ESET NOD32 Antivirus --> MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
Face_Wizard B06.1129.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}\setup.exe" -l0x9 -removeonly
ffdshow [rev 1960] [2008-05-14] --> "C:\Program Files\ffdshow\unins000.exe"
File Recover 6.2 --> "d:\Program Files\File Recover\unins000.exe"
FlashFXP v3 --> "D:\Program Files\FlashFXP\Uninstall.exe" "D:\Program Files\FlashFXP\install.log" -u
Folder Access 2.0.0 Free Version --> D:\PROGRA~1\FOLDER~1\FOLDER~1.EXE UnInstall
GameArena The Arena --> "D:\Program Files\GameArena\The Arena\UNINSTALL.EXE"
GameFace Messenger --> C:\WINDOWS\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini"
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
GTI Racing --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF0D610C-92BE-4D8F-BD33-9F658F8754F1} /Z"UNINSTALL"
GTK+ Runtime 2.12.1 rev a (remove only) --> D:\Program Files\Common Files\GTK\2.0\uninst.exe
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hamachi 1.0.2.2 --> D:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LimeWire PRO 4.9.4 --> "D:\Program Files\LimeWire\uninstall.exe"
Logitech G15 Keyboard Software 1.04 --> MsiExec.exe /X{3E354FBA-C7CE-402A-BB0D-225230BB1918}
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
LogonStudio --> D:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE D:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NDAS Software 3.11.1327 --> MsiExec.exe /I{A12A36D3-ACB7-11D9-8E75-000D614181EB}
Nero 6 Ultra Edition --> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
ObjectDock Plus --> D:\PROGRA~1\Stardock\OBJECT~2\objectdock.exe /uninstall
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Pidgin --> D:\Program Files\Pidgin\pidgin-uninst.exe
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Ricky Ponting International Cricket 2007 --> C:\Program Files\InstallShield Installation Information\{F218E3AA-F9A7-4ABF-9A7A-E5763905E2CA}\setup.exe -runfromtemp -l0x0009 -removeonly
S.T.A.L.K.E.R. - Shadow of Chernobyl --> "D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Scratch LIVE 1.8 (18048) --> MsiExec.exe /I{3BDFCF84-67A3-4C52-A708-FDD4135CF64C}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Noise Reduction Plug-In 2.0e --> MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}
Sony Sound Forge 9.0 --> MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stranglehold --> C:\Program Files\InstallShield Installation Information\{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}\setup.exe -runfromtemp -l0x0009 -removeonly
SysMetrix 3.41 --> D:\Program Files\SysMetrix\uninst.exe
TeamSpeak 2 RC2 --> "D:\Program Files\Teamspeak2_RC2\unins000.exe"
Tom Clancy's Ghost Recon Advanced Warfighter® 2 --> "C:\Program Files\InstallShield Installation Information\{F78AC3C0-578C-49AB-BD4E-3107A6036A13}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Total Video Converter 3.01 --> "D:\Program Files\Total Video Converter\unins000.exe"
touchFree 0.6 --> d:\Program Files\touchFree\uninst.exe
TVersity Media Server 0.9.11.4 beta --> C:\Program Files\TVersity\Media Server\uninst.exe
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.4 --> "C:\Program Files\WinSCP\unins000.exe"
Xfire (remove only) --> "D:\Program Files\Xfire\uninst.exe"
Xilisoft DVD Ripper Standard 5 --> D:\Program Files\Xilisoft\DVD Ripper Standard 5\Uninstall.exe
XPlay 2 --> MsiExec.exe /X{C4CE5CDB-C904-43F4-8152-62B64064C939}
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type9121 / Warning
Event Submitted/Written: 06/11/2008 03:06:46 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type9120 / Warning
Event Submitted/Written: 06/11/2008 03:06:46 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type9119 / Warning
Event Submitted/Written: 06/11/2008 03:06:46 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type9118 / Warning
Event Submitted/Written: 06/11/2008 03:06:46 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type9117 / Warning
Event Submitted/Written: 06/11/2008 03:06:45 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8209 / Error
Event Submitted/Written: 06/11/2008 03:03:06 AM / 06/11/2008 03:03:36 AM
Event ID/Source: 4307 / NetBT
Event Description:
Initialization failed because the transport refused to open initial Addresses.

Event Record #/Type8204 / Error
Event Submitted/Written: 06/11/2008 03:02:02 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type8201 / Error
Event Submitted/Written: 06/11/2008 02:59:24 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
easdrv
EIO
Fips
intelppm
MDFSYSNT

Event Record #/Type8200 / Error
Event Submitted/Written: 06/11/2008 02:59:06 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type8198 / Error
Event Submitted/Written: 06/11/2008 02:57:31 AM / 06/11/2008 02:58:31 AM
Event ID/Source: 1 / ps6agnqb
Event Description:
Protection Synchronization Driver detected an internal error, contact the customer support service.



-- End of Deckard's System Scanner: finished at 2008-06-11 04:29:44 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:26 PM

Posted 12 June 2008 - 07:20 AM

Hello B00mer and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users