Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Acting Very Wierd - Won't Allow Update - Very Slow To Load


  • This topic is locked This topic is locked
2 replies to this topic

#1 Brandon Lubbert

Brandon Lubbert

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 30 June 2008 - 09:52 PM

I have been working on a friends computer off and on for several days now. I think I got most of his problems fixed but can't seem to get this part fixed. I have run Spybot over and over and have finally fixed all the issues that it found. However, I still can't fix this one.

He was infected with virtumonde.dll. However, I believe that I have finally eliminated this.

Whenever Internet Explorer runs it takes forever to go to a particular site. It will sometimes go to a variety of popup windows. It will sometimes say page cannot be found.

Whenever I try to go to Microsoft Update, I either don't get there, or I get there with another pop-up. It will not let me under any circumstances go to the update site though.

Internet Explorer and Firefox seem to be affected. Safari runs absolutely perfect.

I have deleted all the temporary files that I know where to delete.

I have run a Spybot Search and Destroy which is now clean.

I have run a full McAfee scan which was completely clean.

I have run a full ad-aware scan that was completely clean.

I even uninstalled IE7 and went back to 6. Same problems.

I tired to run Kaspersky Online Scanner, but the popup window that it uses to check for the version of Java, went to very strange places. Registryfix.com, and online game purchase and other places. So I was not able to run it. It would not recognize that I had the correct version of Java.

I am just out of answers, and don't know where to go next.

Thanks so much for your help ahead of time.

Brandon


Here are the logs:

Main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-29 13:14:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-06-29 17:14:26 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-06-29 15:11:04 UTC - RP5 - Installed Ad-Aware
4: 2008-06-29 13:23:29 UTC - RP4 - System Checkpoint
3: 2008-06-28 12:26:38 UTC - RP3 - System Checkpoint
2: 2008-06-27 12:01:06 UTC - RP2 - System Checkpoint


-- First Restore Point --
1: 2008-06-26 11:50:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:20 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mcafee.com/root/campaign.asp?cid=25642
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BCDD095-1617-4E1E-9951-9283597C9594} - (no file)
O2 - BHO: (no name) - {2283B6DA-EFE4-4D6D-AA35-D86575E9D70B} - (no file)
O2 - BHO: (no name) - {24726148-F342-4CB0-9B10-F3A5C6DD3C8D} - (no file)
O2 - BHO: (no name) - {41087C7C-0772-4E25-ADDD-7A92DA5867D0} - (no file)
O2 - BHO: (no name) - {425C2FDF-C8FD-485A-9448-DAD95D426187} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FC0832B-1DAB-46F0-995B-C1912E17BB60} - (no file)
O2 - BHO: (no name) - {68D88A27-8FCB-4A65-8B25-687D6A143AED} - (no file)
O2 - BHO: (no name) - {6D73F205-96D3-4674-9C2C-A078891E1DBA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINDOWS\system32\opnlMcyV.dll
O2 - BHO: (no name) - {8E6672C9-14F9-4302-8433-0B44032726D9} - (no file)
O2 - BHO: (no name) - {94925781-674D-4A57-9C1A-D92B7CEED5C2} - (no file)
O2 - BHO: (no name) - {9F154E76-3D08-4FE9-87CF-AAAE82DD42BF} - (no file)
O2 - BHO: (no name) - {A4DD7839-79B1-4788-BE23-2658A4D0C60E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar12.dll
O2 - BHO: (no name) - {AEE80ED6-48E9-4992-BA12-12B5397FF850} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C08EB853-3FB5-437F-98DE-B6F4551D02B9} - (no file)
O2 - BHO: (no name) - {D261E0A4-E830-4598-811F-A760EDFC3198} - C:\WINDOWS\system32\awtustUo.dll
O2 - BHO: {f9b92241-e77d-5bc9-ed24-b024feb6092f} - {f2906bef-420b-42de-9cb5-d77e14229b9f} - (no file)
O2 - BHO: (no name) - {F87510E4-4351-4B7C-823A-F86B7CE6CA0D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar12.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM8b882bb1] Rundll32.exe "C:\WINDOWS\system32\uvpycoqv.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\7BQ66IMX\HCTP_1~1.SH! C:\DOCUME~1\Owner\Cookies\OW3E75~1.SH! C:\DOCUME~1\Owner\Cookies\OW99DC~1.SH! C:\DOCUME~1\Owner\Cookies\OW4A71~1.SH! C:\DOCUME~1\Owner\Cookies\OW89D2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\APP_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\INDEX_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\DW_PAS~1.SH! C:\DOCUME~1\Owner\Cookies\OWC390~1.SH! C:\DOCUME~1\Owner\Cookies\OW42B7~1.SH! C:\DOCUME~1\Owner\Cookies\OWF015~1.SH! C:\DOCUME~1\Owner\Cookies\OW189C~1.SH! C:\DOCUME~1\Owner\Cookies\OW4A6B~1.SH! C:\DOCUME~1\Owner\Cookies\OW0692~1.SH!
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...307/mcfscan.cab
O20 - Winlogon Notify: opnlMcyV - C:\WINDOWS\SYSTEM32\opnlMcyV.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 13747 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080629-110336-192 O4 - HKLM\..\Run: [88bb182d] rundll32.exe "C:\WINDOWS\system32\nhijpshy.dll",b
backup-20080629-110336-636 O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
backup-20080629-110336-856 O4 - HKLM\..\Run: [BM8b882bb1] Rundll32.exe "C:\WINDOWS\system32\uvpycoqv.dll",s
backup-20080629-110337-108 O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
backup-20080629-110337-169 O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
backup-20080629-110338-460 O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
backup-20080629-110338-846 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
backup-20080629-110338-887 O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab
backup-20080629-110339-470 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
backup-20080629-110339-645 O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} -
backup-20080629-110339-960 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
backup-20080629-110340-525 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
backup-20080629-110340-668 O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
backup-20080629-110341-427 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
backup-20080629-110341-853 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 HIDKbFlt (HIDKbFlt.SvcDesc%) - c:\windows\system32\drivers\hidkbflt.sys <Not Verified; Dritek System Inc.; Dritek USB Keyboard HID Filter Driver>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-29 12:53:08 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-06-27 07:21:06 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-06-16 11:42:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-15 01:19:11 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-01 01:00:01 332 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 11:11:12 0 d-------- C:\Program Files\Lavasoft
2008-06-29 11:11:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 11:09:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 01:19:04 0 d-------- C:\Program Files\Trend Micro
2008-06-29 00:43:41 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-29 00:42:30 0 d-------- C:\Program Files\CCleaner
2008-06-29 00:34:25 92032 --a------ C:\WINDOWS\system32\nhijpshy.dll
2008-06-27 07:20:39 0 d-------- C:\Program Files\RegCure
2008-06-27 05:38:33 0 d-------- C:\Program Files\RegistryFix6
2008-06-26 07:55:03 91520 --a------ C:\WINDOWS\system32\ahxpkqbk.dll
2008-06-26 07:54:16 243244 --ahs---- C:\WINDOWS\system32\oUtsutwa.ini2
2008-06-26 07:54:10 321920 --a------ C:\WINDOWS\system32\awtustUo.dll
2008-06-25 17:45:59 242734 --ahs---- C:\WINDOWS\system32\KSututwa.ini2
2008-06-25 00:49:35 0 d-------- C:\VundoFix Backups
2008-06-25 00:05:20 224318 --ahs---- C:\WINDOWS\system32\TBKjlUvw.ini2
2008-06-24 15:42:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-06-24 09:08:23 92032 --a------ C:\WINDOWS\system32\eyucnejd.dll
2008-06-22 22:26:36 232711 --ahs---- C:\WINDOWS\system32\xyHRtvut.ini2
2008-06-22 14:55:20 230448 --ahs---- C:\WINDOWS\system32\dLopAcdd.ini2
2008-06-20 23:27:13 92416 --a------ C:\WINDOWS\system32\hhwmdyvo.dll
2008-06-20 23:25:22 227005 --ahs---- C:\WINDOWS\system32\NTBbKkkj.ini2
2008-06-20 22:16:20 345 --ahs---- C:\WINDOWS\system32\dMlSAcdd.ini2
2008-06-20 00:08:53 229600 --ahs---- C:\WINDOWS\system32\DLoXxyxx.ini2
2008-06-19 22:45:53 230400 --ahs---- C:\WINDOWS\system32\qWabcccf.ini2
2008-06-19 19:11:03 226230 --ahs---- C:\WINDOWS\system32\PVFfgMoq.ini2
2008-06-19 18:08:39 226623 --ahs---- C:\WINDOWS\system32\BcdeLRqr.ini2
2008-06-19 16:01:26 229866 --ahs---- C:\WINDOWS\system32\tCddefii.ini2
2008-06-19 13:49:01 91392 --a------ C:\WINDOWS\system32\dooweinp.dll
2008-06-19 09:43:57 725 --ahs---- C:\WINDOWS\system32\jjQpqtwa.ini2
2008-06-18 22:09:13 236226 --ahs---- C:\WINDOWS\system32\VCfMlnpo.ini2
2008-06-18 20:32:24 345 --ahs---- C:\WINDOWS\system32\KQsuutwa.ini2
2008-06-18 17:02:28 239057 --ahs---- C:\WINDOWS\system32\jRCJRXbc.ini2
2008-06-18 13:15:25 236533 --ahs---- C:\WINDOWS\system32\TvuvDcdd.ini2
2008-06-17 21:01:03 95360 -----n--- C:\WINDOWS\system32\uvpycoqv.dll
2008-06-17 20:59:55 681947 --ahs---- C:\WINDOWS\system32\YceLmnmp.ini2
2008-06-17 13:16:48 237564 --ahs---- C:\WINDOWS\system32\SBLkRXyb.ini2
2008-06-16 21:53:02 344 --ahs---- C:\WINDOWS\system32\WFhOrtwa.ini2
2008-06-16 20:30:48 240390 --ahs---- C:\WINDOWS\system32\lTtDJkkj.ini2
2008-06-16 19:24:57 344 --ahs---- C:\WINDOWS\system32\srstsBeg.ini2
2008-06-16 16:54:42 344 --ahs---- C:\WINDOWS\system32\TsutDcdd.ini2
2008-06-16 11:41:32 239533 --ahs---- C:\WINDOWS\system32\TDKRBJlm.ini2
2008-06-15 17:25:17 239668 --ahs---- C:\WINDOWS\system32\VFOnmnmp.ini2
2008-06-14 22:51:33 248287 --ahs---- C:\WINDOWS\system32\egihNUvw.ini2
2008-06-13 22:06:25 240403 --ahs---- C:\WINDOWS\system32\gMWEOqss.ini2
2008-06-13 00:11:00 274132 --ahs---- C:\WINDOWS\system32\yycddJlm.ini2
2008-06-12 18:43:04 279382 --ahs---- C:\WINDOWS\system32\WaIPstwa.ini2
2008-06-12 17:07:38 276925 --ahs---- C:\WINDOWS\system32\RBaHRqss.ini2
2008-06-11 16:06:19 344 --ahs---- C:\WINDOWS\system32\PopsBccf.ini2
2008-06-11 13:49:54 373424 --ahs---- C:\WINDOWS\system32\cMStDJjl.ini2
2008-06-11 11:31:40 378852 --ahs---- C:\WINDOWS\system32\jkkkTvut.ini2
2008-06-11 06:30:34 376485 --ahs---- C:\WINDOWS\system32\oXGQstwa.ini2
2008-06-10 21:12:54 344 --ahs---- C:\WINDOWS\system32\DKTENnmp.ini2
2008-06-10 19:40:57 381358 --ahs---- C:\WINDOWS\system32\llRCdJlm.ini2
2008-06-10 18:40:37 344 --ahs---- C:\WINDOWS\system32\HgOWaJlm.ini2
2008-06-10 15:23:42 344 --ahs---- C:\WINDOWS\system32\ilkSvyay.ini2
2008-06-10 12:15:42 344 --ahs---- C:\WINDOWS\system32\EKnWyGgh.ini2
2008-06-09 22:35:40 384485 --ahs---- C:\WINDOWS\system32\qBLSBcdd.ini2
2008-06-09 19:49:12 344 --ahs---- C:\WINDOWS\system32\XGjTBJlm.ini2
2008-06-06 21:05:10 378681 --ahs---- C:\WINDOWS\system32\TCfLoUvw.ini2
2008-06-06 16:49:08 382707 --ahs---- C:\WINDOWS\system32\wDcLnUtv.ini2
2008-06-06 11:05:22 374190 --ahs---- C:\WINDOWS\system32\mSBbcMoq.ini2
2008-06-06 06:47:07 371332 --ahs---- C:\WINDOWS\system32\tEKSvyay.ini2
2008-06-05 16:53:47 374836 --ahs---- C:\WINDOWS\system32\NnTtDfhk.ini2
2008-06-04 15:37:53 344 --ahs---- C:\WINDOWS\system32\lVGQrtwa.ini2
2008-06-04 12:20:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-06-04 11:47:32 387221 --ahs---- C:\WINDOWS\system32\qpVEdMoq.ini2
2008-06-02 18:29:01 380379 --ahs---- C:\WINDOWS\system32\tBJTBcdd.ini2
2008-06-02 13:30:43 0 d-------- C:\WINDOWS\McAfee.com
2008-06-01 19:54:20 580102 --ahs---- C:\WINDOWS\system32\LlVDffii.ini2
2008-06-01 18:47:51 87151 --a------ C:\WINDOWS\system32\iifDWMFY.dll
2008-06-01 15:59:39 581610 --ahs---- C:\WINDOWS\system32\tAHRCcdd.ini2
2008-05-31 14:16:27 577723 --ahs---- C:\WINDOWS\system32\RtvyGfhk.ini2
2008-05-29 19:07:21 583683 --ahs---- C:\WINDOWS\system32\UCMWHkkj.ini2
2008-05-29 17:07:35 573058 --ahs---- C:\WINDOWS\system32\ggiSYJjl.ini2
2008-05-29 15:17:20 579248 --ahs---- C:\WINDOWS\system32\gjlVxyxx.ini2
2008-05-29 13:52:52 588919 --ahs---- C:\WINDOWS\system32\GNXxyyay.ini2


-- Find3M Report ---------------------------------------------------------------

2008-06-29 11:09:58 0 d-------- C:\Program Files\Common Files
2008-06-26 21:54:45 0 d-------- C:\Program Files\bfgtoolbar
2008-06-25 23:12:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-06-25 23:11:44 0 d-------- C:\Program Files\Yahoo!
2008-06-23 15:02:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-06-22 22:28:40 0 d-------- C:\Documents and Settings\Owner\Application Data\ComcastToolbar
2008-06-22 18:59:42 0 d-------- C:\Program Files\TrueSwitchComcast
2008-06-22 18:59:11 0 d-------- C:\Documents and Settings\Owner\Application Data\TrueSwitch
2008-06-22 14:48:13 239192 --ahs---- C:\WINDOWS\system32\bIQrCfhk.ini2
2008-06-20 20:17:23 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-09 14:21:55 854 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-07 02:41:02 0 d-------- C:\Program Files\The Weather Channel FW
2008-06-04 12:41:54 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-06-02 18:26:31 0 d-------- C:\Program Files\ComcastToolbar
2008-06-02 08:46:22 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-29 06:36:39 584438 --ahs---- C:\WINDOWS\system32\YGOoqtwa.ini2
2008-05-29 06:36:12 584438 --ahs---- C:\WINDOWS\system32\NmWFOqss.ini2
2008-05-28 20:44:04 584862 --ahs---- C:\WINDOWS\system32\lnUwDJlm.ini2
2008-05-28 15:27:23 755 --ahs---- C:\WINDOWS\system32\bdfLoUvw.ini2
2008-05-27 20:41:55 344 --ahs---- C:\WINDOWS\system32\BccLRXbc.ini2
2008-05-27 15:24:59 607211 --ahs---- C:\WINDOWS\system32\HRCcLRqr.ini2
2008-05-24 20:44:50 344 --ahs---- C:\WINDOWS\system32\gjlknUtv.ini2
2008-05-23 13:10:40 696501 --ahs---- C:\WINDOWS\system32\mnpWFfhk.ini2
2008-05-23 12:44:02 90624 --a------ C:\WINDOWS\system32\gvempuxx.dll
2008-05-23 00:39:54 786136 --ahs---- C:\WINDOWS\system32\nmmmlRqr.ini2
2008-05-22 12:59:27 781825 --ahs---- C:\WINDOWS\system32\OWDNmnmp.ini2
2008-05-22 11:19:33 786321 --ahs---- C:\WINDOWS\system32\fNmnVyxx.ini2
2008-05-21 20:53:29 784501 --ahs---- C:\WINDOWS\system32\jSAJlnpo.ini2
2008-05-21 19:31:53 90112 --a------ C:\WINDOWS\system32\aquaugxp.dll
2008-05-21 19:11:17 90112 --a------ C:\WINDOWS\system32\rcgrvyjg.dll
2008-05-20 22:52:41 779454 --ahs---- C:\WINDOWS\system32\ijSsDJlm.ini2
2008-05-20 15:28:54 778010 --ahs---- C:\WINDOWS\system32\iPYceMoq.ini2
2008-05-20 14:15:47 344 --ahs---- C:\WINDOWS\system32\PYIOUvut.ini2
2008-05-18 16:18:17 1240133 --ahs---- C:\WINDOWS\system32\PoWFPXyb.ini2
2008-05-18 16:16:19 319808 --a------ C:\WINDOWS\system32\vtUlIxww.dll
2008-05-18 13:56:21 1238156 --ahs---- C:\WINDOWS\system32\xaaKkUvw.ini2
2008-05-16 14:35:06 1240052 --ahs---- C:\WINDOWS\system32\IhOqAcdd.ini2
2008-05-15 16:18:26 1223745 --ahs---- C:\WINDOWS\system32\mloWyGgh.ini2
2008-05-15 15:08:17 1224207 --ahs---- C:\WINDOWS\system32\CbLVwGgh.ini2
2008-05-15 12:49:49 1109768 --ahs---- C:\WINDOWS\system32\yycccccf.ini2
2008-05-15 10:32:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-05-14 15:27:45 1068876 --ahs---- C:\WINDOWS\system32\aKRYcfii.ini2
2008-05-14 15:24:53 344 --ahs---- C:\WINDOWS\system32\uvGOonnn.ini2
2008-05-13 15:06:07 949922 --ahs---- C:\WINDOWS\system32\SDNUCJlm.ini2
2008-05-13 06:21:55 948912 --ahs---- C:\WINDOWS\system32\JQsYcccf.ini2
2008-05-13 06:21:00 957753 --ahs---- C:\WINDOWS\system32\AGfgNXyb.ini2
2008-05-12 17:51:43 948842 --ahs---- C:\WINDOWS\system32\NmVvyyxx.ini2
2008-05-12 16:47:55 946121 --ahs---- C:\WINDOWS\system32\YbJQYcfe.ini2
2008-05-11 13:42:34 940502 --ahs---- C:\WINDOWS\system32\vwxHRqru.ini2
2008-05-11 13:41:26 91776 --a------ C:\WINDOWS\system32\ypedwyho.dll
2008-05-11 12:17:31 91776 --a------ C:\WINDOWS\system32\tehewcxh.dll
2008-05-11 08:58:32 939882 --ahs---- C:\WINDOWS\system32\RBeOnnnn.ini2
2008-05-11 00:29:03 938193 --ahs---- C:\WINDOWS\system32\deKjQqss.ini2
2008-05-10 22:46:19 7226 --ahs---- C:\WINDOWS\system32\nmlkQXbc.ini2
2008-05-10 03:27:03 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-10 03:26:48 29824 --a------ C:\WINDOWS\system32\opnlMcyV.dll
2008-05-07 12:00:53 0 d-------- C:\Program Files\Safari
2008-04-18 17:53:43 1080 --a------ C:\WINDOWS\AUTOLNCH.REG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BCDD095-1617-4E1E-9951-9283597C9594}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2283B6DA-EFE4-4D6D-AA35-D86575E9D70B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24726148-F342-4CB0-9B10-F3A5C6DD3C8D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41087C7C-0772-4E25-ADDD-7A92DA5867D0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{425C2FDF-C8FD-485A-9448-DAD95D426187}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FC0832B-1DAB-46F0-995B-C1912E17BB60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68D88A27-8FCB-4A65-8B25-687D6A143AED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D73F205-96D3-4674-9C2C-A078891E1DBA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}]
05/10/2008 03:26 AM 29824 --a------ C:\WINDOWS\system32\opnlMcyV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E6672C9-14F9-4302-8433-0B44032726D9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94925781-674D-4A57-9C1A-D92B7CEED5C2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F154E76-3D08-4FE9-87CF-AAAE82DD42BF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4DD7839-79B1-4788-BE23-2658A4D0C60E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEE80ED6-48E9-4992-BA12-12B5397FF850}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C08EB853-3FB5-437F-98DE-B6F4551D02B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D261E0A4-E830-4598-811F-A760EDFC3198}]
06/26/2008 07:54 AM 321920 --a------ C:\WINDOWS\system32\awtustUo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2906bef-420b-42de-9cb5-d77e14229b9f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F87510E4-4351-4B7C-823A-F86B7CE6CA0D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/21/2006 09:29 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 03:00 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 06:04 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SoundMan"="SOUNDMAN.EXE" [04/15/2005 11:01 AM C:\WINDOWS\SOUNDMAN.EXE]
"ShowWnd"="ShowWnd.exe" [09/19/2003 12:09 PM C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 PM]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [02/21/2005 07:15 AM]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 04:27 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [12/11/2001 08:33 PM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 02:21 PM]
"CHotkey"="zHotkey.exe" [05/17/2004 09:30 PM C:\WINDOWS\zHotkey.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/18/2005 12:05 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"BM8b882bb1"="C:\WINDOWS\system32\uvpycoqv.dll" [06/17/2008 09:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"Yahoo! Pager"="1" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/13/2007 05:41 PM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\7BQ66IMX\HCTP_1~1.SH! C:\DOCUME~1\Owner\Cookies\OW3E75~1.SH! C:\DOCUME~1\Owner\Cookies\OW99DC~1.SH! C:\DOCUME~1\Owner\Cookies\OW4A71~1.SH! C:\DOCUME~1\Owner\Cookies\OW89D2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\APP_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\INDEX_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\DW_PAS~1.SH! C:\DOCUME~1\Owner\Cookies\OWC390~1.SH! C:\DOCUME~1\Owner\Cookies\OW42B7~1.SH! C:\DOCUME~1\Owner\Cookies\OWF015~1.SH! C:\DOCUME~1\Owner\Cookies\OW189C~1.SH! C:\DOCUME~1\Owner\Cookies\OW4A6B~1.SH! C:\DOCUME~1\Owner\Cookies\OW0692~1.SH! C:\DOCUME~1\Owner\Cookies\OWB925~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VPAKN8MX\KB4564~4.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\T8RAEQ4U\USER_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VPAKN8MX\PRINT_~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DXRZZHQF\363265~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\TM6RA4XD\A_DS_P~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\T8RAEQ4U\INDEX_~2.SH!

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2/11/2008 8:54:23 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"= C:\WINDOWS\system32\opnlMcyV.dll [05/10/2008 03:26 AM 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlMcyV]
opnlMcyV.dll 05/10/2008 03:26 AM 29824 C:\WINDOWS\system32\opnlMcyV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtustUo

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ff28851-c8be-11d9-aca4-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ebe9b31-f8d8-11d9-a879-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8744 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-29 13:16:39 ------------




The extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 382.48 MiB / 83.63 MiB
Pagefile Memory (total/avail): 918.49 MiB / 465.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.42 MiB

C: is Fixed (NTFS) - 89.84 GiB total, 59.95 GiB free.
D: is Fixed (FAT32) - 3.3 GiB total, 1.13 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 89.84 GiB - C:
\PARTITION1 - Unknown - 3.31 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EMACHINES
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\EMACHINES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=EMACHINES
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Shasta (admin)
Nikki (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\common\unwise.exe /S C:\PROGRA~1\Yahoo!\common\install.log
--> C:\PROGRA~1\Yahoo!\common\unybase.exe
--> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\yaddbook.dll
--> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ylogin.dll
--> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ymmapi.dll
--> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -l0x9 -uninst
Avery Wizard 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{6B10045E-6789-49C4-BFED-52575F5B76BF}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
Dave Ramsey's Financial Peace Software --> "C:\Debt\Remove.exe" /U:"C:\Debt\Remove.log"
Desktop Doctor --> MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar12.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 930c series (Remove only) --> C:\Program Files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=930c -huninstall
HP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
Internet Keyboard Elite --> C:\WINDOWS\UnInst32.exe KEMailKb.UNI
iPodder 2.0.5p --> C:\Program Files\iPodder\uninst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JumpStart Typing --> C:\WINDOWS\IsUninst.exe -fC:\KA\JSTYPING\DeIsL1.isu
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D695F627-7F16-429A-ACE7-57C535AC6ECB}\setup.exe" -l0x9
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
QuickTime for Windows (32-bit) --> C:\WINDOWS\QTW32DEL.EXE
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recovery Software Suite eMachines --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
RegCure 1.5.0.1 --> C:\Program Files\RegCure\uninst.exe
RegistryFix v6.4 --> "C:\Program Files\RegistryFix6\unins000.exe"
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Collapse! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A301896D-9F55-4492-B518-30EAC4C723E1}\setup.exe" -l0x9
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Travelaxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F0815A1-ABA6-41A6-8790-2A7198AA8ECD}\setup.exe"
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5615 / Warning
Event Submitted/Written: 06/27/2008 00:42:25 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type5601 / Error
Event Submitted/Written: 06/26/2008 08:37:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5570 / Error
Event Submitted/Written: 06/25/2008 06:01:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5565 / Error
Event Submitted/Written: 06/25/2008 07:16:10 AM / 06/25/2008 07:16:11 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5544 / Error
Event Submitted/Written: 06/25/2008 00:40:42 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application spybotsd.exe, version 1.5.2.20, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [spybotsd.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type51758 / Error
Event Submitted/Written: 06/29/2008 10:49:08 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type51741 / Error
Event Submitted/Written: 06/29/2008 10:41:09 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.6 for the Network Card with network address 0013D328234E has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type51738 / Error
Event Submitted/Written: 06/29/2008 08:41:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type51727 / Error
Event Submitted/Written: 06/29/2008 01:15:47 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type51726 / Error
Event Submitted/Written: 06/29/2008 01:12:55 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-06-29 13:16:39 ------------

BC AdBot (Login to Remove)

 


#2 Brandon Lubbert

Brandon Lubbert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 01 July 2008 - 05:57 AM

Another forum had me run combofix.

http://thespykiller.co.uk/index.php/topic,6691.0.html

I believe this has solved the problem.

Do you have any idea what I may have been infected with? However, please don't spend alot of time trying to figure out what happened in the past though.

Brandon

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:42 PM

Posted 02 July 2008 - 04:51 AM

Hello Brandon,

You're system is infected by a Vundo/Conhook infection.

The infection is still active though, so pay close attention to the guidelines provided by Dvk !!

Since you're receiving help on another forum,
this topic is closed.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users