Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Interpretation


  • This topic is locked This topic is locked
3 replies to this topic

#1 ahhvirus

ahhvirus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 July 2008 - 05:13 PM

My desktop is hijacked with a blue screen, and a yellow box with "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6400 @ 2.13GHz
CPU 1: Intel® Core™2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2047.11 MiB / 1370.64 MiB
Pagefile Memory (total/avail): 3940.13 MiB / 3433.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.94 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 57.27 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160811AS - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"="C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD:*:Enabled:MechWarrior IV"
"C:\\Program Files\\Warcraft III Demo\\War3Demo.exe"="C:\\Program Files\\Warcraft III Demo\\War3Demo.exe:*:Disabled:Warcraft III Demo"
"C:\\Program Files\\CAPCOM\\LOST_PLANET_TRIAL_DX9\\LostPlanetDX9.exe"="C:\\Program Files\\CAPCOM\\LOST_PLANET_TRIAL_DX9\\LostPlanetDX9.exe:*:Enabled:LostPlanetDX9"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\\Program Files\\Battlestations Midway MP Demo\\Battlestationsmidway.exe"="C:\\Program Files\\Battlestations Midway MP Demo\\Battlestationsmidway.exe:*:Enabled:Battlestationsmidway"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Documents and Settings\\Jesse\\Desktop\\wowclient-downloader.exe"="C:\\Documents and Settings\\Jesse\\Desktop\\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Jesse\\Desktop\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"="C:\\Documents and Settings\\Jesse\\Desktop\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Jesse\\Desktop\\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\\Documents and Settings\\Jesse\\Desktop\\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Jesse\\Desktop\\WoW-2.2.3.7359-to-0.3.0.7441-enUS-downloader.exe"="C:\\Documents and Settings\\Jesse\\Desktop\\WoW-2.2.3.7359-to-0.3.0.7441-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict - DEMO\\wic.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict - DEMO\\wic.exe:*:Enabled:World in Conflict - DEMO"
"C:\\Documents and Settings\\Jesse\\Desktop\\wowclient-downloader(2).exe"="C:\\Documents and Settings\\Jesse\\Desktop\\wowclient-downloader(2).exe:*:Enabled:Blizzard Downloader"
"C:\\BROOD\\StarCraft.exe"="C:\\BROOD\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\WINDOWS\\system32\\tmqrojfd.exe"="C:\\WINDOWS\\system32\\tmq"
"C:\\Program Files\\Sega\\Universe At War Earth Assault (DEMO)\\UAWEA.exe"="C:\\Program Files\\Sega\\Universe At War Earth Assault (DEMO)\\UAWEA.exe:*:Enabled:Universe at War: Earth Assault Application"
"C:\\WINDOWS\\system32\\votohqwe.exe"="C:\\WINDOWS\\system32\\vot"
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm Demo\\Soulstorm.exe"="C:\\Program Files\\THQ\\Dawn of War - Soulstorm Demo\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\WINDOWS\\system32\\isysoekv.exe"="C:\\WINDOWS\\system32\\isy"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe"="C:\\Program Files\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"
"C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\AC Web Ultimate Repack\\Server\\apache\\bin\\apache.exe"="C:\\AC Web Ultimate Repack\\Server\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\AC Web Ultimate Repack\\Server\\mysql\\bin\\mysqld.exe"="C:\\AC Web Ultimate Repack\\Server\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\AC Web Ultimate Repack\\Ascent\\ascent-world.exe"="C:\\AC Web Ultimate Repack\\Ascent\\ascent-world.exe:*:Enabled:ascent-world"
"C:\\FunServer\\Server\\xampp\\apache\\bin\\apache.exe"="C:\\FunServer\\Server\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\FunServer\\Ascent\\ascent-world.exe"="C:\\FunServer\\Ascent\\ascent-world.exe:*:Enabled:ascent-world"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="C:\\Program Files\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:R6Vegas2_Game"
"C:\\Program Files\\Steam\\steamapps\\piratorites\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\piratorites\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Beyond Emu 1.0 Blizzpack\\Ascent\\ascent-world.exe"="C:\\Beyond Emu 1.0 Blizzpack\\Ascent\\ascent-world.exe:*:Enabled:ascent-world"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jesse\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DONUT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jesse
LOGONSERVER=\\DONUT
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jesse\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jesse\LOCALS~1\Temp
USERDOMAIN=DONUT
USERNAME=Jesse
USERPROFILE=C:\Documents and Settings\Jesse
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Jesse (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
--> "C:\Program Files\InstallShield Installation Information\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}\setup.exe" --u:{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}
--> "C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
--> MsiExec /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Age of Conan - Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins001.exe"
AGEIA PhysX v7.05.06 --> MsiExec.exe /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD347316-609E-4149-983C-84B40338D38A}\setup.exe" -l0x9 -removeonly
BioShock Demo --> C:\Program Files\InstallShield Installation Information\{36BBA884-C697-48B6-B496-5F329215E249}\setup.exe -runfromtemp -l0x0009 -removeonly
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CryEngine®2 Sandbox™2 --> MsiExec.exe /I{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Drmupgds --> "C:\Program Files\Drmupgds\Drmupgds.exe" -uninstall
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HeidiSQL 3.2 --> "C:\Program Files\HeidiSQL\unins000.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapEDC --> "C:\Program Files\MapEDC\MapEDC.exe" -uninstall
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{91170409-6000-11D3-8CFE-0150048383C9}
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multi-Soundboard Player 1.5.0 --> C:\WINDOWS\iun506.exe C:\Program Files\Multi-Soundboard Player\irunin.ini
NoDNS --> C:\Program Files\\NoDNS\\UnInstall.exe
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PC SpeedScan Pro --> C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0009 -removeonly
Performance Center --> C:\Program Files\InstallShield Installation Information\{BB05BD70-4605-4829-93FC-AD80D8CC5B66}\setup.exe -runfromtemp -l0x0009 -removeonly
Pharaoh --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Pharaoh\Uninst.isu
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PremiumSoft Navicat 8.0 for MySQL --> "C:\Program Files\PremiumSoft\Navicat 8.0 MySQL\unins000.exe"
Product Key Explorer 1.9.2 --> "C:\Program Files\Nsasoft\ProductKeyExplorer\unins000.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Rabio --> "C:\Program Files\Rabio\un_RabioSetup_16702.exe"
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Return of Arcade Anniversary Edition --> "C:\Program Files\Microsoft Games\Return of Arcade AE\UNINSTAL.EXE" /runtemp /addremove
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
RPG Maker VX --> "C:\Program Files\Enterbrain\RPGVX\unins000.exe"
RPG Maker VX RTP --> "C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
Search and Play Flash Files 1.5.0 --> C:\WINDOWS\iun506.exe C:\Program Files\Search and Play Flash Files\irunin.ini
ShopperReports --> C:\Program Files\ShoppingReport\Uninst.exe
Sierra Utilities --> .\sutil32.exe uninstall
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
SPORE™ Creature Creator Trial Edition --> "C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Starcraft Brood War (RAZOR 1911) --> C:\WINDOWS\rzrunins.exe C:\BROOD\rzrunins.log
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe
Two Worlds Demo --> C:\PROGRA~1\REALIT~1\TWOWOR~1\Unwise.exe /U C:\PROGRA~1\REALIT~1\TWOWOR~1\install.log
Universe at War Earth Assault (DEMO) --> "C:\Program Files\InstallShield Installation Information\{389E2A0A-403D-4DDC-B2FA-269D26999395}\setup.exe" -runfromtemp -l0x0409 -removeonly
Universe at War Earth Assault (DEMO) --> MsiExec.exe /X{389E2A0A-403D-4DDC-B2FA-269D26999395}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Warcraft III Demo --> C:\WINDOWS\W3DemoUnin.exe C:\WINDOWS\W3DemoUnin.dat
Warhammer Mark of Chaos DEMO --> C:\Program Files\InstallShield Installation Information\{FF5591A7-8998-485D-8462-91C536B75CAC}\setup.exe -runfromtemp -l0x0009 -removeonly
WebVideo Support --> C:\WINDOWS\mrvtdpqe.exe
WinButler --> C:\Documents and Settings\Jesse\Application Data\WinButler\WinBuninstaller.exe
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict - DEMO --> C:\Program Files\InstallShield Installation Information\{D24CD157-E4C4-4184-9465-B5C025E736AD}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (3)\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
xInsIDE --> "C:\Program Files\xInsIDE\xInsIDE.exe" -uninstall
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type205 / Error
Event Submitted/Written: 07/02/2008 05:34:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mbam.exe, version 1.19.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type189 / Success
Event Submitted/Written: 07/02/2008 05:05:02 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type184 / Error
Event Submitted/Written: 07/02/2008 05:00:08 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mbam.exe, version 1.19.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type174 / Success
Event Submitted/Written: 07/02/2008 04:51:01 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type169 / Success
Event Submitted/Written: 07/02/2008 04:46:51 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37528 / Error
Event Submitted/Written: 07/02/2008 05:27:15 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type37499 / Error
Event Submitted/Written: 07/02/2008 05:03:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SAVRT service failed to start due to the following error:
%%31

Event Record #/Type37493 / Error
Event Submitted/Written: 07/02/2008 05:03:24 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SAVRT

Event Record #/Type37492 / Error
Event Submitted/Written: 07/02/2008 05:03:24 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The SAVScan service depends on the SAVRT service which failed to start because of the following error:
%%31

Event Record #/Type37491 / Error
Event Submitted/Written: 07/02/2008 05:03:14 PM
Event ID/Source: 6 / SAVRT
Event Description:
Incompatible version of SYMEVENT.SYS is loaded.



-- End of Deckard's System Scanner: finished at 2008-07-02 18:05:27 ------------

___________________________

Deckard's System Scanner v20071014.68
Run by Jesse on 2008-07-02 18:00:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-02 22:00:13 UTC - RP496 - Deckard's System Scanner Restore Point
2: 2008-07-02 21:26:33 UTC - RP495 - Last good restore point
1: 2008-07-02 21:26:24 UTC - RP494 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jesse.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:19 PM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Jesse\Application Data\WinButler\WinButler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Fraps\FRAPS.EXE
C:\Program Files\DNA\btdna.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jesse\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jesse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {065CEDD4-C1A5-433E-809F-A0C2211D73C4} - C:\Program Files\Online Services\poveja24418.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1ACEF815-1F06-425C-A73B-6697462B24B8} - C:\Program Files\Online Services\poveja4444.dll (file missing)
O2 - BHO: (no name) - {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} - C:\WINDOWS\system32\vtUkkihI.dll
O2 - BHO: QXK Olive - {2433FEB3-8BCA-49F3-8CA8-AD141C81A724} - C:\WINDOWS\kgqfweltlkb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6B338236-072C-4043-9466-4EB58508CF7B} - C:\Program Files\Online Services\poveja455101.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CF86655-BC8B-4554-903F-284CC38CA8EC} - C:\WINDOWS\system32\gebyy.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: 0 - {CE52DD07-DB6F-405F-1B8A-A1245A220BDB} - C:\Program Files\MSN\sahucoqe911.dll (file missing)
O2 - BHO: (no name) - {DE1D1648-D366-4755-A574-DC51F1D994A0} - C:\Program Files\Online Services\poveja83122.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: nqgpedlr - {EC4A1CF6-AE63-45C3-B7C7-E427DA6CBFD9} - C:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [was_check] C:\Program Files\ErrorSafe Free\PASmon.exe
O4 - HKLM\..\Run: [UERScw] C:\Program Files\ErrorSafe Free\UERScw.exe -c
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [pody] C:\Program Files\Common Files\pody77798.exe
O4 - HKLM\..\Run: [6666666E686C686D] E1E1E1E9E3E7E3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cwriter] C:\Program Files\StorageProtector\ucookw.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210617329\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphcr71j0e7da] C:\WINDOWS\system32\lphcr71j0e7da.exe
O4 - HKLM\..\Run: [SMrhcv71j0e7da] C:\Program Files\rhcv71j0e7da\rhcv71j0e7da.exe
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\Jesse\LOCALS~1\Temp\atmadm2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Jesse\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Jesse\Application Data\Microsoft\Windows\rayio.exe
O4 - HKCU\..\Run: [krir] C:\PROGRA~1\COMMON~1\krir\krirm.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Rabio - Auto Update.lnk = C:\Program Files\Rabio\se.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: internet.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c4107decf82d4834b1c63353d2818c26
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c4107decf82d4834b1c63353d2818c26
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: byxwxvw - byxwxvw.dll (file missing)
O20 - Winlogon Notify: hzsqmoaa - hzsqmoaa.dll (file missing)
O20 - Winlogon Notify: vtUkkihI - C:\WINDOWS\SYSTEM32\vtUkkihI.dll
O20 - Winlogon Notify: zkvgwdco - zkvgwdco.dll (file missing)
O21 - SSODL: axrfgvek - {0CC75023-939E-4226-89D7-4DEACE4124E1} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {CF68AB08-A49E-49BA-8292-A4BF54429F72} - C:\WINDOWS\okmdepgb.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14645 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080702-172237-581 O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\wuoqyqiku.html

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ivicd (Ivi CDVD Filter Driver) - c:\windows\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
R1 core - c:\windows\system32\drivers\core.sys
R3 ADIDTSFiltService (ADI DTS Filter Service) - c:\windows\system32\drivers\adidts.sys <Not Verified; Analog Devices, Inc.; Analog Devices DTS Driver>
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 iviudf - c:\windows\system32\drivers\iviudf.sys <Not Verified; InterVideo; UDF File System Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-02 18:03:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-02 17:26:34 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-06-27 20:00:00 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jesse.job
2008-02-27 08:44:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 16:15:18 91520 -----n--- C:\WINDOWS\system32\slsivwry.dll
2008-07-02 16:11:48 0 d-------- C:\Program Files\Trend Micro
2008-07-02 13:42:07 28288 --a------ C:\WINDOWS\system32\vtUkkihI.dll
2008-07-02 13:42:00 0 d-------- C:\Documents and Settings\Jesse\Application Data\rhcv71j0e7da
2008-07-02 13:41:26 229376 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-02 13:41:26 155648 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-02 13:41:26 86016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-02 13:41:26 307200 --a------ C:\WINDOWS\kgqfweltlkb.dll
2008-07-02 13:41:26 180224 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-02 13:41:10 60928 --a------ C:\WINDOWS\system32\blphcr71j0e7da.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-02 13:41:03 109056 --a------ C:\WINDOWS\system32\lphcr71j0e7da.exe
2008-07-02 12:04:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 12:04:41 0 d-------- C:\Program Files\Windows Live
2008-07-02 12:04:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-01 01:45:13 0 d-------- C:\Documents and Settings\Jesse\Application Data\Malwarebytes
2008-07-01 01:44:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 01:44:45 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 15:54:34 0 d-------- C:\World of Warcraft
2008-06-30 15:51:21 0 d-------- C:\Beyond Emu 1.0 Blizzpack
2008-06-25 23:28:54 0 d-------- C:\Program Files\World of Warcraft
2008-06-24 00:52:37 952 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-06-24 00:52:37 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\122238D683.sys
2008-06-24 00:52:11 0 d-------- C:\Program Files\Common Files\Enterbrain
2008-06-24 00:52:03 0 d-------- C:\Program Files\Enterbrain
2008-06-21 16:51:55 0 d-------- C:\Documents and Settings\Jesse\Application Data\SPORE Creature Creator
2008-06-21 16:51:30 0 d-------- C:\ProgramData
2008-06-21 16:51:27 5742 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-21 16:50:52 0 d-------- C:\Program Files\Electronic Arts
2008-06-18 16:17:26 0 d-------- C:\Documents and Settings\Jesse\Application Data\Ubisoft
2008-06-18 15:38:27 0 d-------- C:\Program Files\Ubisoft
2008-06-10 02:11:27 0 d-------- C:\Documents and Settings\Jesse\Contacts
2008-06-10 02:11:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-06-08 11:59:15 0 d-------- C:\WINDOWS\Logs
2008-06-08 02:00:47 0 d-------- C:\Program Files\Rainbow Six Vegas 2
2008-06-08 01:23:29 0 d-------- C:\WINDOWS\pss
2008-06-05 22:22:43 0 d-------- C:\Program Files\Steam
2008-06-05 19:13:01 0 d-------- C:\Documents and Settings\Jesse\Application Data\BitTorrent
2008-06-05 19:12:51 0 d-------- C:\Program Files\DNA
2008-06-05 19:12:51 0 d-------- C:\Program Files\BitTorrent
2008-06-05 19:12:51 0 d-------- C:\Documents and Settings\Jesse\Application Data\DNA


-- Find3M Report ---------------------------------------------------------------

2008-07-02 17:26:12 0 d-------- C:\Program Files\Common Files
2008-07-02 17:04:28 0 d-------- C:\Documents and Settings\Jesse\Application Data\Hamachi
2008-07-02 17:04:15 129536 --a------ C:\WINDOWS\system32\bounce.exe
2008-07-02 13:07:27 0 d-------- C:\Program Files\Hamachi
2008-07-02 12:11:12 0 d-------- C:\Documents and Settings\Jesse\Application Data\WinButler
2008-06-30 12:56:35 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-26 01:44:24 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-21 16:51:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 15:05:12 0 d-------- C:\Program Files\Xfire
2008-06-18 01:56:28 0 d-------- C:\Documents and Settings\Jesse\Application Data\Mozilla
2008-06-11 16:37:28 0 d-------- C:\Program Files\Java
2008-06-10 14:08:41 0 d-------- C:\Documents and Settings\Jesse\Application Data\Xfire
2008-06-07 15:21:19 0 d-------- C:\Documents and Settings\Jesse\Application Data\LimeWire
2008-06-04 21:35:57 0 d-------- C:\Documents and Settings\Jesse\Application Data\Adobe
2008-05-18 03:57:10 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-16 11:31:33 0 d-------- C:\Program Files\Activision
2008-05-13 11:29:57 0 d-------- C:\Program Files\Funcom
2008-05-13 11:27:59 0 d-------- C:\Program Files\Movies
2008-05-13 11:26:26 0 d-------- C:\Program Files\directx
2008-05-12 14:35:43 0 d-------- C:\Program Files\Common Files\AOL
2008-05-12 14:35:20 335 --a----c- C:\WINDOWS\nsreg.dat
2008-05-12 14:26:58 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-05-09 12:01:24 0 d-------- C:\Program Files\MSBuild
2008-05-09 11:18:29 0 d-------- C:\Program Files\Reference Assemblies
2008-05-09 11:10:33 0 d-------- C:\Program Files\MSXML 6.0
2008-05-06 11:59:55 0 d-------- C:\Program Files\Search and Play Flash Files
2008-05-06 11:59:52 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-05-06 11:51:30 0 d-------- C:\Program Files\Multi-Soundboard Player
2008-04-29 13:14:08 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{065CEDD4-C1A5-433E-809F-A0C2211D73C4}]
C:\Program Files\Online Services\poveja24418.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ACEF815-1F06-425C-A73B-6697462B24B8}]
C:\Program Files\Online Services\poveja4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}]
07/02/2008 01:42 PM 28288 --a------ C:\WINDOWS\system32\vtUkkihI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2433FEB3-8BCA-49F3-8CA8-AD141C81A724}]
07/02/2008 12:30 PM 307200 --a------ C:\WINDOWS\kgqfweltlkb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B338236-072C-4043-9466-4EB58508CF7B}]
C:\Program Files\Online Services\poveja455101.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CF86655-BC8B-4554-903F-284CC38CA8EC}]
C:\WINDOWS\system32\gebyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE52DD07-DB6F-405F-1B8A-A1245A220BDB}]
C:\Program Files\MSN\sahucoqe911.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE1D1648-D366-4755-A574-DC51F1D994A0}]
C:\Program Files\Online Services\poveja83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [10/25/2005 12:49 AM]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [01/21/2005 02:47 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [07/20/2006 01:04 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 08:12 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"was_check"="C:\Program Files\ErrorSafe Free\PASmon.exe" []
"UERScw"="C:\Program Files\ErrorSafe Free\UERScw.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/10/2003 03:30 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [10/17/2007 06:31 PM]
"pody"="C:\Program Files\Common Files\pody77798.exe" []
"6666666E686C686D"="E1E1E1E9E3E7E3.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM]
"cwriter"="C:\Program Files\StorageProtector\ucookw.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1210617329\ee\AOLSoftware.exe" [04/13/2006 04:36 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"RegistryMechanic"="" []
"lphcr71j0e7da"="C:\WINDOWS\system32\lphcr71j0e7da.exe" [07/02/2008 01:41 PM]
"SMrhcv71j0e7da"="C:\Program Files\rhcv71j0e7da\rhcv71j0e7da.exe" []
"DelayLoad"="C:\DOCUME~1\Jesse\LOCALS~1\Temp\atmadm2.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/07/2007 04:05 PM]
"ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" []
"WinButler"="C:\Documents and Settings\Jesse\Application Data\WinButler\WinButler.exe" [10/03/2007 09:15 AM]
"SfKg6wIPu"="C:\Documents and Settings\Jesse\Application Data\Microsoft\Windows\rayio.exe" [10/03/2007 01:17 PM]
"krir"="C:\PROGRA~1\COMMON~1\krir\krirm.exe" []
"kernel"="C:\Program Files\kernel\kernel.exe" []
"Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"NoDNS"="C:\Program Files\\NoDNS\\NoDNS.exe" []
"MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" []
"Fraps"="C:\Fraps\FRAPS.EXE" [08/15/2005 09:15 AM]
"@"="" []
"Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" []
"PC SpeedScan Pro"="C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [06/05/2008 07:12 PM]
"Steam"="c:\program files\steam\steam.exe" [06/05/2008 10:23 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [05/16/2008 06:16 PM]

C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [7/2/2008 1:06:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}"= C:\WINDOWS\system32\vtUkkihI.dll [07/02/2008 01:42 PM 28288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {0CC75023-939E-4226-89D7-4DEACE4124E1} - C:\WINDOWS\axrfgvek.dll [07/02/2008 12:30 PM 180224]
"okmdepgb"= {CF68AB08-A49E-49BA-8292-A4BF54429F72} - C:\WINDOWS\okmdepgb.dll [07/02/2008 12:30 PM 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwxvw]
byxwxvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hzsqmoaa]
hzsqmoaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkkihI]
vtUkkihI.dll 07/02/2008 01:42 PM 28288 C:\WINDOWS\system32\vtUkkihI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zkvgwdco]
zkvgwdco.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqOHXrP

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - MBAMCATCHME



-- End of Deckard's System Scanner: finished at 2008-07-02 18:05:27 ------------

Edited by ahhvirus, 02 July 2008 - 05:19 PM.


BC AdBot (Login to Remove)

 


#2 ahhvirus

ahhvirus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 July 2008 - 06:11 PM

Bumping if that's ok.

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 AM

Posted 03 July 2008 - 04:40 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
Actually bumping is not ok. Read the guidelines at the top of the page.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.


Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 AM

Posted 22 July 2008 - 07:11 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users