Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Shutdown As Well As Various Websites Inaccessible.


  • This topic is locked This topic is locked
6 replies to this topic

#1 Lags

Lags

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 09 July 2008 - 01:48 PM

Hello everyone... For the first time in years I've managed to download some type of malware. I'm a GeekSquad agent, and my tools haven't even been able to fix this one.

This malware blocks access to some websites (some I've tested are Myspace, and Facebook). Also, when I open up Windows Explorer it will completely terminate explorer.exe, which I have to open up again through the Task Manager. The GeekSquad MRI tool automates many AV and Spyware scanners, and also lets me run a lot of diagnostics that should have corrected this problem, but it hasn't done a thing. I'm stuck at a dead end.

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:30 PM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {d7e3420e-fa97-36d8-0654-d5e16ec073b7} - {7b370ce6-1e5d-4560-8d63-79afe0243e7d} - C:\WINDOWS\system32\bzcrgn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {EC5553AA-1246-4A32-8FB1-2E2B7019DC78} - C:\WINDOWS\system32\vtUnmJcc.dll
O2 - BHO: (no name) - {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} - C:\WINDOWS\system32\rqRIyAtQ.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [74ae1d17] rundll32.exe "C:\WINDOWS\system32\xevindhj.dll",b
O4 - HKLM\..\Run: [BM779d2e8b] Rundll32.exe "C:\WINDOWS\system32\jxnsjyvn.dll",s
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205894578500
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRIyAtQ - C:\WINDOWS\SYSTEM32\rqRIyAtQ.dll
O20 - Winlogon Notify: ssqQjKaX - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\Chris\Desktop\vnc\VNC4\WinVNC4.exe (file missing)

--
End of file - 10297 bytes


Thanks for any help that you all could provide me with...

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 09 July 2008 - 05:35 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Lags

Lags
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 09 July 2008 - 08:43 PM

Hello, Sam. Thanks for helping me out. Sorry it took me so long to respond, I had to go to work for a little while.

Here are the two results you requested:

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Chris on 2008-07-09 21:35:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-07-10 01:35:28 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2008-07-09 07:08:48 UTC - RP9 - System Checkpoint
8: 2008-07-08 07:07:41 UTC - RP8 - System Checkpoint
7: 2008-07-07 06:34:12 UTC - RP7 - System Checkpoint
6: 2008-07-06 05:29:26 UTC - RP6 - System Checkpoint


-- First Restore Point --
1: 2008-06-30 23:33:01 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:19 PM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\Saf10BF.tmp\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {d7e3420e-fa97-36d8-0654-d5e16ec073b7} - {7b370ce6-1e5d-4560-8d63-79afe0243e7d} - C:\WINDOWS\system32\bzcrgn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {EC5553AA-1246-4A32-8FB1-2E2B7019DC78} - C:\WINDOWS\system32\vtUnmJcc.dll
O2 - BHO: (no name) - {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} - C:\WINDOWS\system32\rqRIyAtQ.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [74ae1d17] rundll32.exe "C:\WINDOWS\system32\xevindhj.dll",b
O4 - HKLM\..\Run: [BM779d2e8b] Rundll32.exe "C:\WINDOWS\system32\jxnsjyvn.dll",s
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205894578500
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRIyAtQ - C:\WINDOWS\SYSTEM32\rqRIyAtQ.dll
O20 - Winlogon Notify: ssqQjKaX - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\Chris\Desktop\vnc\VNC4\WinVNC4.exe (file missing)

--
End of file - 10131 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 CamthWDM (WebcamMax, WDM Video Capture) - c:\windows\system32\drivers\camthwdm.sys <Not Verified; YewSoft; Cam Theme>
R3 EuMusDesignVirtualAudioCableWdm (Virtual Audio Cable (WDM)) - c:\windows\system32\drivers\vrtaucbl.sys

S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S1 klif - c:\windows\system32\drivers\klif.sys (file missing)
S3 DSDrv4 - c:\program files\dscaler\dsdrv4.sys
S3 klim5 (Kaspersky Anti-Virus NDIS Filter) - c:\windows\system32\drivers\klim5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2.2 - "c:\program files\apache software foundation\apache2.2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 FirebirdGuardianDefaultInstance (Firebird Guardian - DefaultInstance) - c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s <Not Verified; The Firebird Project; Firebird SQL Server>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s <Not Verified; The Firebird Project; Firebird SQL Server>

S2 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe
S2 WinVNC4 (VNC Server Version 4) - "c:\documents and settings\chris\desktop\vnc\vnc4\winvnc4.exe" -service (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&28F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&28F0
Service:

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_NERO&PROD_IMAGEDRIVE2&REV_2.26\2&2CA3B2A6&0&000
Manufacturer: (Standard CD-ROM drives)
Name: NERO IMAGEDRIVE2 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_NERO&PROD_IMAGEDRIVE2&REV_2.26\2&2CA3B2A6&0&000
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-07-09 09:00:00 188 --a------ C:\WINDOWS\Tasks\Tasks.job
2008-07-03 13:21:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-09 14:29:12 0 d-------- C:\Program Files\Trend Micro
2008-07-06 21:26:33 0 d-------- C:\Program Files\FileZilla Server
2008-07-03 01:19:29 0 d-------- C:\Program Files\eMule
2008-06-30 19:15:06 0 d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-06-30 02:17:14 103424 --a------ C:\WINDOWS\system32\bzcrgn.dll
2008-06-30 02:17:13 103424 --a------ C:\WINDOWS\system32\rryetbbj.dll
2008-06-30 02:14:23 82432 --a------ C:\WINDOWS\system32\xevindhj.dll
2008-06-30 02:14:13 90624 --a------ C:\WINDOWS\system32\jxnsjyvn.dll
2008-06-30 00:20:28 24576 --a------ C:\WINDOWS\system32\awtsTJyA.dll
2008-06-30 00:13:53 24576 --a------ C:\WINDOWS\system32\rqRIyAtQ.dll
2008-06-30 00:13:53 24576 -----n--- C:\WINDOWS\system32\geBrsQGX.dll
2008-06-29 18:04:15 0 d-------- C:\Program Files\CCleaner
2008-06-29 17:49:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-29 17:48:30 0 d-------- C:\Program Files\Webroot
2008-06-29 17:48:30 0 d-------- C:\Documents and Settings\Chris\Application Data\Webroot
2008-06-29 17:48:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-29 17:48:24 0 d-------- C:\Program Files\AskSBar
2008-06-29 17:15:59 0 d-------- C:\Documents and Settings\Chris\Application Data\Lavasoft
2008-06-29 17:09:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-06-29 02:13:49 103424 --a------ C:\WINDOWS\system32\vfuszw.dll
2008-06-29 02:13:48 103424 --a------ C:\WINDOWS\system32\cisdbvpj.dll
2008-06-29 02:13:40 90624 --a------ C:\WINDOWS\system32\ngtwnwhr.dll
2008-06-27 21:20:21 102912 --a------ C:\WINDOWS\system32\hnltsi.dll
2008-06-27 21:20:20 102912 --a------ C:\WINDOWS\system32\opmsepkp.dll
2008-06-27 21:14:20 90112 --a------ C:\WINDOWS\system32\ogeftyyc.dll
2008-06-27 00:56:11 24576 --a------ C:\WINDOWS\system32\pmnkKcbX.dll
2008-06-27 00:56:11 24576 --a------ C:\WINDOWS\system32\jkkIYQJC.dll
2008-06-26 19:38:03 91648 --a------ C:\WINDOWS\system32\chjdjjyi.dll
2008-06-25 19:38:26 106496 --a------ C:\WINDOWS\system32\uocovxgn.dll
2008-06-25 19:35:26 91136 --a------ C:\WINDOWS\system32\imygcydb.dll
2008-06-24 13:29:32 99840 --a------ C:\WINDOWS\system32\wryvqccc.dll
2008-06-24 13:25:23 91136 --a------ C:\WINDOWS\system32\icrwotei.dll
2008-06-24 13:17:41 0 d-------- C:\Program Files\HTV
2008-06-24 10:40:34 0 d-------- C:\Program Files\Lavasoft
2008-06-24 10:40:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 07:19:34 91136 --a------ C:\WINDOWS\system32\gbbvwvro(2).dll
2008-06-23 19:13:34 733831 --ahs---- C:\WINDOWS\system32\ccJmnUtv.ini2
2008-06-23 19:13:31 321536 --a------ C:\WINDOWS\system32\vtUnmJcc.dll
2008-06-23 19:08:26 24576 --a------ C:\WINDOWS\system32\ssqQjKaX.dll
2008-06-23 15:03:04 0 d-------- C:\Program Files\Gmask 1.70 English
2008-06-21 11:49:05 0 d-------- C:\Program Files\Voicent
2008-06-16 11:38:55 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM


-- Find3M Report ---------------------------------------------------------------

2008-07-09 13:56:17 0 d-------- C:\Program Files\LogMeIn
2008-07-08 19:37:41 0 d-------- C:\Program Files\mIRC
2008-07-08 16:51:54 0 d-------- C:\Documents and Settings\Chris\Application Data\LimeWire
2008-07-08 01:14:59 0 d-------- C:\Program Files\World of Warcraft
2008-07-04 22:42:15 1984 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-29 17:06:36 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-06-26 17:44:44 67280 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-26 17:39:26 0 d-------- C:\Program Files\Safari
2008-06-25 21:38:02 0 d-------- C:\Program Files\Java
2008-06-25 19:35:21 0 d-------- C:\Documents and Settings\Chris\Application Data\Adobe
2008-06-24 10:39:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 16:55:57 0 d-------- C:\Documents and Settings\Chris\Application Data\Mozilla
2008-06-17 09:22:11 0 d-------- C:\Program Files\Digsby
2008-06-16 12:03:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 09:11:59 0 d-------- C:\Program Files\Steam
2008-06-14 22:49:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-14 22:00:16 0 d-------- C:\Documents and Settings\Chris\Application Data\AVG7
2008-06-08 13:35:16 0 d-------- C:\Program Files\uTorrent
2008-06-08 13:34:38 0 d-------- C:\Program Files\Azureus
2008-06-08 00:08:26 0 d-------- C:\Program Files\Common Files
2008-06-07 12:09:40 0 d-------- C:\Program Files\TechSmith
2008-06-01 02:49:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-01 02:49:29 0 d-------- C:\Program Files\Analog Devices
2008-06-01 02:43:28 0 d-------- C:\Program Files\Broadcom Management Programs
2008-05-31 14:23:08 0 d-------- C:\Documents and Settings\Chris\Application Data\Publish Providers
2008-05-31 14:20:51 0 d-------- C:\Documents and Settings\Chris\Application Data\Sony
2008-05-31 14:18:33 0 d-------- C:\Program Files\Vstplugins
2008-05-31 14:18:14 0 d-------- C:\Program Files\Sony
2008-05-31 14:17:20 0 d-------- C:\Program Files\Sony Setup
2008-05-31 14:17:03 0 d-------- C:\Documents and Settings\Chris\Application Data\Azureus
2008-05-31 00:21:48 0 d-------- C:\Documents and Settings\Chris\Application Data\Sony Corporation
2008-05-31 00:17:45 0 d-------- C:\Program Files\Sonic
2008-05-31 00:04:53 0 d-------- C:\Documents and Settings\Chris\Application Data\InstallShield
2008-05-30 15:30:31 0 d-------- C:\Program Files\Easiestutils
2008-05-25 20:18:16 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-25 20:18:16 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-05-25 10:05:19 0 d-------- C:\Documents and Settings\Chris\Application Data\Download Manager
2008-05-23 20:04:53 0 d-------- C:\Program Files\iTunes
2008-05-23 20:04:37 0 d-------- C:\Program Files\iPod
2008-05-22 21:30:53 0 d-------- C:\Program Files\QuickTime
2008-05-20 21:09:50 0 d-------- C:\Program Files\MX240a
2008-05-13 16:04:12 0 d-------- C:\Program Files\DScaler
2008-05-13 15:54:36 0 d-------- C:\Program Files\Gemstar
2008-05-13 15:54:13 0 d-------- C:\Program Files\Common Files\ATI
2008-05-13 15:54:12 0 d-------- C:\Program Files\ATI Multimedia
2008-05-13 15:49:54 0 d-------- C:\Program Files\TitanTV
2008-05-13 15:47:29 0 d-------- C:\Program Files\ATI Technologies
2008-05-11 00:20:42 0 d-------- C:\Program Files\CedarLogic
2008-05-09 11:53:04 0 d-------- C:\Program Files\Trillian
2008-05-04 21:37:52 2543 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b370ce6-1e5d-4560-8d63-79afe0243e7d}]
06/30/2008 02:17 AM 103424 --a------ C:\WINDOWS\system32\bzcrgn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC5553AA-1246-4A32-8FB1-2E2B7019DC78}]
06/23/2008 07:13 PM 321536 --a------ C:\WINDOWS\system32\vtUnmJcc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}]
06/30/2008 12:13 AM 24576 --a------ C:\WINDOWS\system32\rqRIyAtQ.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [06/29/2008 05:48 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/28/2005 05:06 PM]
"nwiz"="nwiz.exe" [10/28/2005 05:06 PM C:\WINDOWS\system32\nwiz.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 03:55 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 03:51 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [09/07/2006 02:01 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"74ae1d17"="C:\WINDOWS\system32\xevindhj.dll" [06/30/2008 02:14 AM]
"BM779d2e8b"="C:\WINDOWS\system32\jxnsjyvn.dll" [06/30/2008 02:14 AM]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [12/25/2007 05:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"@"="" []
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [06/14/2005 09:49 PM]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [05/10/2005 04:21 PM]
"Google Update"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [05/26/2008 08:59 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskmgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}"= C:\WINDOWS\system32\rqRIyAtQ.dll [06/30/2008 12:13 AM 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/25/2007 03:22 PM 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIyAtQ]
rqRIyAtQ.dll 06/30/2008 12:13 AM 24576 C:\WINDOWS\system32\rqRIyAtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQjKaX]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUnmJcc

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Documents and Settings\Chris\Desktop\aohell\AOL 9.1\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\launchpd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace]
C:\Documents and Settings\Chris\Desktop\Downloads\DeskSpace_v1.5.1\DeskSpace_v1.5.1\DeskSpace v1.5.1\deskspace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRam prosessor]
msconf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1197228955\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]
C:\Program Files\HTV\HTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
"C:\Program Files\iCall\iCall.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
C:\Program Files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spiceworks]
C:\Program Files\Spiceworks\bin\spicetray_silent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0230Mon.exe]
C:\WINDOWS\V0230Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VgateClient]
C:\Program Files\Voicent\Gateway\bin\vgate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
"C:\WINDOWS\monitor\hqtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
"C:\Program Files\WebcamMax\wcmmon.exe" /a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Express]
pci32b.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\mri.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a49e9cf-eeb8-11dc-9daf-0040ca91b8a4}]
AutoRun\command- K:\LaunchU3.exe -a

*Newly Created Service* - FILEZILLA_SERVER



-- End of Deckard's System Scanner: finished at 2008-07-09 21:41:21 ------------



EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1022 MiB / 547.47 MiB
Pagefile Memory (total/avail): 2270.37 MiB / 1833.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.96 MiB

C: is Fixed (NTFS) - 182.22 GiB total, 58.21 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000BB-00GUC0 - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 4.05 GiB
\PARTITION1 (bootable) - Installable File System - 182.22 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris
LOGONSERVER=\\MAIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PHP\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
USERDOMAIN=MAIN
USERNAME=Chris
USERPROFILE=C:\Documents and Settings\Chris
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Chris (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
--> C:\Program Files\InstallShield Installation Information\{3475FBEC-E0F5-4A3F-823E-6C1DEA10F1AF}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{4067A0B5-FB0B-479C-8735-6F48F8E21872}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E8581ECC-8BEA-4E91-AB5E-587654EBB2A7}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ACE Mega CoDecS Pack --> "C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Add or Remove Adobe Creative Suite 3 Production Premium --> C:\Program Files\Common Files\Adobe\Installers\8c7a1e2e9e6a7b8aa308ba908bbd133\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Template Projects & Footage --> MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Production Premium --> MsiExec.exe /I{B4608CFE-B2EA-4675-9E74-CA5BA83C6DEA}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3 Library --> MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Glyphlet Creation Tool CS3 --> MsiExec.exe /I{243DA072-8E39-424A-86A3-F63152021383}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{ABB48460-97A1-4D4C-BC73-E083C5CE732B}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3 Scores --> MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apache HTTP Server 2.2.8 --> MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
Apex Video Converter Super 5.94 --> "C:\Program Files\Apex\Apex Video Converter Super\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ardamax Keylogger Lite 1.2 --> "C:\Documents and Settings\Chris\Desktop\5\Ardamax Keylogger Lite\Uninstall.exe"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Multimedia Center 9.08 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6892122-8504-4530-8033-C9EF45A4D014} /l1033
ATI Remote Wonder 3.02 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5} /l1033
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Avi2Dvd 0.4.5 beta --> C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Cain & Abel v4.9.10 --> C:\PROGRA~1\Cain\UNINSTAL.EXE C:\PROGRA~1\Cain\Install.log
Camfrog Video Chat 4.1 (remove only) --> "C:\Documents and Settings\Chris\Desktop\froggy\Camfrog Video Chat\uninstall.exe"
Camtasia Studio 4 --> MsiExec.exe /I{950A8D14-C48E-4508-B377-1EA45A18FA3D}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Celtx (0.9.9.7) --> C:\Program Files\Celtx\uninstall\helper.exe
ChaCha Guide Application --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://guideapp.chacha.com/main.jnlp"
Clever Icons Horizon Christmas 2006 Set --> "C:\Documents and Settings\All Users\Application Data\{6E59BB90-41C1-43F8-916E-BC7245684C50}\clever icons christmas 2006 set.exe" REMOVE=TRUE MODIFY=FALSE
CodecInstaller 2.5.7 --> C:\Program Files\JockerSoft\CodecInstaller\uninst.exe
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Video IM Pro Driver (1.02.02.1018) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0230.uns -unsext NT -plugin V0230Pin.dll -pluginres CtCamPin.crl
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
DebboProject V4 Public Beta R16 --> C:\Documents and Settings\Chris\Desktop\takit\DebboProject V4 Public Beta\Uninstall.exe
Debugging Tools for Windows (x86) --> MsiExec.exe /I{1CD0C3C5-809D-4CFC-904A-1B67C6243637}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DScaler 4.1.15 --> "C:\Program Files\DScaler\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy GIF Animator 4.3 --> "C:\Documents and Settings\Chris\Desktop\vbcv\Easy GIF Animator\unins000.exe"
Easy Macro Recorder 3.68 --> "C:\Documents and Settings\Chris\Desktop\Easy Macro Recorder\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FileZilla Server (remove only) --> "C:\Program Files\FileZilla Server\uninstall.exe"
Firebird 1.5.2.4731 --> "C:\Program Files\Firebird\Firebird_1_5\unins000.exe"
FL Studio v7.0 --> "C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
Folding@Home --> C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Folding@Home\Uninstall1E4F.DAT
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gmask 1.70 English --> C:\Program Files\Gmask 1.70 English\uninstal.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GUIDE PLUS+™ for Windows® System - ATI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\DOCUME~1\Chris\LOCALS~1\Temp\Saf1006.tmp\HijackThis.exe" /uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iCall --> "C:\Program Files\iCall\unins000.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2_15 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Jing --> MsiExec.exe /I{2BE9075D-2CB6-4510-94A3-28E72290FC60}
Last.fm 1.3.2.13 --> "C:\Program Files\Last.fm\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Light-O-Rama Demo --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Light-O-Rama\ST6UNST.LOG"
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{3FEC3A5B-60FF-4626-B425-08E09B121A15}
Lunatic 3.5 Visual Style --> C:\WINDOWS\Resources\Themes\Lunatic\Uninstall\unins000.exe
LWAway 1.0.0.1 --> C:\PROGRA~1\LWAway\UNWISE.EXE C:\PROGRA~1\LWAway\INSTALL.LOG
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C# 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition - ENU\setup.exe
Microsoft Visual C# 2008 Express Edition - ENU --> MsiExec.exe /X{2D07422C-CA35-375A-A3A8-3631AB85BFE5}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
middle_man --> "C:\PROGRA~1\AIM\UninstallMM.exe"
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MX240a --> MsiExec.exe /I{BE41CB9F-8C21-44DC-BC47-5797654442E3}
Nero 7 --> MsiExec.exe /X{293C9DF5-7669-4826-BBB2-E1F182D71033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Paquet Builder 2.9 --> C:\Program Files\Paquet Builder\Uninst.exe
PDF Settings --> MsiExec.exe /I{DC017035-1939-425F-8F86-63B462C76C6A}
PHP 5.2.5 --> MsiExec.exe /I{00FA2C30-C2BB-45A2-B0C3-769541E8F6A2}
PHP Form Wizard 1.2.5 demo --> "C:\Program Files\PHP Form Wizard\unins000.exe"
Phun beta 3.5 --> "C:\Program Files\Phun\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RedLightCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35C73A54-1428-4893-B041-58AA594F4ACD}\setup.exe" -l0x9
Royale Remixed Theme --> MsiExec.exe /I{1B1D7494-158D-49BB-B5E9-826EACFED1DD}
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SAM Broadcaster (remove only) --> "C:\Program Files\SpacialAudio\SAMBC\uninstall.exe"
Serv-U 6.4 --> "C:\Program Files\RhinoSoft.com\Serv-U\unins000.exe"
ShortKeys 2 --> C:\PROGRA~1\SHORTK~1\UNWISE.EXE C:\PROGRA~1\SHORTK~1\INSTALL.LOG
ShortKeys Lite --> C:\PROGRA~1\SHORTK~1\UNWISE.EXE C:\PROGRA~1\SHORTK~1\INSTALL.LOG
SHOUTcast Source DSP 1.9.0 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility --> C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Vegas Movie Studio Platinum 8.0 --> MsiExec.exe /X{987B8E44-5E06-48A5-9745-46EB2B8A3CB0}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Speakonia --> "C:\Program Files\CFS-Technologies\Speakonia\unins000.exe"
Spiceworks --> C:\Program Files\Spiceworks\uninst.exe
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SQLyog Community 6.15 --> C:\Program Files\SQLyog Community\uninst.exe
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Super Turbo Tango Patcher 7.08.2 --> C:\WINDOWS\Super Turbo Tango Patcher\uninst.exe
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Temperature Monitor --> MsiExec.exe /I{5EF0BC8A-B7A6-471D-BCAB-46C3A017ADC4}
TitanTV Client components for ATI --> MsiExec.exe /I{0A04149A-F6CC-4E4E-BDC6-44D0E64916FC}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Uninstall AOL Emergency Connect Utility 1.0 --> C:\Program Files\Common Files\AOL\ECU\uninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{1A40B327-2F18-4DC6-894F-C9050321B5CB}\setup.exe -runfromtemp -l0x0409
VideoEgg Publisher --> C:\Documents and Settings\Chris\Application Data\VideoEgg\Uninstall.exe
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Audio Cable 4.04 --> C:\Program Files\Virtual Audio Cable\setup.exe -u
VMware Player --> MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
VNC Free Edition 4.1.2 --> "C:\Documents and Settings\Chris\Desktop\vnc\VNC4\unins000.exe"
VoipCheapCom --> "C:\Program Files\VoipCheapCom\unins000.exe"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebcamMax --> "C:\Program Files\WebcamMax\uninst.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
WinCustomize Browser --> C:\PROGRA~1\Stardock\WINCUS~1\SKINBR~1\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\SKINBR~1\INSTALL.LOG
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinPcap 4.0.2 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
YouTube FLV to AVI Suite Enterprise 2.3.9 --> "C:\Program Files\Easiestutils\YouTube FLV to AVI Suite Enterprise\unins000.exe"
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type14489 / Error
Event Submitted/Written: 07/08/2008 05:15:39 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vlc.exe, version 0.8.6.0, faulting module libvlc.dll, version 0.0.0.0, fault address 0x00045925.
Processing media-specific event for [vlc.exe!ws!]

Event Record #/Type14316 / Success
Event Submitted/Written: 07/04/2008 01:05:46 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type14302 / Error
Event Submitted/Written: 07/03/2008 11:51:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x01578ac0.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type14295 / Error
Event Submitted/Written: 07/03/2008 02:57:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x01578ac0.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type14290 / Error
Event Submitted/Written: 07/02/2008 01:08:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vlc.exe, version 0.8.6.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000111de.
Processing media-specific event for [vlc.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13167 / Error
Event Submitted/Written: 07/09/2008 01:38:49 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type13166 / Error
Event Submitted/Written: 07/09/2008 01:38:46 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The FileZilla Server FTP server service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type13160 / Warning
Event Submitted/Written: 07/08/2008 01:32:06 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type13141 / Warning
Event Submitted/Written: 07/07/2008 06:54:14 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type13137 / Warning
Event Submitted/Written: 07/06/2008 11:06:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-09 21:41:21 ------------


Thanks again :thumbsup:

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 10 July 2008 - 07:45 AM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: {d7e3420e-fa97-36d8-0654-d5e16ec073b7} - {7b370ce6-1e5d-4560-8d63-79afe0243e7d} - C:\WINDOWS\system32\bzcrgn.dll
O2 - BHO: (no name) - {EC5553AA-1246-4A32-8FB1-2E2B7019DC78} - C:\WINDOWS\system32\vtUnmJcc.dll
O2 - BHO: (no name) - {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} - C:\WINDOWS\system32\rqRIyAtQ.dll
O4 - HKLM\..\Run: [74ae1d17] rundll32.exe "C:\WINDOWS\system32\xevindhj.dll",b
O4 - HKLM\..\Run: [BM779d2e8b] Rundll32.exe "C:\WINDOWS\system32\jxnsjyvn.dll",s
O20 - Winlogon Notify: rqRIyAtQ - C:\WINDOWS\SYSTEM32\rqRIyAtQ.dll
O20 - Winlogon Notify: ssqQjKaX - C:\WINDOWS\



=================


You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

================


Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Lags

Lags
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 10 July 2008 - 11:49 AM

ComboFix 08-07-09.5 - Chris 2008-07-10 12:27:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.602 [GMT -4:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\28463
C:\WINDOWS\system32\28463\NCEK.001
C:\WINDOWS\system32\28463\NCEK.002
C:\WINDOWS\system32\28463\NCEK.006
C:\WINDOWS\system32\28463\NCEK.007
C:\WINDOWS\system32\28463\NCEK.exe
C:\WINDOWS\system32\aiqgpgyx.ini
C:\WINDOWS\system32\anuctnbs.ini
C:\WINDOWS\system32\awtsTJyA.dll
C:\WINDOWS\system32\ccJmnUtv.ini
C:\WINDOWS\system32\ccJmnUtv.ini2
C:\WINDOWS\system32\chjdjjyi.dll
C:\WINDOWS\system32\cisdbvpj.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\gbbvwvro(2).dll
C:\WINDOWS\system32\geBrsQGX.dll
C:\WINDOWS\system32\hnltsi.dll
C:\WINDOWS\system32\icrwotei.dll
C:\WINDOWS\system32\imygcydb.dll
C:\WINDOWS\system32\jhdnivex.ini
C:\WINDOWS\system32\jkkIYQJC.dll
C:\WINDOWS\system32\jxnsjyvn.dll
C:\WINDOWS\system32\jytndkhx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ngtwnwhr.dll
C:\WINDOWS\system32\ogeftyyc.dll
C:\WINDOWS\system32\okaaqhaw.ini
C:\WINDOWS\system32\opmsepkp.dll
C:\WINDOWS\system32\pmnkKcbX.dll
C:\WINDOWS\system32\rqRIyAtQ.dll
C:\WINDOWS\system32\rryetbbj.dll
C:\WINDOWS\system32\ssqQjKaX.dll
C:\WINDOWS\system32\uocovxgn.dll
C:\WINDOWS\system32\vfuszw.dll
C:\WINDOWS\system32\vtUnmJcc.dll
C:\WINDOWS\system32\wryvqccc.dll
C:\WINDOWS\system32\wwgysqrc.ini
C:\WINDOWS\system32\xevindhj.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 11:53 . 2008-07-10 11:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-09 21:35 . 2008-07-09 21:35 <DIR> d-------- C:\Deckard
2008-07-09 14:29 . 2008-07-09 14:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-06 21:26 . 2008-07-06 21:26 <DIR> d-------- C:\Program Files\FileZilla Server
2008-07-03 01:19 . 2008-07-03 01:31 <DIR> d-------- C:\Program Files\eMule
2008-06-30 19:15 . 2008-06-30 19:15 <DIR> d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-06-29 18:04 . 2008-06-29 18:04 <DIR> d-------- C:\Program Files\CCleaner
2008-06-29 17:50 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-06-29 17:49 . 2008-06-29 17:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-29 17:48 . 2008-06-29 17:48 <DIR> d-------- C:\Program Files\Webroot
2008-06-29 17:48 . 2008-06-29 17:48 <DIR> d-------- C:\Program Files\AskSBar
2008-06-29 17:48 . 2008-06-29 17:48 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Webroot
2008-06-29 17:48 . 2008-06-29 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-29 17:48 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-29 17:48 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-29 17:48 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-29 17:48 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-29 17:48 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-29 17:15 . 2008-06-29 17:15 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Lavasoft
2008-06-29 17:09 . 2008-06-29 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-06-28 21:17 . 2008-06-28 21:17 1,687,222 --ahs---- C:\WINDOWS\system32\aiqgpgyx.tmp
2008-06-28 14:44 . 2008-06-28 23:09 356 --ahs---- C:\WINDOWS\klif.spi
2008-06-24 13:17 . 2008-06-24 13:17 <DIR> d-------- C:\Program Files\HTV
2008-06-24 10:40 . 2008-06-24 10:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-24 10:40 . 2008-06-24 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 07:19 . 2008-07-09 21:18 110,321 --a------ C:\WINDOWS\BM779d2e8b.xml
2008-06-23 15:03 . 2008-06-23 15:03 <DIR> d-------- C:\Program Files\Gmask 1.70 English
2008-06-22 22:29 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-22 22:29 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-21 11:49 . 2008-06-24 10:34 <DIR> d-------- C:\Program Files\Voicent
2008-06-16 11:38 . 2008-06-16 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-06-16 10:59 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-06-16 10:59 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 16:11 --------- d-----w C:\Program Files\LogMeIn
2008-07-10 15:53 --------- d-----w C:\Program Files\Java
2008-07-10 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-08 23:37 --------- d-----w C:\Program Files\mIRC
2008-07-08 20:51 --------- d-----w C:\Documents and Settings\Chris\Application Data\LimeWire
2008-07-08 05:14 --------- d-----w C:\Program Files\World of Warcraft
2008-06-29 21:06 --------- d-----w C:\Documents and Settings\Chris\Application Data\uTorrent
2008-06-28 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-26 21:39 --------- d-----w C:\Program Files\Safari
2008-06-24 14:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 13:22 --------- d-----w C:\Program Files\Digsby
2008-06-16 16:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-16 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-06-16 13:11 --------- d-----w C:\Program Files\Steam
2008-06-15 02:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-15 02:00 --------- d-----w C:\Documents and Settings\Chris\Application Data\AVG7
2008-06-08 17:35 --------- d-----w C:\Program Files\uTorrent
2008-06-08 17:34 --------- d-----w C:\Program Files\Azureus
2008-06-08 04:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-07 16:09 --------- d-----w C:\Program Files\TechSmith
2008-06-07 02:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-01 06:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 06:49 --------- d-----w C:\Program Files\Analog Devices
2008-06-01 06:43 --------- d-----w C:\Program Files\Broadcom Management Programs
2008-05-31 18:23 --------- d-----w C:\Documents and Settings\Chris\Application Data\Publish Providers
2008-05-31 18:20 --------- d-----w C:\Documents and Settings\Chris\Application Data\Sony
2008-05-31 18:18 --------- d-----w C:\Program Files\Vstplugins
2008-05-31 18:18 --------- d-----w C:\Program Files\Sony
2008-05-31 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-05-31 18:17 --------- d-----w C:\Program Files\Sony Setup
2008-05-31 18:17 --------- d-----w C:\Documents and Settings\Chris\Application Data\Azureus
2008-05-31 04:21 --------- d-----w C:\Documents and Settings\Chris\Application Data\Sony Corporation
2008-05-31 04:17 --------- d-----w C:\Program Files\Sonic
2008-05-31 04:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-31 04:04 --------- d-----w C:\Documents and Settings\Chris\Application Data\InstallShield
2008-05-30 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-30 19:30 --------- d-----w C:\Program Files\Easiestutils
2008-05-25 14:05 --------- d-----w C:\Documents and Settings\Chris\Application Data\Download Manager
2008-05-24 00:04 --------- d-----w C:\Program Files\iTunes
2008-05-24 00:04 --------- d-----w C:\Program Files\iPod
2008-05-23 01:30 --------- d-----w C:\Program Files\QuickTime
2008-05-21 01:09 --------- d-----w C:\Program Files\MX240a
2008-05-13 20:04 --------- d-----w C:\Program Files\DScaler
2008-05-13 19:54 --------- d-----w C:\Program Files\Gemstar
2008-05-13 19:54 --------- d-----w C:\Program Files\Common Files\ATI
2008-05-13 19:54 --------- d-----w C:\Program Files\ATI Multimedia
2008-05-13 19:49 --------- d-----w C:\Program Files\TitanTV
2008-05-13 19:47 --------- d-----w C:\Program Files\ATI Technologies
2008-05-11 04:20 --------- d-----w C:\Program Files\CedarLogic
2008-02-16 18:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-19 23:50 220,008,707 ----a-w C:\Documents and Settings\Chris\WoW-2.2.3.7359-to-0.3.0.7441-enUS-patch.exe
2007-04-03 16:32 344,064 ----a-w C:\Documents and Settings\Chris\setup.exe
2008-03-11 20:46 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-10-08 15:37 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2003-03-31 15:00 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 00:56 548352 4caa7b7dae53186b65e3f5c33ac6df93 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\Super Turbo Tango Patcher\Backup\user32.dll
2004-08-04 00:56 548352 4caa7b7dae53186b65e3f5c33ac6df93 C:\WINDOWS\system32\user32.dll

2003-03-31 15:00 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:59 2228992 d69bf39be5d603a4e5b8ec059baa5988 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntkrnlpa.exe
2008-02-22 12:25 2228992 eb6268f101689a7d645fd2f77cf11dc4 C:\WINDOWS\system32\ntkrnlpa.exe

2003-03-31 15:00 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:20 2353152 3c2fe3228fbe3dbb9e428edd00ed3c11 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntoskrnl.exe
2008-02-22 12:25 2353152 0ea0bcdd9eec3524ed06a1193c38d74d C:\WINDOWS\system32\ntoskrnl.exe

2004-08-04 00:56 997376 b06b40b3576890b63a2e7c9fa1009ebd C:\WINDOWS\explorer.exe
2003-03-31 15:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 997376 b06b40b3576890b63a2e7c9fa1009ebd C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\Super Turbo Tango Patcher\Backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 58920 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-09-29 16:22 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
--a------ 2005-06-14 21:49 53248 C:\Program Files\ATI Multimedia\main\atidtct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
--a------ 2005-05-10 16:21 1482752 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2006-06-13 05:20 127036 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 17:25 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-05-26 20:59 51184 C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 13:16 42032 C:\Program Files\Common Files\AOL\1197228955\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
--a------ 2007-08-28 14:24 1191936 C:\Program Files\iCall\iCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
--a------ 2008-05-07 03:01 738560 C:\Program Files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-04-17 14:03 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-10-28 17:06 7307264 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-10-28 17:06 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-22 20:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 14:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spiceworks]
--a------ 2007-12-19 19:18 61440 C:\Program Files\Spiceworks\bin\spicetray_silent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2007-11-30 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2005-01-01 16:16 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0230Mon.exe]
--a------ 2006-09-07 02:01 32768 C:\WINDOWS\V0230Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-07-31 17:12 2482176 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 10:21 55856 C:\WINDOWS\monitor\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
--a------ 2007-02-20 14:23 7202360 C:\Program Files\VoipCheapCom\VoipCheapCom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
--a------ 2007-09-16 01:15 450048 C:\Program Files\WebcamMax\wcmmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 17:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-09-14 14:38 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-10-28 17:06 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-14 14:38 14820864 C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45]
R2 Apache2.2;Apache2.2;C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-01-18 00:37]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 04:38]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 01:05]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2006-12-31 16:38]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 01:05]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 10:22]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 10:22]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 10:22]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]
S3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-11-20 02:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\mri.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a49e9cf-eeb8-11dc-9daf-0040ca91b8a4}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 17:21:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-10 13:00:00 C:\WINDOWS\Tasks\Tasks.job"
- C:\WINDOWS\Tasks
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AOL Fast Start - C:\Documents and Settings\Chris\Desktop\aohell\AOL 9.1\AOL.EXE
MSConfigStartUp-ATI Launchpad - C:\Program Files\ATI Multimedia\main\launchpd.exe
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
MSConfigStartUp-BM779d2e8b - C:\WINDOWS\system32\jxnsjyvn.dll
MSConfigStartUp-DeskSpace - C:\Documents and Settings\Chris\Desktop\Downloads\DeskSpace_v1.5.1\DeskSpace_v1.5.1\DeskSpace v1.5.1\deskspace.exe
MSConfigStartUp-HTV Agent - C:\Program Files\HTV\HTV.exe
MSConfigStartUp-nmapp - C:\Program Files\Pure Networks\Network Magic\nmapp.exe
MSConfigStartUp-nmctxth - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
MSConfigStartUp-STYLEXP - C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
MSConfigStartUp-VgateClient - C:\Program Files\Voicent\Gateway\bin\vgate.exe
MSConfigStartUp-WindowBlinds - C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
MSConfigStartUp-DRam prosessor - msconf.exe
MSConfigStartUp-Windows Express - pci32b.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 12:32:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\mucltui.dll 271224 bytes executable
C:\WINDOWS\system32\mucltui.dll.mui 30072 bytes executable
C:\WINDOWS\system32\muweb.dll 207736 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************
.
Completion time: 2008-07-10 12:47:38
ComboFix-quarantined-files.txt 2008-07-10 16:47:31

Pre-Run: 62,164,365,312 bytes free
Post-Run: 62,086,455,296 bytes free

341
NOTE: It seems like these steps cleared up all the problems I was having. Thanks a lot, Sam. I appreciate your help.


Edited by Lags, 10 July 2008 - 11:54 AM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 10 July 2008 - 01:34 PM

Just a few last things and you should be good to go! :)


First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.

How to install and use the Windows XP Recovery Console



===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 24 July 2008 - 10:28 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users