Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Start Up, Ie & Ff Dont Work Well Anymore


  • This topic is locked This topic is locked
9 replies to this topic

#1 bryan767

bryan767

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 11 July 2008 - 09:10 PM

ok, so the other day i was surfering the web and zone alarm showed up and it said something along the lines of .dll i forget the name because it was a really long one, anyway i accidently hit ok. and i guess it installed or deleted the .dll, so i panicked and shut down my internet access, and ran a few virus programs which were spybot search & destroy, and avg. i restarted my computer and my background actually said my computer was infected, and i needed to install an anti-virus.. so i restored my computer to earlier this month. this had little affect (my background turned back to the original one)

i notice the main problem when i start my computer, it takes a good 3-7 minutes to load.. and thats saying if it shows the start bar and icons.. when it dosnt i have to hit ctrl-alt-del > go to run and try and open a folder.. this forces the start bar and icons show. also, im a frequant firefox user, and once this .dll got changed firefox wont open certain pages such as gmail, neither would IE.. i was able to update both programs (firefox 3, IE7) but still the same. i discovered however that the most recent version of netscape works perfectly and loads all of my pages. Also, im having random system freezing, when my cpu usage skyrockets to around 90%. i have a good -- well great computer, and iv never used more then 20% cpu usage even while running newer games. now at idle im at about 50%. i am also have trouble updating all of my programs, which is why i couldnt run the Kaspersky Online Scanner because it needed to update but i guess it was denied, windows defender, and regestry mechanic are also unable to update.

ps. a program called NetBios keeps getting denied internet access from zone alarm, is this a problem as well? and i was looking in the log and i uninstalled norton, but the symatec update is still there. i have installed a few different anti-spyware, and virus protection programs
thanks again - bryan

Deckard's System Scanner v20071014.68
Run by Games on 2008-07-11 21:56:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2008-07-12 01:56:40 UTC - RP1015 - Deckard's System Scanner Restore Point
22: 2008-07-11 12:41:54 UTC - RP1014 - Installed ATI Catalyst Registration
21: 2008-07-11 12:26:18 UTC - RP1013 - Installed ATI Catalyst Control Center
20: 2008-07-11 05:37:53 UTC - RP1012 - Installed DirectX
19: 2008-07-11 05:27:54 UTC - RP1011 - Installed Windows Defender


-- First Restore Point --
1: 2008-07-10 12:35:56 UTC - RP993 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Games.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:41 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Documents and Settings\Games\Desktop\dss.exe
C:\DOCUME~1\Games\Desktop\Games.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\GAMES\Application Data\Mozilla\Profiles\default\71jnk0rd.slt\prefs.js)
O2 - BHO: {a20bebe3-fd71-18aa-d9a4-4ffd1282c640} - {046c2821-dff4-4a9d-aa81-17df3ebeb02a} - C:\WINDOWS\system32\yqileu.dll
O2 - BHO: (no name) - {688AFD30-23B6-4C81-AA10-AFED778A1010} - C:\WINDOWS\system32\xxyxUopQ.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {A7DB3B47-23B6-422F-9C9D-EB9C4CBA3EF6} - C:\WINDOWS\system32\tuvVMdDT.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [f8c08294] rundll32.exe "C:\WINDOWS\system32\sidlsojf.dll",b
O4 - HKLM\..\Run: [BMfbf3b108] Rundll32.exe "C:\WINDOWS\system32\nhixvkrs.dll",s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Games\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/070552351df2fa...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146528318900
O20 - Winlogon Notify: tuvVMdDT - C:\WINDOWS\SYSTEM32\tuvVMdDT.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10734 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
R3 axvbusx - c:\windows\system32\drivers\axvbusx.sys
R3 axvscsi - c:\windows\system32\drivers\axvscsi.sys
R3 NETGEAR_WG311_SERVICE (NETGEAR WG311 Wireless PCI Adapter Service) - c:\windows\system32\drivers\wg311nd5.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S3 Sytlontidfa -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1019&SUBSYS_728C1462&REV_00\4&16EBCD95&0&0818
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1019&SUBSYS_728C1462&REV_00\4&16EBCD95&0&0818
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 19:19:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-10 14:09:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 19:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-11 08:43:35 103424 --a------ C:\WINDOWS\system32\yqileu.dll
2008-07-11 08:43:33 103424 --a------ C:\WINDOWS\system32\npybtkve.dll
2008-07-11 08:40:35 78336 --a------ C:\WINDOWS\system32\sidlsojf.dll
2008-07-11 08:38:26 90624 --a------ C:\WINDOWS\system32\nhixvkrs.dll
2008-07-11 01:34:04 0 d-------- C:\WINDOWS\Logs
2008-07-11 01:28:33 0 d-------- C:\Program Files\Windows Defender
2008-07-11 00:12:03 630816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-10 23:12:50 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-10 08:41:35 102912 --a------ C:\WINDOWS\system32\tspjnr.dll
2008-07-10 08:41:34 102912 --a------ C:\WINDOWS\system32\vafowcro.dll
2008-07-10 08:38:34 78848 --a------ C:\WINDOWS\system32\qdbhykhf.dll
2008-07-10 08:36:45 91648 --a------ C:\WINDOWS\system32\dysenjcx.dll
2008-07-10 08:35:34 716663 --ahs---- C:\WINDOWS\system32\QpoUxyxx.ini2
2008-07-10 08:35:20 318976 --a------ C:\WINDOWS\system32\xxyxUopQ.dll
2008-07-10 00:17:22 318976 --a------ C:\WINDOWS\system32\ddcBTMcA.dll
2008-07-09 23:17:20 318976 --a------ C:\WINDOWS\system32\mlJBtrSj.dll
2008-07-09 22:17:19 318976 --a------ C:\WINDOWS\system32\tuvussrR.dll
2008-07-09 21:17:23 318976 --a------ C:\WINDOWS\system32\geBqPHaX.dll
2008-07-09 20:17:21 318976 --a------ C:\WINDOWS\system32\nnnoNgGW.dll
2008-07-09 19:17:16 318976 --a------ C:\WINDOWS\system32\khfDvuss.dll
2008-07-09 18:17:15 318976 --a------ C:\WINDOWS\system32\ddcaWnLc.dll
2008-07-09 17:17:14 318976 --a------ C:\WINDOWS\system32\nnnmmjKd.dll
2008-07-09 17:12:11 25600 --a------ C:\WINDOWS\system32\tuvVMdDT.dll
2008-07-09 17:12:11 25600 --a------ C:\WINDOWS\system32\ljJCspOI.dll
2008-07-09 17:01:04 0 d-------- C:\Program Files\MRU-Blaster
2008-07-09 16:58:53 0 d-------- C:\Program Files\Spyware Doctor
2008-07-09 16:58:53 0 d-------- C:\Documents and Settings\Games\Application Data\PC Tools
2008-07-09 16:53:42 0 d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-07-09 14:04:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-07-09 14:03:05 0 d--h----- C:\Documents and Settings\Games\Application Data\GTek
2008-07-09 14:00:35 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-07-09 14:00:33 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-07 20:06:47 10485760 --a------ C:\Documents and Settings\Games\ntuser.dat
2008-06-15 23:24:18 0 d-------- C:\Program Files\iPod
2008-06-15 23:23:58 0 d-------- C:\Program Files\iTunes
2008-06-15 23:22:28 0 d-------- C:\Program Files\Bonjour
2008-06-13 19:42:21 0 d-------- C:\Logs


-- Find3M Report ---------------------------------------------------------------

2008-07-11 21:58:44 0 d-------- C:\Documents and Settings\Games\Application Data\DNA
2008-07-11 21:42:43 0 d-------- C:\Documents and Settings\Games\Application Data\Hamachi
2008-07-11 08:49:15 0 d-------- C:\Documents and Settings\Games\Application Data\Viewpoint
2008-07-11 08:48:19 0 d-------- C:\Program Files\Viewpoint
2008-07-11 08:32:22 0 d-------- C:\Program Files\ATI Technologies
2008-07-11 00:40:01 0 d-------- C:\Documents and Settings\Games\Application Data\Netscape
2008-07-11 00:39:06 0 d-------- C:\Program Files\Netscape
2008-07-10 23:16:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-10 22:38:49 0 d-------- C:\Documents and Settings\Games\Application Data\Mozilla
2008-07-10 08:44:00 0 d-------- C:\Documents and Settings\Games\Application Data\Spybot - Search & Destroy
2008-07-10 08:27:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-09 20:37:25 0 d-------- C:\Program Files\AIMTunes
2008-07-09 16:53:42 0 d-------- C:\Program Files\Symantec
2008-07-09 16:51:31 0 d-------- C:\Program Files\Common Files
2008-07-08 23:35:08 0 d-------- C:\Documents and Settings\Games\Application Data\Symantec
2008-07-08 01:14:50 0 d-------- C:\Documents and Settings\Games\Application Data\Adobe
2008-06-29 22:02:27 0 d-------- C:\Documents and Settings\Games\Application Data\LimeWire
2008-06-15 23:22:00 0 d-------- C:\Program Files\QuickTime
2008-06-13 22:52:25 4096 --a------ C:\WINDOWS\system32\crash
2008-06-13 22:14:05 0 d-------- C:\Program Files\World of Warcraft
2008-06-12 15:27:38 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-12 15:25:25 0 d-------- C:\Program Files\planetside
2008-06-12 15:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 14:58:47 0 d-------- C:\Program Files\IDoser v4
2008-06-09 20:46:55 0 d-------- C:\Program Files\Warcraft III
2008-06-08 15:28:08 17627 --a------ C:\WINDOWS\War3Unin.dat
2008-06-08 15:27:17 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-08 15:27:16 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-08 15:04:00 0 d-------- C:\Documents and Settings\Games\Application Data\BitTorrent
2008-06-08 13:28:46 0 d-------- C:\Program Files\Common Files\3DO Shared
2008-06-08 13:28:46 0 d-------- C:\Program Files\3DO
2008-06-02 21:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-17 11:08:28 0 d-------- C:\Program Files\Java
2008-05-12 22:34:05 0 d-------- C:\Program Files\Apple Software Update
2008-05-03 00:02:02 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046c2821-dff4-4a9d-aa81-17df3ebeb02a}]
07/11/2008 08:43 AM 103424 --a------ C:\WINDOWS\system32\yqileu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{688AFD30-23B6-4C81-AA10-AFED778A1010}]
07/10/2008 08:35 AM 318976 --a------ C:\WINDOWS\system32\xxyxUopQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7DB3B47-23B6-422F-9C9D-EB9C4CBA3EF6}]
07/09/2008 05:12 PM 25600 --a------ C:\WINDOWS\system32\tuvVMdDT.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [10/04/2007 04:06 PM 1135968]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [05/16/2003 01:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [03/17/2004 12:26 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/21/2004 10:05 PM]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 06:12 AM C:\WINDOWS\soundman.exe]
"Cmaudio"="cmicnfg.cpl" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 02:49 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [08/20/2007 10:58 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"f8c08294"="C:\WINDOWS\system32\sidlsojf.dll" [07/11/2008 08:40 AM]
"BMfbf3b108"="C:\WINDOWS\system32\nhixvkrs.dll" [07/11/2008 08:38 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/31/2008 09:31 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/22/2005 11:25 PM C:\WINDOWS\KHALMNPR.Exe]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [02/21/2008 06:02 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [03/30/2008 06:30 PM]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [12/01/2004 04:32 PM]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [12/01/2004 04:28 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/09/2008 03:54 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 05:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Games\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [10/14/2007 6:29:33 PM]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [7/19/2003 4:48:42 PM]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [3/28/2004 3:07:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/19/2006 8:48:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A7DB3B47-23B6-422F-9C9D-EB9C4CBA3EF6}"= C:\WINDOWS\system32\tuvVMdDT.dll [07/09/2008 05:12 PM 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVMdDT]
tuvVMdDT.dll 07/09/2008 05:12 PM 25600 C:\WINDOWS\system32\tuvVMdDT.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyxUopQ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6ffd4d-4de1-11dd-9017-00095b9461cd}]
AutoRun\command- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a65a2094-7f2d-11da-8aec-00095b9461cd}]
AutoRun\command- F:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2008-07-11 22:07:40 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
CPU 1: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1023.48 MiB / 404.73 MiB
Pagefile Memory (total/avail): 2463.69 MiB / 1705.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.13 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 27.59 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 18.63 GiB total, 3.71 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD200BB-00CAA1 - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 18.64 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.483.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Xfire\\Xfire.exe"="E:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\LimeWire\\LimeWire.exe"="C:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Games\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Games\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\WINDOWS\\system32\\MPSMC__U.EXE"="C:\\WINDOWS\\system32\\MPSMC__U.EXE:*:Enabled:Printer Status Monitor Center"
"D:\\install\\english\\MQINPW.EXE"="D:\\install\\english\\MQINPW.EXE:*:Enabled:MQINPW"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Documents and Settings\\Games\\Desktop\\recording software\\utorrent.exe"="C:\\Documents and Settings\\Games\\Desktop\\recording software\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iCall\\iCall.exe"="C:\\Program Files\\iCall\\iCall.exe:*:Enabled:iCall"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"="C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe:*:Enabled:InternetCalls"
"C:\\Program Files\\Gizmo Project\\mDNSResponder.exe"="C:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Gizmo Project\\Gizmo.exe"="C:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project"
"C:\\Starcraft\\starcraft.exe"="C:\\Starcraft\\starcraft.exe:*:Enabled:Starcraft - Brood War"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\bryan767\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\bryan767\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\steam.exe"="C:\\Program Files\\Valve\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"="C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe:*:Enabled:Alcohol 120%"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Games\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRYANS-COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Games
LOGONSERVER=\\BRYANS-COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Videocharge Software\Watermark Master;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Games\LOCALS~1\Temp
TMP=C:\DOCUME~1\Games\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=BRYANS-COMPUTER
USERNAME=Games
USERPROFILE=C:\Documents and Settings\Games
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Games (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\Tpack.inf
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Ports --> C:\WINDOWS\unvise32.exe C:\Program Files\Active Ports\uninstal.log
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM+ (remove only) --> "C:\Program Files\AIM+\uninst.exe"
AIMTunes (remove only) --> C:\Program Files\AIMTunes\Uninstall.exe
Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Allied Intent .2 client --> C:\Program Files\EA GAMES\Battlefield 2\Uninstal.exe
AltoMP3 Gold 5.20 --> C:\Program Files\AltoMP3 Gold\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7461
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DFBC9BD3-4265-44A5-AEEE-962F49D5C78C} /l1033
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 9.03 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8988F5D0-C83F-41F4-B41B-86031F9B37F5} /l1033
ATI Problem Report Wizard --> MsiExec.exe /I{2049131B-57D2-4C70-B25F-B683C8E52142}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVS DVD Copy version 1.3 --> "C:\Program Files\AVS4YOU\AVSDVDCopy\unins000.exe"
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Beat 2000 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Aludra Software\Beat 2000 1.05 English\DeIsL1.isu"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
Codec Pack - All In 1 6.0.2.6 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Crown Print Monitor+ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FD0AC90-1268-4A53-977E-E8E90D10EF6A}\setup.exe" AnyText
Cucusoft iPod Movie/Video Converter 2.00 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
Cucusoft MPEG to DVD Author 1.09 --> "C:\Program Files\Cucusoft\DVD-Author\unins000.exe"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Total Pack --> C:\Program Files\DivX Total Pack\uninstall.exe
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Frontbase Image To Icon 2.1 --> "C:\Program Files\Frontbase\Frontbase Image To Icon 2.10\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Games\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IMVU Avatar chat software (BETA) --> C:\Program Files\IMVU\Uninstall.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo DVDCopy --> "C:\Program Files\InstallShield Installation Information\{DD28F8FE-CC0B-47BD-A833-CBBC19D6A8E2}\setup.exe" --u:{DD28F8FE-CC0B-47BD-A833-CBBC19D6A8E2}
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KONICA MINOLTA magicolor 2430DL --> MUINST_U.EXE /PRN:"KONICA MINOLTA magicolor 2430DL"
Lexmark 810 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBSUNST.EXE -NOLICENSE
LimeWire 4.16.6 --> "C:\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0044) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v5.3 (build 0229) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Media Wizard --> "C:\Documents and Settings\All Users\Application Data\{09C0B682-8B5C-413E-8734-2424C2254B56}\setup_mw.exe" REMOVE=TRUE MODIFY=FALSE
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Might and Magic VII, For Blood and Honor --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Might and Magic VII\Might and Magic VII.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3 Cutter and Joiner 1.0 --> "C:\Program Files\Mp3 Cutter and Joiner\unins000.exe"
MRU-Blaster v1.5 (Database 3/28/2004) --> "C:\Program Files\MRU-Blaster\unins000.exe"
Need for Speed™ Most Wanted --> C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
NETGEAR Wireless PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9077253B-FBE9-416A-8D7A-9A58C2E83B39}\Setup.exe" -l0x9
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Netscape Navigator (9.0.0.6) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Nitto 1320 Legends Public Beta 0.9.9.72 --> "C:\Program Files\Nitto 1320 Legends\unins000.exe"
OpenMG Limited Patch 4.0-04-11-01-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-11-01-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.0.05 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BB92E35A-F5B8-4D59-90F3-CF863871BCF3} /l1033 UNINSTALL
Protected Music Converter 0.99b --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StreamPlug Player --> c:/Program Files/Cedelia/StreamPlug\StreamPlug Player.exe --uninstall
Team Fortress 2 --> "C:\program files\valve\steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
Thief - Deadly Shadows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC123EEA-330A-4685-911C-95B8F5E9DE68}\Setup.exe" -l0x9
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Watermark Master (remove only) --> "C:\Program Files\Videocharge Software\Watermark Master\uninst.exe"
WellGet --> C:\Program Files\WellGet\Uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) --> "E:\Program Files\Xfire\uninst.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2243 / Warning
Event Submitted/Written: 07/11/2008 08:54:44 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type2217 / Error
Event Submitted/Written: 07/11/2008 02:02:23 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type2215 / Error
Event Submitted/Written: 07/11/2008 01:49:02 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type2213 / Error
Event Submitted/Written: 07/11/2008 01:30:12 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type2211 / Error
Event Submitted/Written: 07/11/2008 01:29:43 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type80805 / Warning
Event Submitted/Written: 07/11/2008 10:04:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BRYANS-COMPUTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BRYANS-COMPUTER27 can't undo changes that you allow.

For more information please see the following:
%BRYANS-COMPUTER275

Scan ID: {063555A6-5091-432F-99E8-CA8C7D94FB9C}

User: BRYANS-COMPUTER\Games

Name: %BRYANS-COMPUTER271

ID: %BRYANS-COMPUTER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BRYANS-COMPUTER276

Alert Type: %BRYANS-COMPUTER278

Detection Type: 1.1.1593.02

Event Record #/Type80804 / Warning
Event Submitted/Written: 07/11/2008 10:04:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BRYANS-COMPUTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BRYANS-COMPUTER27 can't undo changes that you allow.

For more information please see the following:
%BRYANS-COMPUTER275

Scan ID: {B177F2EB-9071-4595-851C-A3505D55277C}

User: BRYANS-COMPUTER\Games

Name: %BRYANS-COMPUTER271

ID: %BRYANS-COMPUTER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BRYANS-COMPUTER276

Alert Type: %BRYANS-COMPUTER278

Detection Type: 1.1.1593.02

Event Record #/Type80803 / Warning
Event Submitted/Written: 07/11/2008 10:04:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BRYANS-COMPUTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BRYANS-COMPUTER27 can't undo changes that you allow.

For more information please see the following:
%BRYANS-COMPUTER275

Scan ID: {CE99F76F-2837-4D90-8A14-42B6D8EA3312}

User: BRYANS-COMPUTER\Games

Name: %BRYANS-COMPUTER271

ID: %BRYANS-COMPUTER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BRYANS-COMPUTER276

Alert Type: %BRYANS-COMPUTER278

Detection Type: 1.1.1593.02

Event Record #/Type80802 / Warning
Event Submitted/Written: 07/11/2008 10:03:59 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BRYANS-COMPUTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BRYANS-COMPUTER27 can't undo changes that you allow.

For more information please see the following:
%BRYANS-COMPUTER275

Scan ID: {3B53CD6B-FFED-44E6-B344-0D503C7BA5BD}

User: BRYANS-COMPUTER\Games

Name: %BRYANS-COMPUTER271

ID: %BRYANS-COMPUTER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BRYANS-COMPUTER276

Alert Type: %BRYANS-COMPUTER278

Detection Type: 1.1.1593.02

Event Record #/Type80801 / Warning
Event Submitted/Written: 07/11/2008 10:03:59 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BRYANS-COMPUTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BRYANS-COMPUTER27 can't undo changes that you allow.

For more information please see the following:
%BRYANS-COMPUTER275

Scan ID: {75EB06DB-4F7F-4D7A-B04C-5A73712000AD}

User: BRYANS-COMPUTER\Games

Name: %BRYANS-COMPUTER271

ID: %BRYANS-COMPUTER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BRYANS-COMPUTER276

Alert Type: %BRYANS-COMPUTER278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-11 22:07:40 ------------



:thumbsup:

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:16 PM

Posted 12 July 2008 - 10:47 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 bryan767

bryan767
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 12 July 2008 - 01:59 PM

thanks, and i will do this right now!

#4 bryan767

bryan767
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 12 July 2008 - 03:33 PM

ComboFix 08-07-12.1 - Games 2008-07-12 15:04:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.539 [GMT -4:00]
Running from: C:\Documents and Settings\Games\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\setup.exe
C:\WINDOWS\BMfbf3b108.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\weirdontheweb_ventura2.exe
C:\WINDOWS\system32\cmsbvcvp.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\components\rlxf.dll
C:\WINDOWS\system32\ddcaWnLc.dll
C:\WINDOWS\system32\ddcBTMcA.dll
C:\WINDOWS\system32\dysenjcx.dll
C:\WINDOWS\system32\fhkyhbdq.ini
C:\WINDOWS\system32\fjosldis.ini
C:\WINDOWS\system32\geBqPHaX.dll
C:\WINDOWS\system32\khfDvuss.dll
C:\WINDOWS\system32\ljJCspOI.dll
C:\WINDOWS\system32\mlJBtrSj.dll
C:\WINDOWS\system32\mqiotqxv.dll
C:\WINDOWS\system32\nhixvkrs.dll
C:\WINDOWS\system32\nnnmmjKd.dll
C:\WINDOWS\system32\nnnoNgGW.dll
C:\WINDOWS\system32\npybtkve.dll
C:\WINDOWS\system32\pvcvbsmc.ini
C:\WINDOWS\system32\qcreci.dll
C:\WINDOWS\system32\qdbhykhf.dll
C:\WINDOWS\system32\QpoUxyxx.ini
C:\WINDOWS\system32\QpoUxyxx.ini2
C:\WINDOWS\system32\sidlsojf.dll
C:\WINDOWS\system32\tspjnr.dll
C:\WINDOWS\system32\tuvussrR.dll
C:\WINDOWS\system32\tuvVMdDT.dll
C:\WINDOWS\system32\vafowcro.dll
C:\WINDOWS\system32\vrpdcigc.dll
C:\WINDOWS\system32\xxyxUopQ.dll
C:\WINDOWS\system32\yqileu.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 21:56 . 2008-07-11 21:56 <DIR> d-------- C:\Deckard
2008-07-11 19:18 . 2008-07-11 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-11 01:44 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-07-11 01:44 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-07-11 01:43 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-07-11 01:43 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-07-11 01:43 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-07-11 01:43 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-07-11 01:43 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-07-11 01:43 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-07-11 01:42 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-07-11 01:42 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-07-11 01:42 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-07-11 01:42 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-07-11 01:42 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-07-11 01:42 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-07-11 01:42 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-07-11 01:42 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-07-11 01:42 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-07-11 01:40 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-07-11 01:40 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-11 01:40 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-07-11 01:40 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-07-11 01:40 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-07-11 01:40 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-07-11 01:39 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-07-11 01:39 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-07-11 01:39 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-07-11 01:34 . 2008-07-11 01:34 <DIR> d-------- C:\WINDOWS\Logs
2008-07-11 01:28 . 2008-07-11 01:28 <DIR> d-------- C:\Program Files\Windows Defender
2008-07-11 00:12 . 2008-07-12 15:37 1,034,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 00:12 . 2008-07-12 15:29 13,124 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-10 23:12 . 2008-07-10 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-10 23:12 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-07-10 23:11 . 2008-07-10 23:11 <DIR> d-------- C:\Program Files\Zone Labs
2008-07-10 08:36 . 2008-07-12 11:27 110,419 --a------ C:\WINDOWS\BMfbf3b108.xml
2008-07-09 17:01 . 2008-07-09 17:01 <DIR> d-------- C:\Program Files\MRU-Blaster
2008-07-09 16:59 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-09 16:59 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-09 16:59 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-09 16:59 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-09 16:58 . 2008-07-09 17:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-09 16:58 . 2008-07-09 16:58 <DIR> d-------- C:\Documents and Settings\Games\Application Data\PC Tools
2008-07-09 16:53 . 2008-07-09 16:53 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-07-09 14:03 . 2008-07-09 14:04 <DIR> d--h----- C:\Documents and Settings\Games\Application Data\GTek
2008-07-09 14:00 . 2008-07-09 14:04 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-09 14:00 . 2008-07-09 14:04 <DIR> d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-07-08 00:08 . 2008-07-08 00:08 90,838 --a------ C:\WINDOWS\system32\phcl42j0e1ct.bmp
2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-15 23:24 . 2008-06-15 23:24 <DIR> d-------- C:\Program Files\iPod
2008-06-15 23:23 . 2008-06-15 23:24 <DIR> d-------- C:\Program Files\iTunes
2008-06-15 23:22 . 2008-06-15 23:22 <DIR> d-------- C:\Program Files\Bonjour
2008-06-13 22:51 . 2008-06-13 22:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-06-13 19:42 . 2008-06-13 19:42 <DIR> d-------- C:\Logs
2008-06-13 18:01 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 19:28 --------- d-----w C:\Documents and Settings\Games\Application Data\DNA
2008-07-12 19:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 18:59 --------- d-----w C:\Documents and Settings\Games\Application Data\Hamachi
2008-07-12 06:09 --------- d-----w C:\Documents and Settings\Games\Application Data\LimeWire
2008-07-11 12:49 --------- d-----w C:\Documents and Settings\Games\Application Data\Viewpoint
2008-07-11 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-11 12:48 --------- d-----w C:\Program Files\Viewpoint
2008-07-11 12:32 --------- d-----w C:\Program Files\ATI Technologies
2008-07-11 04:40 --------- d-----w C:\Documents and Settings\Games\Application Data\Netscape
2008-07-11 04:39 --------- d-----w C:\Program Files\Netscape
2008-07-11 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-07-10 12:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-10 12:44 --------- d-----w C:\Documents and Settings\Games\Application Data\Spybot - Search & Destroy
2008-07-10 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 12:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-10 00:37 --------- d-----w C:\Program Files\AIMTunes
2008-07-09 20:53 --------- d-----w C:\Program Files\Symantec
2008-07-09 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-09 03:35 --------- d-----w C:\Documents and Settings\Games\Application Data\Symantec
2008-07-09 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-09 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 03:22 --------- d-----w C:\Program Files\QuickTime
2008-06-14 02:14 --------- d-----w C:\Program Files\World of Warcraft
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 19:27 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-12 19:25 --------- d-----w C:\Program Files\planetside
2008-06-12 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 18:58 --------- d-----w C:\Program Files\IDoser v4
2008-06-10 00:46 --------- d-----w C:\Program Files\Warcraft III
2008-06-08 19:27 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-06-08 19:27 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2008-06-08 19:04 --------- d-----w C:\Documents and Settings\Games\Application Data\BitTorrent
2008-06-08 17:28 --------- d-----w C:\Program Files\Common Files\3DO Shared
2008-06-08 17:28 --------- d-----w C:\Program Files\3DO
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-17 15:08 --------- d-----w C:\Program Files\Java
2008-05-15 01:24 171,520 ----a-w C:\WINDOWS\system32\drivers\atinavt2.sys
2008-05-13 02:34 --------- d-----w C:\Program Files\Apple Software Update
2006-06-19 20:15 54,784 ----a-w C:\Documents and Settings\Games\EcstaticCheat.dll
2005-06-18 23:12 105,738 --sha-r C:\WINDOWS\system32\cxjgvbl.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-30 18:30 1271032]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-12-01 16:32 106575]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-12-01 16:28 69709]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 15:54 289088]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 17:16 454784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [2003-05-16 13:59 389120]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 12:26 65536]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 22:05 344064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 14:49 36352]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-08-20 10:58 2483496]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 21:31 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 28160 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]

C:\Documents and Settings\Games\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-10-14 18:29:33 624416]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 16:48:42 118784]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2004-03-28 15:07:48 1216512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-07-19 20:48:56 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= ucdvfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YU12"= ATIYUV12.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\MPSMC__U.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Documents and Settings\\Games\\Desktop\\recording software\\utorrent.exe"=
"C:\\Starcraft\\starcraft.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\bryan767\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\steam.exe"=
"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:WoW dl
"6881:TCP"= 6881:TCP:WoW dl2
"6112:TCP"= 6112:TCP:starcraft
"6112:UDP"= 6112:UDP:starcraft2
"27015:TCP"= 27015:TCP:*:Disabled:SteamServ1
"27015:UDP"= 27015:UDP:*:Disabled:SteamServ2
"27020:UDP"= 27020:UDP:*:Disabled:SteamServ3
"4000:TCP"= 4000:TCP:BB1
"6113:UDP"= 6113:UDP:Starcraft3
"6114:UDP"= 6114:UDP:Starcraft4
"6115:UDP"= 6115:UDP:Starcraft3

R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 21:14]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 21:14]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys [2003-03-17 20:27]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2004-01-26 20:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6ffd4d-4de1-11dd-9017-00095b9461cd}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a65a2094-7f2d-11da-8aec-00095b9461cd}]
\Shell\AutoRun\command - F:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-07-10 18:09:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-12 19:33:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-BMfbf3b108 - C:\WINDOWS\system32\mqiotqxv.dll
HKLM-Run-f8c08294 - C:\WINDOWS\system32\cmsbvcvp.dll
HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 15:36:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\TMP00000039DA451D51E365B308 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-07-12 15:50:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 19:50:53

Pre-Run: 29,561,679,872 bytes free
Post-Run: 30,520,066,048 bytes free

303 --- E O F --- 2008-07-09 17:33:50

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:16 PM

Posted 12 July 2008 - 05:32 PM

Please delete this file.

C:\WINDOWS\system32\phcl42j0e1ct.bmp



================


You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

===================



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Please post a new log from DSS also.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 bryan767

bryan767
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 13 July 2008 - 07:36 PM

i bolded the titles to the 2 scans btw, so you can spot them out more easily. any my computer seems to be running muchhh better :thumbsup: . but i know im still infected.. and i was looking at the E drive log, and i dont have any of those games listed, or hacks. i just wanna put that out there.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 13, 2008 21:22:37
Records in database: 949078

--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 234653
Threat name: 23
Infected objects: 151
Suspicious objects: 0
Duration of the scan: 03:29:46


File name / Threat name / Threats count
C:\Documents and Settings\Games\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-3b165632 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Games\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-58568399 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Games\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-24a13d0b.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Games\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-78908a61.zip Infected: Exploit.Java.Gimsh.b 1
C:\QooBox\Quarantine\C\setup.exe.vir Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
C:\QooBox\Quarantine\C\WINDOWS\system32\Cache\weirdontheweb_ventura2.exe.vir Infected: not-a-virus:AdWare.Win32.WeirWeb.b 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cmsbvcvp.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcaWnLc.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcBTMcA.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dysenjcx.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\geBqPHaX.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\khfDvuss.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ljJCspOI.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJBtrSj.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mqiotqxv.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nhixvkrs.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnmmjKd.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoNgGW.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\npybtkve.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qcreci.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qdbhykhf.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sidlsojf.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tspjnr.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvussrR.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVMdDT.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vafowcro.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vrpdcigc.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyxUopQ.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yqileu.dll.vir Infected: Trojan.Win32.Monderc.gen 1
E:\Documents and Settings\All Users\Application Data\RDSA\rdsa.dll Infected: not-a-virus:AdWare.Win32.RiverAd.c 1
E:\Documents and Settings\All Users\Documents\Shared Downloads\TechTV Free File BOOMBox Internet Radio Player_files\BOOMBox.exe Infected: not-a-virus:AdWare.Win32.Advision.a 1
E:\Documents and Settings\Bryan\Local Settings\Temp\setup1024.exe Infected: not-a-virus:AdWare.Win32.UrlSpy.b 4
E:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\6PQ9ABCD\2451743[1].htm Infected: Trojan-Clicker.HTML.IFrame.bk 1
E:\Documents and Settings\Bryan\Local Settings\Application Data\u.exe Infected: not-a-virus:AdWare.MSIL.Broadcap.a 1
E:\Documents and Settings\Bryan\Local Settings\Application Data\u.exe Infected: not-a-virus:AdWare.Win32.Broadcap.d 2
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC German No CD).Playboy the Mansion.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC German No CD).Playboy the Mansion.exe Infected: not-a-virus:AdWare.Win32.WinAD.b 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC German No CD).Playboy the Mansion.exe Infected: Trojan-Downloader.Win32.Small.ya 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC German No CD).Playboy the Mansion.exe Infected: Trojan-Downloader.Win32.IstBar.gen 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC English No CD).Playboy the Mansion (SuprNova).exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC English No CD).Playboy the Mansion (SuprNova).exe Infected: not-a-virus:AdWare.Win32.WinAD.b 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC English No CD).Playboy the Mansion (SuprNova).exe Infected: Trojan-Downloader.Win32.Small.ya 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC English No CD).Playboy the Mansion (SuprNova).exe Infected: Trojan-Downloader.Win32.IstBar.gen 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC Francais No CD).Playboy the Mansion.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC Francais No CD).Playboy the Mansion.exe Infected: not-a-virus:AdWare.Win32.WinAD.b 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC Francais No CD).Playboy the Mansion.exe Infected: Trojan-Downloader.Win32.Small.ya 1
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC Francais No CD).Playboy the Mansion.exe Infected: Trojan-Downloader.Win32.IstBar.gen 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Half-Life 2 NO CD Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Doom 3 NO CD Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Jedi Academy NO CD Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Counter-Strike Condition Zero Keygen.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Battlefield Vietnam Multiplayer Online Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Dungeon Siege no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Heroes of Might & Magic IV no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Medal Of Honor - Allied Assault no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Tom Clancys Ghost Recon - Desert Siege no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Soldier of Fortune II- Double Helix no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\The Sims- Vacation no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Harry Potter and the Sorcerers Stone no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Zoo Tycoon- Dinosaur Digs no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Star Wars Galactic Battlegrounds- Clone Campaigns no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Battlefield 1942 no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Unreal Tournament 2003 no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\The Sims no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Mafia no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\The Sims - Hot Date Expansion Pack no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Medal Of Honor - Allied Assault no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Sponge Bob Square Pants - Operation Krabby Patty no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Harry Potter & The Sorcerers Stone no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Backyard Baseball 2003 no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Halo - Combat Evolved - Microsoft no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Max Payne 2 Fall Of Max Payne no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Command & Conquer - Generals Zero Hour no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Age Of Mythology no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\The Sims Double Deluxe no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\The Sims - Makin Magic Expansion Pack no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\The Sims - Superstar Expansion Pack no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Sim City 4 - Rush Hour no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\The Sims Deluxe no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Command & Conquer - Generals no cd crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\NeedforspeedUnderground-nocd.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Nero Burning ROM v6.x crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Windows XP home edition Activation.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\CloneDVD v1.x crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\MaxPayne 2 The Fall Of Max Payne Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Adobe Illustrator v10.0 Time Limit Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Adobe PageMaker v7.0 Keygen.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Adobe Photoshop 7 keygen.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Anti-Trojan 4.0.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Macromedia ColdFusion MX crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Macromedia Dreamweaver 4.0 Patch.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Macromedia Fireworks 4.0 Patch.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Macromedia Flash SWF-Unprotect v2.0.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Macromedia FreeHand v10 Loader.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Cubase Audio XT 3.X crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\FlashFXP v1.4.3 Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\mirc 6.1x reg entries.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\FlashFXP v2.0 Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\FlashFXP v2.2 crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\NBA Live 2003 crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Need For Speed 5 - no cd.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Matrix Screensaver.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Microsoft Office XP Professional Serial.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Microsoft Office XP Universal Activator v1.0.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Microsoft Office XP Activation Killer.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\WinZip All Versions keygen.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\WinZip Self-Extractor v2.2 keygen.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\WinZip v8.0 Keygen.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\WinZIP v9.0 Keygen.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Ad-aware Pro Crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\ICQ 4.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\LimeWire server scanner.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Morpheus patch.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Download Accelerator Plus (spyware free).exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\WinRAR crack (keygen).exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\MSN Toolbar advert remover.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\FlashGet.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Trillian crasher.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\RoboForm crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\ZoneAlarm crack (keygen).exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\RYL crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Need for Speed Underground NO CD crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Unreal Tournament 2004 NO CD crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Desktop\un-used icons\music players\Civilization III crack.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Cookies\bryan@cliks[3].txt Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Cookies\bryan@a[9].txt Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Cookies\bryan@abetterinternet[2].txt Infected: P2P-Worm.Win32.Krepper.c 1
E:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: P2P-Worm.Win32.Krepper.c 1
E:\Program Files\AutoUpdate Infected: P2P-Worm.Win32.Krepper.c 1
E:\System Volume Information\_restore{704E8122-521E-4D11-ABF3-16A26345CA53}\RP539\A0551051.exe Infected: Email-Worm.VBS.Gedza 1
E:\System Volume Information\_restore{704E8122-521E-4D11-ABF3-16A26345CA53}\RP539\A0552521.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\System Volume Information\_restore{704E8122-521E-4D11-ABF3-16A26345CA53}\RP539\A0559342.exe Infected: not-a-virus:AdWare.Win32.WeirWeb.a 1
E:\System Volume Information\_restore{704E8122-521E-4D11-ABF3-16A26345CA53}\RP539\A0561105.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\System Volume Information\_restore{704E8122-521E-4D11-ABF3-16A26345CA53}\RP539\A0562250.exe Infected: P2P-Worm.Win32.Krepper.c 1
E:\System Volume Information\_restore{FBE365C3-913D-4A88-AC57-EAB6923CE2DB}\RP1004\A0464075.dll Infected: Trojan-Dropper.Win32.Miewer.f 1
E:\OLD-WIN-XP\system32\Cache\weirdontheweb_ventura2.exe Infected: not-a-virus:AdWare.Win32.WeirWeb.a 1
E:\OLD-WIN-XP\Temp\bs564.tmpbsx32\bbrs.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 3
E:\OLD-WIN-XP\Temp\bs564.tmpbsx32\bbrs.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.j 3
E:\OLD-WIN-XP\Temp\bs564.tmpbsx32\bbrs.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 3
E:\OLD-WIN-XP\Temp\bs564.tmpbsx32\bbrs.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y 1
E:\OLD-WIN-XP\Temp\bs564.tmpbsx32\bbrs.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.i 1

The selected area was scanned.



Deckard's System Scanner v20071014.68
Run by Games on 2008-07-13 20:32:04
Computer is in Normal Mode.

--------------------------------------------------------------------------------



-- HijackThis (run as Games.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:42 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Games\Desktop\ad-aware\dss.exe
C:\DOCUME~1\Games\Desktop\ad-aware\Games.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.12");
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
user_pref("network.cookie.prefsMigrated", true);
user_pref("prefs.converted-to-utf8", true);
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\GAMES\Application Data\Mozilla\Profiles\default\71jnk0rd.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Games\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/070552351df2fa...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146528318900
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10355 bytes

-- Files created between 2008-06-13 and 2008-07-13 -----------------------------

2008-07-13 20:01:41 0 d-------- C:\WINDOWS\LastGood
2008-07-13 16:21:48 0 d-------- C:\Program Files\Common Files\Java
2008-07-12 15:02:07 68096 --a------ C:\WINDOWS\zip.exe
2008-07-12 15:02:07 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-12 15:02:07 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-12 15:02:07 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-12 15:02:07 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-12 15:02:07 98816 --a------ C:\WINDOWS\sed.exe
2008-07-12 15:02:07 80412 --a------ C:\WINDOWS\grep.exe
2008-07-12 15:02:07 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-11 19:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-11 01:34:04 0 d-------- C:\WINDOWS\Logs
2008-07-11 01:28:33 0 d-------- C:\Program Files\Windows Defender
2008-07-11 00:12:03 6608928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-10 23:12:50 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-09 17:01:04 0 d-------- C:\Program Files\MRU-Blaster
2008-07-09 16:58:53 0 d-------- C:\Program Files\Spyware Doctor
2008-07-09 16:58:53 0 d-------- C:\Documents and Settings\Games\Application Data\PC Tools
2008-07-09 16:53:42 0 d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-07-09 14:04:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-07-09 14:03:05 0 d--h----- C:\Documents and Settings\Games\Application Data\GTek
2008-07-09 14:00:35 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-07-09 14:00:33 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-07 20:06:47 10485760 --a------ C:\Documents and Settings\Games\ntuser.dat
2008-06-15 23:24:18 0 d-------- C:\Program Files\iPod
2008-06-15 23:23:58 0 d-------- C:\Program Files\iTunes
2008-06-15 23:22:28 0 d-------- C:\Program Files\Bonjour
2008-06-13 19:42:21 0 d-------- C:\Logs


-- Find3M Report ---------------------------------------------------------------

2008-07-13 20:28:55 0 d-------- C:\Documents and Settings\Games\Application Data\DNA
2008-07-13 16:22:42 0 d-------- C:\Program Files\Java
2008-07-13 16:21:48 0 d-------- C:\Program Files\Common Files
2008-07-12 14:59:14 0 d-------- C:\Documents and Settings\Games\Application Data\Hamachi
2008-07-12 02:09:54 0 d-------- C:\Documents and Settings\Games\Application Data\LimeWire
2008-07-12 00:06:22 0 d-------- C:\Documents and Settings\Games\Application Data\Adobe
2008-07-11 08:49:15 0 d-------- C:\Documents and Settings\Games\Application Data\Viewpoint
2008-07-11 08:48:19 0 d-------- C:\Program Files\Viewpoint
2008-07-11 08:32:22 0 d-------- C:\Program Files\ATI Technologies
2008-07-11 00:40:01 0 d-------- C:\Documents and Settings\Games\Application Data\Netscape
2008-07-11 00:39:06 0 d-------- C:\Program Files\Netscape
2008-07-10 23:16:51 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-07-10 22:38:49 0 d-------- C:\Documents and Settings\Games\Application Data\Mozilla
2008-07-10 08:44:00 0 d-------- C:\Documents and Settings\Games\Application Data\Spybot - Search & Destroy
2008-07-10 08:27:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-09 20:37:25 0 d-------- C:\Program Files\AIMTunes
2008-07-09 16:53:42 0 d-------- C:\Program Files\Symantec
2008-07-08 23:35:08 0 d-------- C:\Documents and Settings\Games\Application Data\Symantec
2008-06-15 23:22:00 0 d-------- C:\Program Files\QuickTime
2008-06-13 22:52:25 4096 --a------ C:\WINDOWS\system32\crash
2008-06-13 22:14:05 0 d-------- C:\Program Files\World of Warcraft
2008-06-12 15:27:38 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-12 15:25:25 0 d-------- C:\Program Files\planetside
2008-06-12 15:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 14:58:47 0 d-------- C:\Program Files\IDoser v4
2008-06-09 20:46:55 0 d-------- C:\Program Files\Warcraft III
2008-06-08 15:28:08 17627 --a------ C:\WINDOWS\War3Unin.dat
2008-06-08 15:27:17 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-08 15:27:16 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-08 15:04:00 0 d-------- C:\Documents and Settings\Games\Application Data\BitTorrent
2008-06-08 13:28:46 0 d-------- C:\Program Files\Common Files\3DO Shared
2008-06-08 13:28:46 0 d-------- C:\Program Files\3DO
2008-06-02 21:05:00 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-03 00:02:02 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [10/04/2007 04:06 PM 1135968]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [05/16/2003 01:59 PM]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [03/17/2004 12:26 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/21/2004 10:05 PM]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 06:12 AM C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 02:49 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [08/20/2007 10:58 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/31/2008 09:31 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/22/2005 11:25 PM C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [03/30/2008 06:30 PM]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [12/01/2004 04:32 PM]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [12/01/2004 04:28 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/09/2008 03:54 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 05:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Games\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [10/14/2007 6:29:33 PM]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [7/19/2003 4:48:42 PM]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [3/28/2004 3:07:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/19/2006 8:48:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6ffd4d-4de1-11dd-9017-00095b9461cd}]
AutoRun\command- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a65a2094-7f2d-11da-8aec-00095b9461cd}]
AutoRun\command- F:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2008-07-13 20:34:01 ------------

Edited by bryan767, 13 July 2008 - 07:38 PM.


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:16 PM

Posted 14 July 2008 - 08:47 AM

If this was my computer I would consider this entire folder to be infested and delete the folder and everything within it.

E:\Documents and Settings\Bryan\Desktop\un-used icons\music players


And you definitely need to delete these files.

E:\OLD-WIN-XP\system32\Cache\weirdontheweb_ventura2.exe
E:\OLD-WIN-XP\Temp\bs564.tmpbsx32\bbrs.exe
E:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Desktop.htt
E:\Program Files\AutoUpdate
<-- this folder
E:\Documents and Settings\All Users\Application Data\RDSA\rdsa.dll
E:\Documents and Settings\All Users\Documents\Shared Downloads\TechTV Free File BOOMBox Internet Radio Player_files\BOOMBox.exe
E:\Documents and Settings\Bryan\Local Settings\Temp\setup1024.exe
E:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\6PQ9ABCD\2451743[1].htm
E:\Documents and Settings\Bryan\Local Settings\Application Data\u.exe
E:\Documents and Settings\Bryan\My Documents\Downloads\(PC German No CD).Playboy the Mansion.exe




Otherwise your log looks good and everything else was already quarantined. :)


Just a few last things and you should be good to go! :)


First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.

How to install and use the Windows XP Recovery Console



===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 bryan767

bryan767
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 14 July 2008 - 07:12 PM

dude thanks you so much!! you are The man! :)

:) :thumbsup: :)

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:16 PM

Posted 15 July 2008 - 09:38 AM

Anytime! :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:16 PM

Posted 25 July 2008 - 06:36 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users