Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Malware That Creates .tmp Files And Popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 TGP

TGP

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 20 July 2008 - 02:24 PM

Hi, My computer is infected with some kind of malware that is creating temporary files. When I view the history from Internet Explorer I see at least 1,000
NDr(random #'s and letters).tmp. It is usually 2 numbers or 1 number and 1 letter. For example (NDr66.tmp,NDr8B.tmp). Spybot, Ad-aware,and AVG can't seem to find it. This malware is really slowing down my computer, causes popups, and it also causes explorer.exe to stop working sometimes. And when thats not responding I have to go through task manager to restart my computer because the bottom start bar and Desktop disappear. The popups are usually ads that are trying to get me to buy some kind of anti virus service.

Deckard's System Scanner v20071014.68
Run by Tyrone Pratt on 2008-07-20 14:46:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-20 19:46:11 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-20 14:47:43
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Tyrone Pratt\My Documents\??mantec\iexplore.exe
C:\Program Files\Common Files\W?nSxS\?ttrib.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tyrone Pratt\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: bannerstyle browser optimizer - {5f977598-80e5-82ce-d7a5-e55761f55dcc} - C:\WINDOWS\SYSTEM32\tnhydbpfbzqeqbao.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {82336A8D-6CD0-4647-B791-75FCA8CF2B39} - C:\WINDOWS\SYSTEM32\byXoOghi.dll
O2 - BHO: (no name) - {AA4EEF3A-23D8-7A7C-F935-7AA2939F4297} - C:\WINDOWS\SYSTEM32\bxuublf.dll
O2 - BHO: {e9be77bb-1f24-d14a-92d4-c811c001bfaa} - {aafb100c-118c-4d29-a41d-42f1bb77eb9e} - C:\WINDOWS\SYSTEM32\lydldg.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C2A012E0-1B31-4124-9AB0-0B9533BA2EEB} - C:\WINDOWS\SYSTEM32\xxyvvTkJ.dll
O2 - BHO: (no name) - {CFF56F3D-71A6-4C13-A166-B97D193FA0E0} - C:\WINDOWS\System32\rqRIcARH.dll (file missing)
O2 - BHO: (no name) - {FE45B835-27DD-727D-FF35-7AA2939F4DC2} - C:\WINDOWS\System32\odu.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [24e44522] rundll32.exe "C:\WINDOWS\System32\pdfbmfmx.dll",b
O4 - HKLM\..\Run: [{4921b6cf-de68-a5eb-2ec9-88964d3abe3d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\tnhydbpfbzqeqbao.dll" DllStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Aire] "C:\DOCUME~1\TYRONE~1\MYDOCU~1\MANTEC~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Kvqrkvfo] "C:\Program Files\Common Files\W?nSxS\?ttrib.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} () - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/033dedf62266bb...ip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187147626484
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187147598625
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} () - http://www.malwareprotector2008.com/tools/virusremover.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webportal.parsons.com/dana-cached/s...perSetupSP1.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: byXoOghi - C:\WINDOWS\System32\byXoOghi.dll
O20 - Winlogon Notify: byXQKcYP - C:\WINDOWS\System32\byXQKcYP.dll (file missing)
O20 - Winlogon Notify: nnnmmjgF - C:\WINDOWS\System32\nnnmmjgF.dll (file missing)
O21 - SSODL: wpvmqosg - {C45EECCC-2185-4F65-8A2B-732F03CCCE4C} - (no file)
O21 - SSODL: xvorfwbd - {9165D5EC-C203-4007-853E-3D626924932F} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 10112 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S1 sscdcmntt - c:\windows\system32\drivers\sscdcmntt.sys (file missing)
S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTKRNL (Bluetooth Bus Enumerator) - c:\windows\system32\drivers\btkrnl.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-20 13:00:00 500 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-19 16:46:55 2674 --a------ C:\WINDOWS\System32\tmp.reg
2008-07-19 16:43:44 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-07-19 16:43:44 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-19 16:43:44 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-19 16:43:44 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-19 16:43:44 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-19 16:43:44 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-19 16:43:44 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-07-19 16:43:44 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-19 16:30:51 0 d-------- C:\Documents and Settings\Tyrone Pratt\.housecall6.6
2008-07-19 16:28:39 0 d-------- C:\Program Files\Common Files\W?nSxS
2008-07-19 16:28:38 60928 --a------ C:\WINDOWS\System32\bxuublf.dll
2008-07-19 16:25:06 25888 -----n--- C:\WINDOWS\System32\byXoOghi.dll
2008-07-19 16:24:59 0 d-------- C:\WINDOWS\System32\carH01
2008-07-19 15:11:26 105296 --a------ C:\WINDOWS\System32\lydldg.dll
2008-07-19 15:11:25 105296 --a------ C:\WINDOWS\System32\hsxdafcu.dll
2008-07-19 15:07:26 81264 --a------ C:\WINDOWS\System32\pdfbmfmx.dll
2008-07-18 17:51:47 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-18 17:51:43 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2008-07-18 17:51:32 11264 --a------ C:\WINDOWS\System32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-07-18 17:50:37 0 d-------- C:\WINDOWS\Internet Logs
2008-07-18 16:10:33 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\Mozilla
2008-07-18 14:15:18 64852 --a------ C:\WINDOWS\System32\eihcarqakxethqho.exe
2008-07-18 13:21:45 0 d-------- C:\Program Files\Alwil Software
2008-07-18 13:16:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-15 18:49:58 0 d-------- C:\Program Files\GetModule
2008-07-15 18:38:11 81184 --a------ C:\WINDOWS\System32\scotvqva.dll
2008-07-14 18:42:47 0 d-------- C:\WINDOWS\imzi
2008-07-14 18:42:47 0 d-------- C:\Program Files\Common Files\imzi
2008-07-14 18:42:05 0 d-------- C:\Program Files\iCheck
2008-07-14 18:42:05 0 d-------- C:\Program Files\GetPack
2008-07-14 18:36:51 0 d-------- C:\Program Files\Sakora
2008-07-14 18:36:48 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\SpeedRunner
2008-07-14 18:35:08 105264 --a------ C:\WINDOWS\System32\pelciu.dll
2008-07-14 18:35:05 105264 --a------ C:\WINDOWS\System32\nsflvahe.dll
2008-07-14 18:31:59 881012 --ahs---- C:\WINDOWS\System32\JkTvvyxx.ini2
2008-07-14 18:31:54 314672 --a------ C:\WINDOWS\System32\xxyvvTkJ.dll
2008-07-14 18:31:29 0 d-------- C:\Program Files\mjc
2008-07-14 18:31:28 0 d-------- C:\Program Files\Webtools
2008-07-14 18:31:27 0 d-------- C:\Program Files\Temporary
2008-07-13 12:49:22 0 d-------- C:\Program Files\Trend Micro
2008-07-13 12:06:06 0 dr-h----- C:\Documents and Settings\Tyrone Pratt\Recent
2008-07-13 09:37:51 0 d-------- C:\Program Files\CCleaner
2008-07-12 17:07:25 0 d-------- C:\Documents and Settings\Administrator.TGP\Application Data\Adobe
2008-07-12 16:51:09 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-12 16:26:44 0 d-------- C:\Program Files\IrfanView
2008-07-12 16:13:52 0 d-------- C:\WINDOWS\System32\4923
2008-07-12 14:04:58 755818 --ahs---- C:\WINDOWS\System32\HRAcIRqr.ini2
2008-07-12 14:02:22 29184 --a------ C:\WINDOWS\svcinit.exe
2008-07-12 14:02:22 11008 --a------ C:\WINDOWS\svchost32.exe
2008-07-12 14:02:22 9216 --a------ C:\WINDOWS\sistem.exe
2008-07-12 14:02:22 30720 --a------ C:\WINDOWS\searchword.dll
2008-07-12 14:02:22 13568 --a------ C:\WINDOWS\rundll16.exe
2008-07-12 14:02:22 10752 --a------ C:\WINDOWS\quicken.exe
2008-07-12 14:02:22 14848 --a------ C:\WINDOWS\qttasks.exe
2008-07-12 14:02:21 23296 --a------ C:\WINDOWS\mswsc20.dll
2008-07-12 14:02:21 9472 --a------ C:\WINDOWS\mswsc10.dll
2008-07-12 14:02:21 12544 --a------ C:\WINDOWS\msspi.dll
2008-07-12 14:02:21 14080 --a------ C:\WINDOWS\msconfd.dll
2008-07-12 14:02:21 14336 --a------ C:\WINDOWS\internet.exe
2008-07-12 14:02:21 27392 --a------ C:\WINDOWS\inetinf.exe
2008-07-12 14:02:20 20224 --a------ C:\WINDOWS\helpcvs.exe
2008-07-12 14:02:20 16128 --a------ C:\WINDOWS\gfmnaaa.dll
2008-07-12 14:02:20 30208 --a------ C:\WINDOWS\funny.exe
2008-07-12 14:02:19 28416 --a------ C:\WINDOWS\funniest.exe
2008-07-12 14:02:19 8704 --a------ C:\WINDOWS\explorer32.exe
2008-07-12 14:02:19 16896 --a------ C:\WINDOWS\explore.exe
2008-07-12 14:02:19 18944 --a------ C:\WINDOWS\editpad.exe
2008-07-12 14:02:19 8960 --a------ C:\WINDOWS\dnsrelay.dll
2008-07-12 14:02:19 13568 --a------ C:\WINDOWS\directx32.exe
2008-07-12 14:02:19 26112 --a------ C:\WINDOWS\ctrlpan.dll
2008-07-12 14:02:19 18432 --a------ C:\WINDOWS\ctfmon32.exe
2008-07-12 14:01:04 860 --a------ C:\WINDOWS\System32\winpfz33.sys
2008-07-12 13:59:44 14121 --a------ C:\WINDOWS\System32\clbinit.dll
2008-07-12 13:57:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-12 13:57:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-12 13:57:14 152265 --a------ C:\WINDOWS\System32\g25.exe
2008-07-12 13:56:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-12 13:56:43 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-12 13:56:30 4 --a------ C:\WINDOWS\System32\hljwugsf.bin
2008-07-12 13:54:53 0 d--hs---- C:\WINDOWS\VHlyb25lIFByYXR0
2008-07-12 13:54:06 0 d-------- C:\WINDOWS\System32\sfig
2008-07-12 13:54:06 0 d-------- C:\WINDOWS\System32\provdll
2008-07-12 13:54:06 0 d-------- C:\WINDOWS\System32\OBDE
2008-07-12 13:54:06 0 d-------- C:\WINDOWS\System32\imp32
2008-07-12 13:54:02 0 d-------- C:\WINDOWS\System32\olixds01
2008-07-12 13:54:02 0 d-------- C:\Temp
2008-07-11 08:47:12 158208 --a------ C:\WINDOWS\System32\tnhydbpfbzqeqbao.dll
2008-07-02 16:04:51 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\Leadertech
2008-07-02 05:32:16 74752 --a------ C:\WINDOWS\b155.exe
2008-06-29 17:26:20 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\Mp3tag
2008-06-29 17:26:15 0 d-------- C:\Program Files\Mp3tag
2008-06-22 23:15:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-20 14:44:00 0 d-------- C:\WINDOWS\System32\NtmsData


-- Find3M Report ---------------------------------------------------------------

2008-07-20 06:31:44 0 d-------- C:\Program Files\Common Files
2008-07-20 05:43:40 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\uTorrent
2008-07-19 16:28:39 0 d-------- C:\Program Files\Common Files\W?nSxS
2008-07-18 16:16:21 0 d-------- C:\Program Files\Lavasoft
2008-07-18 16:16:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 16:09:05 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-13 08:41:36 1324 --a------ C:\WINDOWS\System32\d3d9caps.dat
2008-07-02 16:05:04 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\Sonic
2008-06-24 17:14:37 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\Image Zone Express
2008-06-22 23:16:32 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\Google
2008-06-22 23:16:08 0 d-------- C:\Program Files\Google
2008-06-19 20:19:27 0 d-------- C:\Program Files\Samsung
2008-06-19 19:09:05 38483 --a------ C:\Documents and Settings\Tyrone Pratt\Application Data\Comma Separated Values (DOS).ADR
2008-06-19 18:53:19 38486 --a------ C:\Documents and Settings\Tyrone Pratt\Application Data\Comma Separated Values (Windows).ADR
2008-06-18 21:32:47 0 d-------- C:\Program Files\Enigma Software Group
2008-06-18 19:35:53 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\TmpRecentIcons
2008-06-10 16:33:42 0 d-------- C:\Program Files\Corel
2008-06-10 16:33:42 0 d-------- C:\Program Files\Common Files\Corel
2008-06-03 20:27:12 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\Macromedia
2008-06-03 20:27:12 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\Adobe
2008-05-26 22:16:55 0 dr------- C:\Program Files\TypingMaster
2008-05-26 21:48:24 24 --a------ C:\Documents and Settings\Tyrone Pratt\Application Data\MyPhrases.dta
2008-05-26 18:18:23 0 d-------- C:\Documents and Settings\Tyrone Pratt\Application Data\TypingMaster7
2008-05-15 22:05:58 160256 --a------ C:\WINDOWS\System32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-01 22:16:34 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5f977598-80e5-82ce-d7a5-e55761f55dcc}]
07/11/2008 08:47 158208 --a------ C:\WINDOWS\System32\tnhydbpfbzqeqbao.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82336A8D-6CD0-4647-B791-75FCA8CF2B39}]
07/19/2008 16:25 25888 --------- C:\WINDOWS\system32\byXoOghi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA4EEF3A-23D8-7A7C-F935-7AA2939F4297}]
05/29/2008 13:34 60928 --a------ C:\WINDOWS\System32\bxuublf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aafb100c-118c-4d29-a41d-42f1bb77eb9e}]
07/19/2008 15:11 105296 --a------ C:\WINDOWS\System32\lydldg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A012E0-1B31-4124-9AB0-0B9533BA2EEB}]
07/14/2008 18:31 314672 --a------ C:\WINDOWS\System32\xxyvvTkJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFF56F3D-71A6-4C13-A166-B97D193FA0E0}]
C:\WINDOWS\System32\rqRIcARH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE45B835-27DD-727D-FF35-7AA2939F4DC2}]
C:\WINDOWS\System32\odu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [02/10/2004 11:55]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [02/10/2004 11:51]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 20:12]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 16:07 C:\WINDOWS\SYSTEM32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [09/14/2005 12:38 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [09/14/2005 12:38 C:\WINDOWS\ALCMTR.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/28/2007 23:43]
"nwiz"="nwiz.exe" [06/28/2007 23:43 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [06/28/2007 23:43]
"24e44522"="C:\WINDOWS\System32\pdfbmfmx.dll" [07/19/2008 15:07]
"{4921b6cf-de68-a5eb-2ec9-88964d3abe3d}"="C:\WINDOWS\System32\tnhydbpfbzqeqbao.dll" [07/11/2008 08:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 13:39]
"Aire"="C:\DOCUME~1\TYRONE~1\MYDOCU~1\MANTEC~1\iexplore.exe" [07/19/2008 16:28]
"Kvqrkvfo"="C:\Program Files\Common Files\W?nSxS\?ttrib.exe" [05/29/2008 13:35]

C:\Documents and Settings\Tyrone Pratt\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{82336A8D-6CD0-4647-B791-75FCA8CF2B39}"= C:\WINDOWS\system32\byXoOghi.dll [07/19/2008 16:25 25888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="lsass.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXoOghi]
byXoOghi.dll 07/19/2008 16:25 25888 C:\WINDOWS\SYSTEM32\byXoOghi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXQKcYP]
byXQKcYP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmjgF]
nnnmmjgF.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\xxyvvTkJ
"Notification Packages"= scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tyrone Pratt^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\Tyrone Pratt\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\24e44522]
rundll32.exe "C:\WINDOWS\System32\scotvqva.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aire]
"C:\DOCUME~1\TYRONE~1\MYDOCU~1\MANTEC~1\iexplore.exe" -vt ndrv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Butmz]
"C:\Documents and Settings\Tyrone Pratt\My Documents\T?sks\d?dplay.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule19]
"C:\Program Files\GetModule\GetModule19.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack19]
"C:\Program Files\GetPack\GetPack19.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imzi]
C:\PROGRA~1\COMMON~1\imzi\imzim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sakora]
C:\Program Files\Sakora\Sakora.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
C:\Documents and Settings\Tyrone Pratt\Application Data\SpeedRunner\SpeedRunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{4921b6cf-de68-a5eb-2ec9-88964d3abe3d}]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\tnhydbpfbzqeqbao.dll" DllStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"IDriverT"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8826 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-20 14:48:26 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3700+
Percentage of Memory in Use: 14%
Physical Memory (total/avail): 3070.42 MiB / 2617.21 MiB
Pagefile Memory (total/avail): 3298.84 MiB / 2995.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.96 MiB

C: is Fixed (NTFS) - 33.71 GiB total, 10.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 33.71 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tyrone Pratt\Application Data
CLASSPATH=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TGP
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tyrone Pratt
LOGONSERVER=\\TGP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 55 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=3702
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TYRONE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TYRONE~1\LOCALS~1\Temp
USERDOMAIN=TGP
USERNAME=Tyrone Pratt
USERPROFILE=C:\Documents and Settings\Tyrone Pratt
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tyrone Pratt (admin)
kobefan2476 (new local, admin)
Administrator.TGP (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Deewoo Network Manager removal --> C:\WINDOWS\SYSTEM32\kcntptdm.exe -UPop
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EasyRecovery Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1033
Enhancement Browser Tools Bannerstyle --> C:\WINDOWS\System32\eihcarqakxethqho.exe
Exact Audio Copy PSP Edition 1.0 --> C:\Program Files\Exact Audio Copy PSP Edition\uninst.exe
GoldWave v5.18 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.18" "C:\Program Files\GoldWave\unstall.log"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 8.0 --> C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Smart Web Printing 1.0 --> MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Speed Monitor --> C:\Program Files\iCheck\Uninstall.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MortScript --> C:\Program Files\Microsoft ActiveSync\MortScript\Uninstall.exe MortScript
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.41 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
Nero 8 Demo --> MsiExec.exe /X{5E6EC4DD-7B1F-4E10-82B9-EA1B90791033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Photo Contacts PRO --> C:\Program Files\Microsoft ActiveSync\Photo Contacts PRO\Uninstall.exe Photo Contacts PRO
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PS3 Video 9 2.21 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PSP Video 9 2.24 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Resco Game Box --> C:\WINDOWS\RSetupCE.exe -uninstC:\Program Files\Resco\Game Box\_Install.log
Resco Sudoku --> C:\WINDOWS\RSetupCE.exe -uninstC:\Program Files\Resco\Sudoku\_Install.log
Sakora --> "C:\Program Files\Sakora\Sakora.exe" -uninstall
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Sogou PXP Accelerator 2.2.0.19 --> C:\Program Files\Sogou PXP\Uninstall.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Spb Brain Evolution --> C:\Program Files\Microsoft ActiveSync\Spb Brain Evolution\Uninstall.exe Spb Brain Evolution
Spb FreeCell --> C:\Program Files\Microsoft ActiveSync\Spb FreeCell\Uninstall.exe Spb FreeCell
Spb Mobile Shell --> C:\Program Files\Microsoft ActiveSync\SpbMobileShell\Uninstall.exe Spb Mobile Shell
SpeedRunner --> C:\Documents and Settings\Tyrone Pratt\Application Data\SpeedRunner\SRUninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Webtools --> cmd /C regsvr32 /u /s "C:\Program Files\Webtools\webtools.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Webtools" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Webtools\"" /f
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type2914 / Error
Event Submitted/Written: 07/20/2008 01:43:40 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type2913 / Error
Event Submitted/Written: 07/20/2008 01:43:40 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type2903 / Error
Event Submitted/Written: 07/19/2008 04:46:21 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type2902 / Error
Event Submitted/Written: 07/19/2008 04:46:21 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type2900 / Error
Event Submitted/Written: 07/19/2008 04:32:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2800.1106, faulting module ntdll.dll, version 5.1.2600.1217, fault address 0x00019d65.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9582 / Error
Event Submitted/Written: 07/20/2008 02:29:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type9578 / Error
Event Submitted/Written: 07/20/2008 02:27:50 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type9577 / Error
Event Submitted/Written: 07/20/2008 02:16:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type9576 / Error
Event Submitted/Written: 07/20/2008 01:46:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type9575 / Error
Event Submitted/Written: 07/20/2008 01:45:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-07-20 14:48:26 ------------

BC AdBot (Login to Remove)

 


#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:11:38 AM

Posted 06 August 2008 - 09:39 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:11:38 AM

Posted 10 August 2008 - 09:23 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users