Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Cant Find It


  • This topic is locked This topic is locked
2 replies to this topic

#1 aussiegirl

aussiegirl

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:queensland
  • Local time:06:50 AM

Posted 27 July 2008 - 06:43 PM

my computer is infected but i cant find with what. i think it has come from ie . i cannot turn my updates on i keep getting virus warning from my security programs and some time i loose all my icons on desktop beside my background
please help



Deckard's System Scanner v20071014.68
Run by jolene&ronnie on 2008-07-28 07:57:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-07-27 21:58:09 UTC - RP38 - Deckard's System Scanner Restore Point
28: 2008-07-26 23:24:23 UTC - RP37 - Last known good configuration
27: 2008-07-26 23:24:18 UTC - RP36 - System Checkpoint
26: 2008-07-26 23:24:18 UTC - RP35 - Software Distribution Service 3.0
25: 2008-07-26 23:24:18 UTC - RP34 - System Checkpoint


-- First Restore Point --
1: 2008-07-26 23:24:16 UTC - RP10 - Update of Auslogics BoostSpeed


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-28 08:02:08
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jolene&ronnie\My Documents\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
O2 - BHO: (no name) - {8CAA47B8-4995-4E76-BFF2-8190EFF6D971} - C:\WINDOWS\system32\mlJYppqn.dll
O2 - BHO: (no name) - {AE027B4C-A223-4DA9-9388-03CE54AA0B59} - C:\WINDOWS\system32\unbemtjp.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [c86f7c4d] rundll32.exe "C:\WINDOWS\system32\ikdddiiu.dll",b
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://allslots.microgaming.com/allslots/FlashAX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AusLogics Windows Themes Helper (ALThemeHelper) - Unknown owner - C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--
End of file - 7706 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\\Icons\iconpackage\XP iCandy - 70.ico,0
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\\Icons\iconpackage\XP iCandy - 71.ico,0
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.ini - inifile - DefaultIcon - C:\WINDOWS\\Icons\iconpackage\XP iCandy - 67.ico,0
.txt - txtfile - DefaultIcon - C:\WINDOWS\\Icons\iconpackage\XP iCandy - 63.ico,0


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_211C1462&REV_10\3&13C0B0C5&0&38
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_211C1462&REV_10\3&13C0B0C5&0&38
Service: RTL8023xp

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: IVI VIRTUALDRV SCSI Controller
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: INTERVIDEO
Name: IVI VIRTUALDRV SCSI Controller
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: iviVD


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 07:53:46 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-14 20:08:14 376 --a------ C:\WINDOWS\Tasks\XoftSpySE.job


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 08:03:18 89088 --a------ C:\WINDOWS\system32\lycbqwww.dll
2008-07-28 08:02:10 118784 --a------ C:\WINDOWS\system32\leynkhfc.dll
2008-07-28 08:00:41 118784 --a------ C:\WINDOWS\system32\unbemtjp.dll
2008-07-28 07:53:28 81408 --a------ C:\WINDOWS\system32\ikdddiiu.dll
2008-07-28 07:44:09 96256 --a------ C:\WINDOWS\system32\yjlgsq.dll
2008-07-28 07:44:07 96256 --a------ C:\WINDOWS\system32\esqrgbxo.dll
2008-07-28 07:39:39 89088 --a------ C:\WINDOWS\system32\yvcibuhn.dll
2008-07-27 18:53:40 0 d--hs---- C:\FOUND.000
2008-07-27 17:44:04 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-27 17:41:52 0 d-------- C:\Program Files\Lavasoft
2008-07-27 17:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 09:33:18 80896 --a------ C:\WINDOWS\system32\ockxfxtp.dll
2008-07-27 09:24:55 89600 --a------ C:\WINDOWS\system32\abehhqyv.dll
2008-07-27 09:24:06 345 --ahs---- C:\WINDOWS\system32\nqppYJlm.ini2
2008-07-27 09:23:59 246272 --a------ C:\WINDOWS\system32\mlJYppqn.dll
2008-07-24 12:51:24 0 d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-07-24 12:37:33 0 d-------- C:\Program Files\Tradewinds Caravans
2008-07-24 12:35:22 0 d-------- C:\Program Files\Virtual Farm
2008-07-23 11:23:14 0 d-------- C:\etax2008
2008-07-23 08:50:31 0 dr-h----- C:\Documents and Settings\jolene&ronnie\Recent
2008-07-22 18:23:57 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\funkitron
2008-07-22 18:23:06 0 d-------- C:\Program Files\Aloha Tripeaks
2008-07-22 18:22:12 0 d-------- C:\Program Files\Poker Superstars III
2008-07-22 13:30:09 0 d-------- C:\Program Files\Pirates Plunder
2008-07-22 13:13:41 0 d-------- C:\Program Files\Cash Out
2008-07-22 13:13:24 0 d-------- C:\Program Files\Totem Treasure
2008-07-18 20:06:49 0 d-------- C:\Program Files\Sallys Spa
2008-07-18 18:16:23 0 d-------- C:\Program Files\Slingo Casino Pak
2008-07-18 17:25:27 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\EA
2008-07-18 17:25:13 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2008-07-18 17:24:44 0 d-------- C:\Program Files\Casino Island To Go
2008-07-16 18:44:15 0 d-------- C:\Program Files\Virtual Villagers
2008-07-14 17:09:20 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\ieSpell
2008-07-14 17:07:29 0 d-------- C:\Program Files\ieSpell
2008-07-14 14:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Total Gameplay
2008-07-11 07:52:00 0 d-------- C:\Program Files\Common Files\PCSuite
2008-07-11 07:51:58 0 d-------- C:\Program Files\Common Files\Nokia
2008-07-11 07:49:58 0 d-------- C:\Program Files\PC Connectivity Solution
2008-07-11 07:47:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-07-10 12:49:32 32549 --a------ C:\WINDOWS\king-uninstall.exe
2008-07-10 08:20:15 0 d-------- C:\Program Files\Virtual Villagers The Secret City
2008-07-08 08:49:55 0 d-------- C:\Program Files\CCleaner
2008-07-07 08:35:50 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\mIRC
2008-07-07 08:25:36 0 d-a------ C:\Program Files\invision
2008-07-07 08:22:35 0 d-------- C:\Program Files\mIRC.Install
2008-07-06 19:31:58 0 d-------- C:\Drivers
2008-07-06 13:13:09 0 d-------- C:\Program Files\Conduit
2008-07-06 13:13:04 0 d-------- C:\Program Files\RadarSync
2008-07-04 18:52:05 0 d-------- C:\WINDOWS\Icons
2008-07-04 18:50:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Visual Styler
2008-07-04 18:50:26 2259968 --a------ C:\WINDOWS\system32\ntoskvs1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-04 17:20:56 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\Visual Styler
2008-07-04 08:24:22 0 d-------- C:\WINDOWS\Prefetch
2008-07-04 08:15:32 0 d-------- C:\WINDOWS\system32\scripting
2008-07-04 08:15:31 0 d-------- C:\WINDOWS\system32\en
2008-07-04 08:15:31 0 d-------- C:\WINDOWS\l2schemas
2008-07-04 08:15:30 0 d-------- C:\WINDOWS\system32\bits
2008-07-04 08:13:49 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-04 08:07:09 0 d-------- C:\WINDOWS\EHome
2008-07-02 20:46:18 0 d-------- C:\Program Files\Build in Time
2008-07-02 19:41:24 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\ViquaSoft
2008-07-02 19:40:50 0 d-------- C:\Program Files\First Class Flurry
2008-07-01 22:52:35 0 d-------- C:\Program Files\Magic Tale
2008-07-01 22:47:20 30720 --a------ C:\WINDOWS\system32\RCHTXCHS.DLL <Not Verified; Microsoft Corporation; RichText>
2008-07-01 22:47:20 13824 --a------ C:\WINDOWS\system32\INETCHS.DLL <Not Verified; Microsoft Corporation; Microsoft Internet Transfer Control>
2008-07-01 22:47:20 83552 --a------ C:\WINDOWS\system32\GAPI32.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-07-01 22:47:20 26384 --a------ C:\WINDOWS\system32\FM20CHS.DLL <Not Verified; Microsoft Corporation; Microsoft ® Forms>
2008-07-01 22:47:19 0 d-------- C:\KidsMath
2008-07-01 22:42:52 0 d-------- C:\Program Files\ABC4KIDS
2008-06-30 17:01:11 0 d-------- C:\Program Files\Wedding Dash 2


-- Find3M Report ---------------------------------------------------------------

2008-07-26 16:50:04 668 --a------ C:\Documents and Settings\jolene&ronnie\Application Data\vso_ts_preview.xml
2008-07-01 08:59:58 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-27 16:34:58 0 d-------- C:\Program Files\Vogue Tales
2008-06-27 16:31:38 0 d-------- C:\Program Files\Shopping Blocks
2008-06-27 07:35:46 47360 --a------ C:\Documents and Settings\jolene&ronnie\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-27 07:35:46 33 --a------ C:\Documents and Settings\jolene&ronnie\Application Data\pcouffin.log
2008-06-27 07:35:46 1144 --a------ C:\Documents and Settings\jolene&ronnie\Application Data\pcouffin.inf
2008-06-27 07:35:46 7887 --a------ C:\Documents and Settings\jolene&ronnie\Application Data\pcouffin.cat
2008-06-22 17:48:22 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\iWin
2008-06-21 10:31:24 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\WinRAR
2008-06-19 19:03:56 0 d-------- C:\Program Files\MFInstall
2008-06-15 15:08:12 0 d-------- C:\Program Files\Movkit Batch Video Converter
2008-06-12 16:10:00 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\ITTNord
2008-06-12 16:09:34 0 d-------- C:\Program Files\Money Tree
2008-06-07 09:01:52 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\Ceedo
2008-06-05 19:16:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-05 19:16:10 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\SUPERAntiSpyware.com
2008-06-05 19:15:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 14:31:10 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\dvdcss
2008-06-03 19:51:22 10048 --a------ C:\WINDOWS\system32\mspriv32.dll
2008-05-31 19:54:06 0 d-------- C:\Documents and Settings\jolene&ronnie\Application Data\Auslogics
2008-05-31 19:51:10 0 d-------- C:\Program Files\Auslogics
2008-05-15 18:11:24 17 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CAA47B8-4995-4E76-BFF2-8190EFF6D971}]
07/27/2008 09:24 AM 246272 --a------ C:\WINDOWS\system32\mlJYppqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE027B4C-A223-4DA9-9388-03CE54AA0B59}]
07/28/2008 08:02 AM 118784 --a------ C:\WINDOWS\system32\leynkhfc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/16/2008 09:19 AM]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [07/27/2008 05:52 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"c86f7c4d"="C:\WINDOWS\system32\ikdddiiu.dll" [07/28/2008 07:53 AM]
"BMcb5c4fd1"="C:\WINDOWS\system32\lycbqwww.dll" [07/28/2008 08:03 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [06/26/2008 01:30 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJYppqn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"C-DillaCdaC11BA"=2 (0x2)
"AresChatServer"=3 (0x3)
"aawservice"=2 (0x2)
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16333d32-d90d-11dc-924e-9972b9325d67}]
AutoRun\command- G:\Autorun.exe /run
Shell00\Command- G:\Autorun.exe /run
Shell01\Command- G:\Autorun.exe /action
Shell02\Command- G:\Autorun.exe /uninstall




-- Hosts -----------------------------------------------------------------------

127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 downloads.180solutions.com

6621 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-28 08:05:31 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 494.48 MiB / 109.01 MiB
Pagefile Memory (total/avail): 1155.64 MiB / 755.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.68 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 19.52 GiB total, 3.62 GiB free.
D: is Fixed (FAT32) - 46.12 GiB total, 0.58 GiB free.
E: is Fixed (NTFS) - 46.12 GiB total, 18.26 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BB-00RDA0 - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 92.25 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jolene&ronnie\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOLENE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jolene&ronnie
LOGONSERVER=\\JOLENE
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\jolene&ronnie\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOLENE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOLENE~1\LOCALS~1\Temp
USERDOMAIN=JOLENE
USERNAME=jolene&ronnie
USERPROFILE=C:\Documents and Settings\jolene&ronnie
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

jolene&ronnie (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
101 Kid's Brainy Games --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25AA6102-EA34-4045-BF7B-EEB3162AD006}\SETUP.EXE" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
a-squared Anti-Malware 3.5 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
ABC 4 KIDS Workshop --> "C:\Program Files\ABC4KIDS\unins000.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Aloha Tripeaks --> "C:\Program Files\Aloha Tripeaks\ReflexiveArcade\unins000.exe"
AusLogics BoostSpeed --> "C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AusLogics Visual Styler --> "C:\Program Files\Auslogics\AusLogics Visual Styler\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Barbie Girls --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{16B18999-56D7-4E8F-A40C-385E68A6D0CD}
Build in Time --> "C:\Program Files\Build in Time\ReflexiveArcade\unins000.exe"
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP150 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Cash Out --> "C:\Program Files\Cash Out\ReflexiveArcade\unins000.exe"
Casino Island To Go --> "C:\Program Files\Casino Island To Go\ReflexiveArcade\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.1.0.24 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
D-Link DSLs --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{509E7E30-8EC3-449B-8C59-B952E7489B0F}\setup.exe" -l0x9
Digital Locker Assistant --> MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
DivxToDVD 0.5.2b --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
DVDFab HD Decrypter 3.2.0.0 --> "C:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
e-tax 2008 --> C:\etax2008\e-tax 2008_uninstall.exe
Fashion Boutique --> "C:\Program Files\Fashion Boutique\ReflexiveArcade\unins000.exe"
Fashion Craze --> "C:\Program Files\Fashion Craze\ReflexiveArcade\unins000.exe"
First Class Flurry --> "C:\Program Files\First Class Flurry\ReflexiveArcade\unins000.exe"
Fish Tycoon --> "C:\Program Files\Fish Tycoon\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
iriver Firmware Updater (remove only) --> "C:\Program Files\iriver\iriver Firmware Updater\uninstall.exe"
iriver plus 3 (remove only) --> "C:\Program Files\iriver\iriver plus 3\uninstall.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Jojos Fashion Show --> "C:\Program Files\Jojos Fashion Show\ReflexiveArcade\unins000.exe"
K-Lite Codec Pack 3.5.3 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KidsMath --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{866FD47D-3D60-492F-92C9-BC9F009EA588}\Setup.exe"
king.com (remove only) --> "C:\WINDOWS\king-uninstall.exe"
Lowrance X135 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BD01232-B43C-4C13-A247-6FF568CB4DAB}\Setup.exe" -l0x9
Magic Tale --> "C:\Program Files\Magic Tale\ReflexiveArcade\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Money Tree --> "C:\Program Files\Money Tree\ReflexiveArcade\unins000.exe"
Movie Converter (remove only) --> "C:\Program Files\iriver\Movie Converter\uninstall.exe"
Movkit Batch Video Converter 2.5 --> "C:\Program Files\Movkit Batch Video Converter\unins000.exe"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyHeritage Family Tree Builder --> C:\Program Files\MyHeritage\Bin\Uninstall.exe
Nero 8 Essentials --> MsiExec.exe /X{01ED1F71-DFB4-43CC-B787-02D07BC9F59B}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights --> MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Nokia_PC_Suite_rel_7_0_7_0_eng_us_web[1].exe
Nokia PC Suite --> MsiExec.exe /I{2B8BEBBF-73A0-497D-9900-8474D022AB3F}
Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
OLYMPUS Master 2 --> MsiExec.exe /X{CBC85F2E-1981-4C55-9418-908D08D2C6E8}
OLYMPUS muvee theaterPack --> MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PC Connectivity Solution --> MsiExec.exe /I{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}
PCI SoftV92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -IPSCRCSR5K.inf
Pirates Plunder --> "C:\Program Files\Pirates Plunder\ReflexiveArcade\unins000.exe"
Poker Superstars III --> "C:\Program Files\Poker Superstars III\ReflexiveArcade\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek AC'97 Audio --> Alcrmv.exe -r -m
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Sallys Spa --> "C:\Program Files\Sallys Spa\ReflexiveArcade\unins000.exe"
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
SecurDisc Viewer --> MsiExec.exe /X{B941B1C3-40AF-4E1E-AA5F-ED99EDEA1033}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shopping Blocks --> "C:\Program Files\Shopping Blocks\ReflexiveArcade\unins000.exe"
Slingo Casino Pak --> "C:\Program Files\Slingo Casino Pak\ReflexiveArcade\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Totem Treasure --> "C:\Program Files\Totem Treasure\ReflexiveArcade\unins000.exe"
Tracks Eraser Pro v7.2 --> "C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe"
Tradewinds Caravans --> "C:\Program Files\Tradewinds Caravans\ReflexiveArcade\unins000.exe"
Uninstall Startup Inspector --> "C:\Program Files\Startup Inspector for Windows\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Farm --> "C:\Program Files\Virtual Farm\ReflexiveArcade\unins000.exe"
Virtual Villagers --> "C:\Program Files\Virtual Villagers\ReflexiveArcade\unins000.exe"
Virtual Villagers The Secret City --> "C:\Program Files\Virtual Villagers The Secret City\ReflexiveArcade\unins000.exe"
Vogue Tales --> "C:\Program Files\Vogue Tales\ReflexiveArcade\unins000.exe"
Wedding Dash 2 --> "C:\Program Files\Wedding Dash 2\ReflexiveArcade\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\2wirepcp_69FADC00605194186DA779D20303F74BFB7E55F3\2wirepcp.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahtzee --> "C:\Program Files\Yahtzee\ReflexiveArcade\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type89 / Warning
Event Submitted/Written: 07/27/2008 03:48:04 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type79 / Warning
Event Submitted/Written: 07/26/2008 00:14:08 AM / 07/26/2008 00:14:09 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type75 / Warning
Event Submitted/Written: 07/24/2008 10:38:53 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type71 / Warning
Event Submitted/Written: 07/23/2008 10:02:42 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type67 / Warning
Event Submitted/Written: 07/23/2008 09:24:55 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type921 / Warning
Event Submitted/Written: 07/28/2008 08:03:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOLENE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOLENE27 can't undo changes that you allow.

For more information please see the following:
%JOLENE275

Scan ID: {2CE36CC8-C7E4-41B3-B426-C76402EFFD4D}

User: JOLENE\jolene&ronnie

Name: %JOLENE271

ID: %JOLENE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOLENE276

Alert Type: %JOLENE278

Detection Type: 1.1.1593.02

Event Record #/Type915 / Warning
Event Submitted/Written: 07/28/2008 07:53:37 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOLENE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOLENE27 can't undo changes that you allow.

For more information please see the following:
%JOLENE275

Scan ID: {BF047C4E-C2BD-4826-B11F-BF305B3F9B7A}

User: JOLENE\jolene&ronnie

Name: %JOLENE271

ID: %JOLENE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOLENE276

Alert Type: %JOLENE278

Detection Type: 1.1.1593.02

Event Record #/Type911 / Warning
Event Submitted/Written: 07/28/2008 07:53:17 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOLENE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOLENE27 can't undo changes that you allow.

For more information please see the following:
%JOLENE275

Scan ID: {08EF078D-F7AA-4A79-9C44-165F284E01CB}

User: JOLENE\jolene&ronnie

Name: %JOLENE271

ID: %JOLENE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOLENE276

Alert Type: %JOLENE278

Detection Type: 1.1.1593.02

Event Record #/Type892 / Error
Event Submitted/Written: 07/28/2008 07:51:03 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%2

Event Record #/Type888 / Warning
Event Submitted/Written: 07/28/2008 07:47:06 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOLENE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOLENE27 can't undo changes that you allow.

For more information please see the following:
%JOLENE275

Scan ID: {03065D31-3A1E-49E5-BB05-E79D04BE6AA6}

User: JOLENE\jolene&ronnie

Name: %JOLENE271

ID: %JOLENE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOLENE276

Alert Type: %JOLENE278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-28 08:05:31 ------------

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 PM

Posted 27 July 2008 - 07:48 PM

Hello aussiegirl

Welcome to BleepingComputer :thumbsup:
========================
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
============
Next:

Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /daft then hit ok.
Place a check next to everything and click on fix.
Rescan again and it should say all associations ok.

===================================================
Then:
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\lycbqwww.dll
    C:\WINDOWS\system32\leynkhfc.dll
    C:\WINDOWS\system32\unbemtjp.dll
    C:\WINDOWS\system32\ikdddiiu.dll
    C:\WINDOWS\system32\yjlgsq.dll
    C:\WINDOWS\system32\esqrgbxo.dll
    C:\WINDOWS\system32\yvcibuhn.dll
    C:\WINDOWS\system32\ockxfxtp.dll
    C:\WINDOWS\system32\abehhqyv.dll
    C:\WINDOWS\system32\nqppYJlm.ini2
    C:\WINDOWS\system32\mlJYppqn.dll
    G:\Autorun.exe 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMcb5c4fd1
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16333d32-d90d-11dc-924e-9972b9325d67}
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================
Post back with these logs:
OT Move it log
New dss log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 PM

Posted 16 August 2008 - 08:14 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users