Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo - Can't Remove - Tuvsqonf.dll


  • Please log in to reply
2 replies to this topic

#1 mowax

mowax

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 29 July 2008 - 02:53 AM

hey all, i got it, i'm infected! :thumbsup:

this is what's happening, i have run vundofix V7.0.6 and it finds 4 files, it attempts to remove 3 of them which it does but then it leaves TuVQOnf.dll and then when i restart my pc obviusly it kicks back in.

I have to start my pc in safe mode with command prompt to run vundofix as even in safe mode it hangs the pc when it reaches spunisnt.txt.

I'm sitting in safe mode here and have ran vundofix and it's waiting for a restart to remove the last file but that doesn't work.

i have run dss (thanks) but it won't download hijack this so it ran the clone and here is the log. hope some one can help.

Deckard's System Scanner v20071014.68
Run by on 2008-07-29 08:40:58
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-29 08:43:26
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VundoFix.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {493F974E-FEAE-459E-B770-D9262474EB97} - C:\WINDOWS\system32\tuvsqOhf.dll
O2 - BHO: (no name) - {508B224B-55C1-46DD-862F-91F0B7441BE3} - C:\WINDOWS\system32\nnnoNfCu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {88609031-CFE7-4CD5-8784-E993AAB1BF6A} - C:\WINDOWS\system32\ssqOFvtr.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9F6901B5-E98E-477F-89BE-433F936CE173} - C:\WINDOWS\system32\yaywxVMF.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe 5.1\IEBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NSLauncher] "C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" /startup
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [VundoFix] "C:\\vundofix.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real D
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GammaTray.lnk = C:\Program Files\MagicTune Premium\GammaTray.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: Watch.lnk = C:\Program Files\MUSTEK 1248UB\Driver\WATCH.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} () - http://download.microsoft.com/download/0/f...tualEarth3D.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://216.228.42.30:1024/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://208.1.71.101/LNetCam.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166227091640
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166161785234
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E...04/clearadj.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.23.231.4/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {ED05841C-BC69-4F82-A061-F11F938E12FE} (CCallerCtrl Object) - https://secure.on-instant.com/hello/VoiceCommerce.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\system32\Crypserv.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\cwbrxd.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\system32\StkASv2K.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 16024 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
3 cpuz129 - c:\program files\pc wizard 2008\pcwiz32.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver>
3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>
2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
2 LF30FS - c:\program files\everstrike software\lock folder xp 3.6\lf30xp.sys
3 MagicTune - system32\drivers\mtictwl.sys (file missing)
1 NetworkX - c:\windows\system32\ckldrv.sys
3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)
3 SANDRA - c:\program files\sisoftware\sisoftware sandra 2002 standard\sandra.sys (file missing)
0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - c:\windows\system32\drivers\ssfs0509.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
3 StkAMini (Syntek STK1160) - c:\windows\system32\drivers\stkamini.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Video Mini Driver>
3 StkScan (Syntek STK1160 Still Image) - c:\windows\system32\drivers\stkscan.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Still Image Driver>
3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
3 ULCDRHlp - c:\windows\system32\drivers\ulcdrhlp.sys <Not Verified; Ulead Systems, Inc.; Ulead CD/DVD Burning Engine>
3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
3 VMHybrid (VMHybrid service) - c:\windows\system32\drivers\vmhybrid.sys <Not Verified; Compro Tech.; VideoMate Hybrid TV>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
3 awhost32 (Symantec pcAnywhere Host Service) - c:\program files\symantec\pcanywhere\awhost32.exe
2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe
2 Crypkey License - c:\windows\system32\crypserv.exe
3 Cwbrxd (Client Access Express Remote Command) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM® AS/400® Client Access Express for Windows®>
2 Icecast (Icecast Media Server) - c:\program files\icecast2 win32\icecastservice.exe
2 LMIMaint (LogMeIn Maintenance Service) - c:\program files\logmein\x86\ramaint.exe
2 LogMeIn - c:\program files\logmein\x86\logmein.exe
3 MSSQL$SONY_MEDIAMGR - c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe
2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe
3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - c:\program files\winpcap\rpcapd.exe
3 ServiceLayer - c:\program files\pc connectivity solution\servicelayer.exe
3 SQLAgent$SONY_MEDIAMGR - c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe
2 SqueezeMySQL - c:\program files\squeezecenter\server\bin\mswin32-x86-multi-thread\mysqld.exe
2 StkASSrv (Syntek STK1160 Service) - c:\windows\system32\stkasv2k.exe
2 TVersityMediaServer - c:\program files\tversity\media server\mediaserver.exe
2 UleadBurningHelper (Ulead Burning Helper) - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe (file missing)
3 wampapache - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
3 wampmysqld - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld (file missing)
3 WLSetupSvc (Windows Live Setup Service) - c:\program files\windows live\installer\wlsetupsvc.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 22:43:15 496 --a------ C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job
2008-07-28 22:27:11 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-28 20:23:08 392 --a------ C:\WINDOWS\Tasks\lf.job
2008-07-26 13:54:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 08:40:04 0 d-------- \Deckard
2008-07-29 08:37:00 686630 --a------ \dss.exe
2008-07-29 08:07:08 0 d-------- C:\Program Files\Panda Security
2008-07-29 08:07:04 0 d-------- C:\WINDOWS\LastGood
2008-07-28 22:43:14 0 d-------- C:\Documents and Settings\Mowax\Application Data\Antispyware
2008-07-28 22:43:05 0 d-------- C:\Program Files\Antispyware
2008-07-28 20:55:54 0 d-------- \VundoFix Backups <VUNDOF~1>
2008-07-28 20:55:21 119808 --a------ \VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-07-28 20:40:21 0 d-------- C:\Program Files\Enigma Software Group
2008-07-28 16:48:51 35328 -----n--- C:\WINDOWS\system32\tuvsqOhf.dll
2008-07-28 16:48:32 0 d-------- C:\Documents and Settings\Mowax\Application Data\Xilisoft Corporation
2008-07-28 16:47:59 0 d-------- C:\Program Files\Xilisoft
2008-07-28 16:07:37 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-07-28 16:05:26 0 d-------- C:\Program Files\WinAVI Video Converter
2008-07-28 16:05:01 4526458 --a------ \WinAVI_Video_Converter.exe <WINAVI~1.EXE> <Not Verified; ZJ Computing, Inc. "; >
2008-07-28 11:23:12 0 d-------- \dreambox
2008-07-26 13:47:48 0 d-------- \weatherall <WEATHE~1>
2008-07-24 20:09:16 0 d-------- C:\WINDOWS\system32\Plugins
2008-07-17 18:32:23 7039008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 18:44:08 0 d-------- C:\Documents and Settings\Mowax\Application Data\DMCache
2008-07-08 18:44:00 0 d-------- C:\Program Files\Internet Download Manager
2008-07-08 17:53:44 0 d-------- C:\Program Files\Tensons


-- Find3M Report ---------------------------------------------------------------

2008-07-29 08:14:01 0 d-------- C:\Program Files\Symantec
2008-07-29 08:13:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-29 07:47:50 2146942976 --ahs---- \pagefile.sys
2008-07-28 22:58:24 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-07-28 16:43:36 0 d-------- C:\Documents and Settings\Mowax\Application Data\uTorrent
2008-07-28 03:34:36 0 d-------- C:\Program Files\LogMeIn
2008-07-24 15:51:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-20 11:28:56 0 d-------- C:\Program Files\Java
2008-07-17 18:30:00 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-17 19:39:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 19:38:36 0 d---s---- C:\Documents and Settings\Mowax\Application Data\Microsoft
2008-06-17 19:34:37 0 d-------- C:\Program Files\MSN Webcam Recorder
2008-06-17 19:33:16 0 --a------ C:\WINDOWS\system32\msupdte.exe
2008-06-17 19:31:47 11527846 --a------ C:\WINDOWS\system32\qqvideo13.exe <Not Verified; MSN Webcam Recorder; MSN Webcam Recorder 13.0>
2008-06-17 19:26:14 72 --a------ C:\WINDOWS\system32\Del.bat
2008-06-17 19:25:32 205229 --a------ C:\WINDOWS\system32\botnet.exe <Not Verified; ; F3nd3r>
2008-06-17 18:15:02 0 d-------- C:\Program Files\Common Files
2008-06-17 18:15:02 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-17 18:14:53 0 d-------- C:\Program Files\Common Files\Real
2008-06-07 17:33:26 0 d-------- C:\Documents and Settings\Mowax\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{493F974E-FEAE-459E-B770-D9262474EB97}]
28/07/2008 16:48 35328 --------- C:\WINDOWS\system32\tuvsqOhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{508B224B-55C1-46DD-862F-91F0B7441BE3}]
C:\WINDOWS\system32\nnnoNfCu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88609031-CFE7-4CD5-8784-E993AAB1BF6A}]
C:\WINDOWS\system32\ssqOFvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F6901B5-E98E-477F-89BE-433F936CE173}]
C:\WINDOWS\system32\yaywxVMF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [11/06/2004 04:15]
"SoundMan"="SOUNDMAN.EXE" [21/06/2006 11:42 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [14/04/2008 01:12 C:\WINDOWS\system32\rundll32.exe]
"ctfmon"="C:\WINDOWS\system32\CTF\ctfmon.exe" []
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [18/10/2006 22:58]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [28/11/2000 05:10]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [28/11/2000 05:10]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [28/11/2000 05:10]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [28/11/2000 05:10]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [14/10/2007 15:16]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 16:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"NvCplDaemon"="RUNDLL32.exe" [14/04/2008 01:12 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [14/04/2008 01:12 C:\WINDOWS\system32\rundll32.exe]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [07/09/2007 14:44]
"Microsoft WinUpdate"="C:\WINDOWS\system32\msupdte.exe" [17/06/2008 19:33]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/07/2008 09:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [03/08/2006 20:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [03/07/2007 12:32]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [28/03/2008 11:20]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [26/03/2008 18:41]
"Real Desktop"="C:\Program Files\Real D" []
"Antispyware"="C:\Program Files\Antispyware\Antispyware.exe" [28/07/2008 17:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"VundoFix"="C:\\vundofix.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Mowax\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [09/10/2004 15:18 49152]
"{493F974E-FEAE-459E-B770-D9262474EB97}"= C:\WINDOWS\system32\tuvsqOhf.dll [28/07/2008 16:48 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 28/05/2008 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 27/04/2007 13:10 18744 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnoNfCu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproRemote.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproRemote.lnk
backup=C:\WINDOWS\pss\ComproRemote.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproSchedulerDTV.lnk
backup=C:\WINDOWS\pss\ComproSchedulerDTV.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LFAgent]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
"C:\Program Files\ManyCam 2.1\ManyCam.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slide.exe]
"c:\program files\slide\slide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transcode360]
C:\Program Files\Transcode360\Transcode360Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"C:\Program Files\Google\Gmail Notifier\gnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7099a67c-e2d3-11db-8f01-0c0c0c926336}]
AutoRun\command- I:\OverdoseAutorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{88ABC5C0-4FCB-11BB-AAX5-81CX1C635612}]
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe



-- Hosts -----------------------------------------------------------------------

66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es


-- End of Deckard's System Scanner: finished at 2008-07-29 08:48:24 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2047.48 MiB / 1545.33 MiB
Pagefile Memory (total/avail): 3944.62 MiB / 3614 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.56 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 305.34 GiB total, 242.29 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 74.53 GiB total, 57.41 GiB free.
F: is Fixed (NTFS) - 38.34 GiB total, 38.28 GiB free.
G: is CDROM (No Media)
H: is Fixed (NTFS) - 74.56 GiB total, 28.25 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Perl\site\bin;C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\IDM Computer Solutions\UltraEdit-32;C:\Program Files\Symantec\pcAnywhere\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SAFEBOOT_OPTION=NETWORK
sourcesdk=c:\program files\steam\steamapps\\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
tvdumpflags=8
USERPROFILE=C:\Documents and Settings\Mowax
VProject=c:\program files\steam\steamapps\counter-strike source\cstrike
windir=C:\WINDOWS

Edited by mowax, 29 July 2008 - 02:57 AM.


BC AdBot (Login to Remove)

 


m

#2 mowax

mowax
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 29 July 2008 - 03:33 AM

here's a scan when the pc's running in normal mode.

Deckard's System Scanner v20071014.68
Run by Mowax on 2008-07-29 09:14:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-29 09:15:19
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\StkASv2K.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\MUSTEK 1248UB\Driver\WATCH.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {493F974E-FEAE-459E-B770-D9262474EB97} - C:\WINDOWS\system32\tuvsqOhf.dll
O2 - BHO: (no name) - {508B224B-55C1-46DD-862F-91F0B7441BE3} - C:\WINDOWS\system32\nnnoNfCu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {88609031-CFE7-4CD5-8784-E993AAB1BF6A} - C:\WINDOWS\system32\ssqOFvtr.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9F6901B5-E98E-477F-89BE-433F936CE173} - C:\WINDOWS\system32\yaywxVMF.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe 5.1\IEBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NSLauncher] "C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" /startup
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real D
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GammaTray.lnk = C:\Program Files\MagicTune Premium\GammaTray.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: Watch.lnk = C:\Program Files\MUSTEK 1248UB\Driver\WATCH.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} () - http://download.microsoft.com/download/0/f...tualEarth3D.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://216.228.42.30:1024/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://208.1.71.101/LNetCam.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166227091640
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166161785234
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E...04/clearadj.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.23.231.4/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {ED05841C-BC69-4F82-A061-F11F938E12FE} (CCallerCtrl Object) - https://secure.on-instant.com/hello/VoiceCommerce.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\system32\Crypserv.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\cwbrxd.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\system32\StkASv2K.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 17847 bytes

-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 09:15:19 604107 --ahs---- C:\WINDOWS\system32\fOoYJRqr.ini2
2008-07-29 09:15:14 246784 --a------ C:\WINDOWS\system32\rqRJYoOf.dll
2008-07-29 08:37:00 686630 --a------ C:\dss.exe
2008-07-29 08:07:08 0 d-------- C:\Program Files\Panda Security
2008-07-28 22:43:14 0 d-------- C:\Documents and Settings\Mowax\Application Data\Antispyware
2008-07-28 22:43:05 0 d-------- C:\Program Files\Antispyware
2008-07-28 20:55:54 0 d-------- C:\VundoFix Backups <VUNDOF~1>
2008-07-28 20:55:21 119808 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-07-28 20:40:21 0 d-------- C:\Program Files\Enigma Software Group
2008-07-28 16:48:51 35328 -----n--- C:\WINDOWS\system32\tuvsqOhf.dll
2008-07-28 16:48:32 0 d-------- C:\Documents and Settings\Mowax\Application Data\Xilisoft Corporation
2008-07-28 16:47:59 0 d-------- C:\Program Files\Xilisoft
2008-07-28 16:07:37 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-07-28 16:05:26 0 d-------- C:\Program Files\WinAVI Video Converter
2008-07-28 16:05:01 4526458 --a------ C:\WinAVI_Video_Converter.exe <WINAVI~1.EXE> <Not Verified; ZJ Computing, Inc. "; >
2008-07-28 11:23:12 0 d-------- C:\dreambox
2008-07-26 13:47:48 0 d-------- C:\weatherall <WEATHE~1>
2008-07-24 20:09:16 0 d-------- C:\WINDOWS\system32\Plugins
2008-07-17 18:32:23 7039008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 18:44:08 0 d-------- C:\Documents and Settings\Mowax\Application Data\DMCache
2008-07-08 17:53:44 0 d-------- C:\Program Files\Tensons


-- Find3M Report ---------------------------------------------------------------

2008-07-29 08:59:52 0 d-------- C:\Program Files\LogMeIn
2008-07-29 08:14:01 0 d-------- C:\Program Files\Symantec
2008-07-29 08:13:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-28 22:58:24 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-07-28 16:43:36 0 d-------- C:\Documents and Settings\Mowax\Application Data\uTorrent
2008-07-24 15:51:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-20 11:28:56 0 d-------- C:\Program Files\Java
2008-07-17 18:30:00 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-17 19:39:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 19:34:37 0 d-------- C:\Program Files\MSN Webcam Recorder
2008-06-17 19:33:16 0 --a------ C:\WINDOWS\system32\msupdte.exe
2008-06-17 19:31:47 11527846 --a------ C:\WINDOWS\system32\qqvideo13.exe <Not Verified; MSN Webcam Recorder; MSN Webcam Recorder 13.0>
2008-06-17 19:26:14 72 --a------ C:\WINDOWS\system32\Del.bat
2008-06-17 19:25:32 205229 --a------ C:\WINDOWS\system32\botnet.exe <Not Verified; ; F3nd3r>
2008-06-17 18:15:02 0 d-------- C:\Program Files\Common Files
2008-06-17 18:15:02 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-17 18:14:53 0 d-------- C:\Program Files\Common Files\Real
2008-06-07 17:33:26 0 d-------- C:\Documents and Settings\Mowax\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{493F974E-FEAE-459E-B770-D9262474EB97}]
28/07/2008 16:48 35328 --------- C:\WINDOWS\system32\tuvsqOhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{508B224B-55C1-46DD-862F-91F0B7441BE3}]
C:\WINDOWS\system32\nnnoNfCu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BC6E172-3DA0-4F99-9AB6-5CA1EEDEC6EE}]
29/07/2008 09:15 246784 --a------ C:\WINDOWS\system32\rqRJYoOf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88609031-CFE7-4CD5-8784-E993AAB1BF6A}]
C:\WINDOWS\system32\ssqOFvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F6901B5-E98E-477F-89BE-433F936CE173}]
C:\WINDOWS\system32\yaywxVMF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [11/06/2004 04:15]
"SoundMan"="SOUNDMAN.EXE" [21/06/2006 11:42 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [14/04/2008 01:12 C:\WINDOWS\system32\rundll32.exe]
"ctfmon"="C:\WINDOWS\system32\CTF\ctfmon.exe" []
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [18/10/2006 22:58]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [28/11/2000 05:10]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [28/11/2000 05:10]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [28/11/2000 05:10]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [28/11/2000 05:10]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [14/10/2007 15:16]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 16:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"NvCplDaemon"="RUNDLL32.exe" [14/04/2008 01:12 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [14/04/2008 01:12 C:\WINDOWS\system32\rundll32.exe]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [07/09/2007 14:44]
"Microsoft WinUpdate"="C:\WINDOWS\system32\msupdte.exe" [17/06/2008 19:33]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/07/2008 09:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [03/08/2006 20:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [03/07/2007 12:32]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [28/03/2008 11:20]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [26/03/2008 18:41]
"Real Desktop"="C:\Program Files\Real D" []
"Antispyware"="C:\Program Files\Antispyware\Antispyware.exe" [28/07/2008 17:21]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Mowax\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [09/10/2004 15:18 49152]
"{493F974E-FEAE-459E-B770-D9262474EB97}"= C:\WINDOWS\system32\tuvsqOhf.dll [28/07/2008 16:48 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 28/05/2008 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 27/04/2007 13:10 18744 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\rqRJYoOf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproRemote.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproRemote.lnk
backup=C:\WINDOWS\pss\ComproRemote.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproSchedulerDTV.lnk
backup=C:\WINDOWS\pss\ComproSchedulerDTV.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LFAgent]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
"C:\Program Files\ManyCam 2.1\ManyCam.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slide.exe]
"c:\program files\slide\slide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transcode360]
C:\Program Files\Transcode360\Transcode360Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"C:\Program Files\Google\Gmail Notifier\gnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7099a67c-e2d3-11db-8f01-0c0c0c926336}]
AutoRun\command- I:\OverdoseAutorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{88ABC5C0-4FCB-11BB-AAX5-81CX1C635612}]
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe



-- End of Deckard's System Scanner: finished at 2008-07-29 09:30:48 ------------

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:56 PM

Posted 01 August 2008 - 04:20 AM

Hello Mowax and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users