Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloader.zlob!gen.3 Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 SHaGGGz

SHaGGGz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 05 August 2008 - 09:05 PM

other places ive looked have told me that i need to remove certain registry entries that have hijacked my ass, but one of said entries is blocking me from accessing the registry. kind of a catch 22. but im sure thats no match for you guys :thumbsup:


Deckard's System Scanner v20071014.68
Run by Alex on 2008-08-05 18:43:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-06 01:43:49 UTC - RP121 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
System Drive C: has 2.58 GiB (less than 15%) free.


-- HijackThis (run as Alex.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45: VIRUS ALERT!, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\RECYCLER\S-1-5-21-484763869-1614574334-18083462561-100\services.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\RECYCLER\S-1-5-21-484763869-1614574334-18083462561-100\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Exterminate It!\ExterminateIt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alex\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: {d126c1c5-0cbf-f71a-4074-cc58aea6aed1} - {1dea6aea-85cc-4704-a17f-fbc05c1c621d} - C:\WINDOWS\system32\lnpecu.dll
O2 - BHO: (no name) - {2308EDED-D153-4A9C-BBF4-1585C74003FB} - C:\WINDOWS\system32\ddcYOgfF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QXK Olive - {8FAA3717-9266-4D22-A6DB-F347F56DDE7D} - C:\WINDOWS\wnlmdakqosx.dll (file missing)
O2 - BHO: (no name) - {F619BE1F-6533-4AF3-8EEA-B108C1AA24F6} - C:\WINDOWS\system32\cbXNGvUM.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: bgrqfetx - {C70BCB6B-51D7-40FE-8A88-CD5FA0088646} - C:\WINDOWS\bgrqfetx.dll (file missing)
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [98b1bca4] rundll32.exe "C:\WINDOWS\system32\txdsmjlb.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcYOgfF - C:\WINDOWS\SYSTEM32\ddcYOgfF.dll
O21 - SSODL: tfnslopk - {EA9700ED-BAC4-42E5-B9EB-8B17EEC1737C} - C:\WINDOWS\tfnslopk.dll (file missing)
O21 - SSODL: xokvrpwg - {662380DB-208F-4261-AE8A-3C6AE6AA6660} - C:\WINDOWS\xokvrpwg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: smss - Unknown owner - C:\RECYCLER\S-1-5-21-484763869-1614574334-18083462561-100\services.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7310 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080805-183416-594 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Driver>
R3 SQTECH930B (USB 2.0 PC CAMERA) - c:\windows\system32\drivers\capt930b.sys

S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 smss - c:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\services.exe

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}
Description: Standard floppy disk controller
Device ID: ACPI\PNP0700\4&14C67D85&0
Manufacturer: (Standard floppy disk controllers)
Name: Standard floppy disk controller
PNP Device ID: ACPI\PNP0700\4&14C67D85&0
Service: fdc


-- Scheduled Tasks -------------------------------------------------------------

2008-08-01 20:41:58 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Alex.job


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-05 18:30:58 0 d-------- C:\Program Files\Trend Micro
2008-08-05 18:09:25 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-05 17:56:13 99712 --a------ C:\WINDOWS\system32\txdsmjlb.dll
2008-08-05 17:56:09 120960 --a------ C:\WINDOWS\system32\lnpecu.dll
2008-08-05 17:56:08 120960 --a------ C:\WINDOWS\system32\bainhpft.dll
2008-08-05 17:19:20 0 d-------- C:\Program Files\Exterminate It!
2008-08-05 15:54:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-05 15:40:05 0 d-------- C:\VundoFix Backups
2008-08-05 14:09:32 0 d-------- C:\Program Files\Lavasoft
2008-08-05 14:09:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-05 14:09:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 11:53:50 99712 --a------ C:\WINDOWS\system32\ttpquinm.dll
2008-08-05 11:53:46 120960 --a------ C:\WINDOWS\system32\wgduxs.dll
2008-08-05 11:53:45 120960 --a------ C:\WINDOWS\system32\rlekcnvo.dll
2008-08-05 11:52:39 542802 --ahs---- C:\WINDOWS\system32\MUvGNXbc.ini2
2008-08-05 11:52:33 323328 --a------ C:\WINDOWS\system32\cbXNGvUM.dll
2008-08-05 11:49:35 34176 --a------ C:\WINDOWS\system32\ddcbbyaW.dll
2008-08-05 11:49:35 34176 --a------ C:\WINDOWS\system32\byXPGyYr.dll
2008-08-05 11:47:30 34176 --a------ C:\WINDOWS\system32\opnkjJaY.dll
2008-08-05 11:47:30 34176 --a------ C:\WINDOWS\system32\ddcYOgfF.dll
2008-08-05 11:47:05 0 d-------- C:\Documents and Settings\Alex\Application Data\TmpRecentIcons
2008-08-03 19:29:37 57436 --a------ C:\WINDOWS\DASShp.dll <Not Verified; Microsoft Corporation; Microsoft® DAS Client Components>
2008-08-03 19:29:36 0 d-------- C:\Program Files\Microsoft Reader
2008-08-01 19:14:37 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-08-01 19:14:37 0 d-------- C:\Program Files\On2 Technologies
2008-07-29 18:19:49 0 d-------- C:\Program Files\MAME32k
2008-07-27 20:35:28 0 d-------- C:\Program Files\shizmoo
2008-07-27 19:25:58 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-27 19:25:57 0 d-------- C:\Documents and Settings\Alex\Application Data\skypePM
2008-07-27 19:24:55 0 d-------- C:\Documents and Settings\Alex\Application Data\Skype
2008-07-27 19:24:40 0 d-------- C:\Program Files\Skype
2008-07-27 19:24:40 0 d-------- C:\Program Files\Common Files\Skype
2008-07-27 19:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-22 11:43:31 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-07-18 20:16:30 0 d-------- C:\Documents and Settings\Alex\Application Data\WinRAR
2008-07-12 14:52:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-07-12 14:18:41 0 d-------- C:\Program Files\SymNetDrv
2008-07-12 14:06:28 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys <Not Verified; Symantec Corporation; Symantec Core Component>
2008-07-12 14:06:19 0 d-------- C:\Program Files\Norton AntiVirus
2008-07-12 14:05:54 0 d-------- C:\Documents and Settings\Alex\Application Data\Symantec
2008-07-12 14:05:46 0 d-------- C:\Program Files\Symantec
2008-07-12 14:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-12 14:05:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-10 14:25:25 1857768 --a------ C:\JavaUpdate.exe
2008-07-05 17:03:24 0 dr-h----- C:\Documents and Settings\Alex\Application Data\SecuROM


-- Find3M Report ---------------------------------------------------------------

2008-08-05 14:41:16 0 d-------- C:\Documents and Settings\Alex\Application Data\uTorrent
2008-08-05 14:09:07 0 d-------- C:\Program Files\Common Files
2008-08-04 10:13:21 0 d-------- C:\Program Files\Soulseek-Test
2008-08-03 19:29:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-27 08:13:27 0 d-------- C:\Program Files\uTorrent
2008-07-14 14:24:03 0 d-------- C:\Program Files\DreamCatcher
2008-07-12 21:02:13 0 d-------- C:\Documents and Settings\Alex\Application Data\dvdcss
2008-07-11 00:10:04 0 d-------- C:\Documents and Settings\Alex\Application Data\Roxio
2008-07-10 14:25:16 28 --a------ C:\WINDOWS\system32\start
2008-06-28 14:09:21 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-25 15:31:07 0 d-------- C:\Program Files\Fallout
2008-06-22 17:14:07 0 d-------- C:\Program Files\Common Files\DirectX
2008-06-18 11:23:08 0 d-------- C:\Documents and Settings\Alex\Application Data\Mozilla
2008-05-16 18:27:17 4 --a------ C:\WINDOWS\win32t4.dll
2008-05-16 18:21:46 4096 --a------ C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dea6aea-85cc-4704-a17f-fbc05c1c621d}]
08/05/2008 17:56: VIRUS ALERT! 120960 --a------ C:\WINDOWS\system32\lnpecu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2308EDED-D153-4A9C-BBF4-1585C74003FB}]
08/05/2008 11:47: VIRUS ALERT! 34176 --a------ C:\WINDOWS\system32\ddcYOgfF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FAA3717-9266-4D22-A6DB-F347F56DDE7D}]
C:\WINDOWS\wnlmdakqosx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F619BE1F-6533-4AF3-8EEA-B108C1AA24F6}]
08/05/2008 11:52: VIRUS ALERT! 323328 --a------ C:\WINDOWS\system32\cbXNGvUM.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="point32.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 13:10: VIRUS ALERT!]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 17:32: VIRUS ALERT!]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [07/12/2008 14:18: VIRUS ALERT!]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 05:00: VIRUS ALERT!]
"98b1bca4"="C:\WINDOWS\system32\txdsmjlb.dll" [08/05/2008 17:56: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [12/27/2007 21:27: VIRUS ALERT!]
"AIM"="C:\Program Files\AIM\aim.exe" [06/07/2004 13:53: VIRUS ALERT!]
"Antivirus-2008.exe"="C:\Program Files\Antivirus 2008\Antivirus-2008.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 02:06: VIRUS ALERT!]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2308EDED-D153-4A9C-BBF4-1585C74003FB}"= C:\WINDOWS\system32\ddcYOgfF.dll [08/05/2008 11:47: VIRUS ALERT! 34176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"tfnslopk"= {EA9700ED-BAC4-42E5-B9EB-8B17EEC1737C} - C:\WINDOWS\tfnslopk.dll [ ]
"xokvrpwg"= {662380DB-208F-4261-AE8A-3C6AE6AA6660} - C:\WINDOWS\xokvrpwg.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcYOgfF]
ddcYOgfF.dll 08/05/2008 11:47: VIRUS ALERT! 34176 C:\WINDOWS\system32\ddcYOgfF.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXNGvUM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=C:\Documents and Settings\Alex\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Office Startup.lnk]
path=C:\Documents and Settings\Alex\Start Menu\Programs\Startup\Office Startup.lnk
backup=C:\WINDOWS\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\xRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98b1bca4]
rundll32.exe "C:\WINDOWS\system32\txdsmjlb.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
ofsilx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STICAP]
C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - STLLSSVR



-- End of Deckard's System Scanner: finished at 2008-08-05 18:46:25 ------------














Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
CPU 1: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 1519.17 MiB / 352.27 MiB
Pagefile Memory (total/avail): 3414.97 MiB / 2384.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.59 MiB

C: is Fixed (NTFS) - 97.66 GiB total, 2.58 GiB free.
D: is Fixed (NTFS) - 14.14 GiB total, 0.73 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1213N SCSI Disk Device - 111.81 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 97.66 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 14.14 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

FW: Norton Internet Worm Protection v2005 (Symantec)
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MissionRisk\\MissionRisk.exe"="C:\\Program Files\\MissionRisk\\MissionRisk.exe:*:Enabled:Based on risk, the classic military strategy game."
"C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\TetriNET\\TETRINET.EXE"="C:\\TetriNET\\TETRINET.EXE:*:Enabled:TETRINET"
"C:\\Program Files\\Steam\\steamapps\\shagggz\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\shagggz\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\shagggz\\half-life blue shift\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\shagggz\\half-life blue shift\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\TS\\GAME.ICD"="C:\\Program Files\\TS\\GAME.ICD:*:Enabled:Main executable for Tiberian Sun"
"C:\\Program Files\\TS\\Game.exe"="C:\\Program Files\\TS\\Game.exe:*:Enabled:Main executable for Tiberian Sun"
"C:\\Program Files\\Renegade\\Game.exe"="C:\\Program Files\\Renegade\\Game.exe:*:Enabled:Renegade"
"C:\\WINDOWS\\system32\\bcxlrv.exe"="C:\\WINDOWS\\system32\\bcxlrv.exe:*:Enabled:bcxlrv"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\WINDOWS\\system32\\ofsilx.exe"="C:\\WINDOWS\\system32\\ofsilx.exe:*:Disabled:ofsilx"
"C:\\RECYCLER\\S-1-5-21-484763869-1614574334-18083462561-100\\msiexec.exe"="C:\\RECYCLER\\S-1-5-21-484763869-1614574334-18083462561-100\\msiexec.exe:*:Enabled:Unspecified"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alex\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHAGGGZ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alex
LOGONSERVER=\\SHAGGGZ
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Alex\LOCALS~1\Temp
TMP=C:\DOCUME~1\Alex\LOCALS~1\Temp
USERDOMAIN=SHAGGGZ
USERNAME=Alex
USERPROFILE=C:\Documents and Settings\Alex
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Alex (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
AoA Audio Extractor 1.0 --> "C:\Program Files\AoA Audio Extractor\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Canon PIXMA iP1500 --> C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Exterminate It! --> C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
GTA2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
Half-Life --> "C:\Program Files\Steam\steam.exe" steam://uninstall/70
Half-Life: Blue Shift --> "C:\Program Files\Steam\steam.exe" steam://uninstall/130
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MAME32k (remove only) --> "C:\Program Files\MAME32k\uninst.exe"
Microsoft IntelliPoint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Mouse\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Mouse\Uninstal.dll"
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MissionRisk 3 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\MissionRisk\ST6UNST.LOG"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
On2 VP7 Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Shizmoo Web Games --> C:\Program Files\shizmoo\webgames\uninstall.exe
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoulSeek Client 157 test 12c --> "C:\Program Files\Soulseek-Test\uninstall.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
USB 2.0 Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0AF1483-31AD-4FEB-A961-C9327185439F}\Setup.exe" -l0x9
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebVideo Support --> C:\WINDOWS\lnvegaow.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type11514 / Success
Event Submitted/Written: 08/05/2008 01:02:45 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type11175 / Error
Event Submitted/Written: 07/30/2008 10:52:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.9.0.3105, faulting module npswf32.dll, version 9.0.124.0, fault address 0x001aff55.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3382 / Error
Event Submitted/Written: 08/05/2008 05:45:57 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\DAEMON Tools Pro\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type3381 / Error
Event Submitted/Written: 08/05/2008 05:45:57 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type3380 / Error
Event Submitted/Written: 08/05/2008 05:45:57 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type3379 / Error
Event Submitted/Written: 08/05/2008 05:45:57 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\DAEMON Tools Pro\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type3378 / Error
Event Submitted/Written: 08/05/2008 05:45:57 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2008-08-05 18:46:25 ------------

BC AdBot (Login to Remove)

 


#2 SHaGGGz

SHaGGGz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 05 August 2008 - 10:16 PM

oops, almost forgot my kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 06, 2008 01:38:15
Records in database: 1058727
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 76927
Threat name: 8
Infected objects: 41
Suspicious objects: 0
Duration of the scan: 00:55:27


File name / Threat name / Threats count
C:\WINDOWS\system32\txdsmjlb.dll/C:\WINDOWS\system32\txdsmjlb.dll Infected: Trojan.Win32.Monder.dgj 14
msiexec.exe\msiexec.exe/msiexec.exe\msiexec.exe Infected: Backdoor.Win32.Iroffer.et 1
C:\RECYCLER\S-1-5-21-484763869-1614574334-18083462561-100\msiexec.exe/C:\RECYCLER\S-1-5-21-484763869-1614574334-18083462561-100\msiexec.exe Infected: Backdoor.Win32.Iroffer.et 1
C:\WINDOWS\system32\wgduxs.dll/C:\WINDOWS\system32\wgduxs.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1
C:\WINDOWS\system32\lnpecu.dll/C:\WINDOWS\system32\lnpecu.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 2
C:\Deckard\System Scanner\backup\DOCUME~1\Alex\LOCALS~1\Temp\dssc32.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyWare2008.m 1
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\kb767887[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\89EN4TQJ\kb767887[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\kb456456[1] Infected: Trojan.Win32.Monder.dgj 1
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\JavaUpdate[1].exe Infected: Backdoor.Win32.Iroffer.et 1
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\QX4D8FYD\kb456456[1] Infected: Trojan.Win32.Monder.dgj 1
C:\JavaUpdate.exe Infected: Backdoor.Win32.Iroffer.et 1
C:\Program Files\DAEMON Tools Pro\dtprohlp.dll Infected: not-a-virus:AdTool.Win32.WhenU.u 1
C:\Program Files\Norton AntiVirus\Quarantine\336C5533.exe Infected: Backdoor.Win32.Rbot.aea 1
C:\Program Files\Norton AntiVirus\Quarantine\36B872DB.exe Infected: Trojan-Dropper.Win32.VB.bix 1
C:\Program Files\Norton AntiVirus\Quarantine\3CD908D4.exe Infected: Backdoor.Win32.Rbot.enj 1
C:\Program Files\Norton AntiVirus\Quarantine\424212E0.exe Infected: Backdoor.Win32.Rbot.aea 1
C:\Program Files\Norton AntiVirus\Quarantine\53495FA2.exe Infected: Trojan-Dropper.Win32.VB.bix 1
C:\Program Files\Norton AntiVirus\Quarantine\56D0313B.exe Infected: Trojan-Dropper.Win32.VB.bix 1
C:\Program Files\Norton AntiVirus\Quarantine\6F1A5BDA.exe Infected: Trojan-Dropper.Win32.VB.bix 1
C:\RECYCLER\S-1-5-21-484763869-1614574334-18083462561-100\msiexec.exe Infected: Backdoor.Win32.Iroffer.et 1
C:\WINDOWS\system32\bainhpft.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1
C:\WINDOWS\system32\lnpecu.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1
C:\WINDOWS\system32\rlekcnvo.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1
C:\WINDOWS\system32\ttpquinm.dll Infected: Trojan.Win32.Monder.dgj 1
C:\WINDOWS\system32\txdsmjlb.dll Infected: Trojan.Win32.Monder.dgj 1
C:\WINDOWS\system32\wgduxs.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1

The selected area was scanned.

#3 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 16 August 2008 - 09:06 PM

Hi SHaGGGz, sorry for the delay. If you would still like assistance, please do the following:

First, download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Next


Please download Malwarebytes' Anti-Malware and save it to your Desktop.
Alternate download location
Alternate download location

Double-click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please post that log in your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


In your next response please include the log from MBAM and a new DSS log.

#4 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 21 August 2008 - 07:26 PM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened due to continuation of your original problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin your own topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users