Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Remove Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Buggie

Buggie

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA :]
  • Local time:02:05 AM

Posted 10 August 2008 - 02:42 PM

Hi there! I recently scanned my computer using AVG7 and it was apparently unable to remove some unwanted malware..I'm hoping someone here will be able to help me clean up all the malware in my computer ^__^

My logs:

Deckard's System Scanner v20071014.68
Run by Julie on 2008-08-10 15:25:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-08-10 19:25:38 UTC - RP186 - Deckard's System Scanner Restore Point
15: 2008-08-10 18:39:06 UTC - RP185 - System Checkpoint
14: 2008-08-09 18:36:44 UTC - RP184 - System Checkpoint
13: 2008-08-08 15:50:07 UTC - RP183 - Installed Java™ 6 Update 7
12: 2008-08-07 20:14:12 UTC - RP182 - System Checkpoint


-- First Restore Point --
1: 2008-07-06 02:45:27 UTC - RP171 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive D: has 11.04 GiB (less than 15%) free.


-- HijackThis (run as Julie.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:01 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\DllHost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Bluetooth Mouse\MulMouse.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Documents and Settings\Julie\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Julie.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\logonui.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 89.149.226.178 wiki.d-addicts.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PHIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "D:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Grid Service] "D:\Program Files\GridService\peer.exe" -n Grid
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2000478354-1645522239-725345543-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Andy')
O4 - HKUS\S-1-5-21-2000478354-1645522239-725345543-1004\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'Andy')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Mouse.lnk = C:\Program Files\Bluetooth Mouse\MulMouse.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163108801185
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163108789747
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

--
End of file - 10872 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - d:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 NOWMEMDF - d:\windows\system32\nowmemdf.sys <Not Verified; ©NOWCOM; Nowcom Memory Defender>
R3 Pcouffin (Low level access layer for CD devices) - d:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Hands-free Audio
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000
Manufacturer: Broadcom
Name: Bluetooth Hands-free Audio
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000
Service: btaudio


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-09 20:13:05 0 dr-h----- D:\Documents and Settings\Julie\Recent
2008-08-09 18:14:12 0 d-------- D:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-08-09 18:14:07 0 d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 18:14:07 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 12:48:24 0 d-------- D:\Program Files\Internet Download Manager
2008-08-09 11:33:27 0 d-------- D:\Documents and Settings\Julie\Application Data\IDM
2008-08-08 12:17:57 0 d-------- D:\WINDOWS\pss
2008-08-07 13:35:48 0 dr-h----- D:\Documents and Settings\Amy\Recent
2008-07-23 18:09:09 0 d-------- D:\Documents and Settings\Anna\Application Data\WinRAR
2008-07-23 17:10:55 0 d-------- D:\Program Files\BitPim
2008-07-23 16:47:11 0 d-------- D:\Documents and Settings\Anna\Application Data\Logitech


-- Find3M Report ---------------------------------------------------------------

2008-08-10 10:54:18 0 d-------- D:\Documents and Settings\Julie\Application Data\DMCache
2008-08-09 18:13:51 0 d-------- D:\Program Files\Common Files\Download Manager
2008-08-09 13:23:56 0 d-------- D:\Program Files\AllToAVI
2008-08-08 11:52:02 0 d-------- D:\Program Files\Java
2008-08-07 20:56:23 0 d-------- D:\Documents and Settings\Julie\Application Data\Hamachi
2008-08-07 20:44:19 0 d-------- D:\Program Files\Warcraft III
2008-08-07 18:35:02 88407 --a------ D:\WINDOWS\War3Unin.dat
2008-07-08 01:03:07 81408 -r-hs---- D:\WINDOWS\system32\kxvo1.dll
2008-07-03 21:45:28 0 d-------- D:\Program Files\Dragon IPTV StarCast
2008-07-03 20:10:45 0 d-------- D:\Program Files\RaySource
2008-07-03 20:10:41 0 d-------- D:\Program Files\GridService
2008-07-03 05:07:48 0 d-------- D:\Documents and Settings\Julie\Application Data\Skype
2008-06-20 13:16:31 124712 -r-hs---- D:\6tkoyhx.cmd
2008-06-19 14:31:40 123502 -r-hs---- D:\0tmhoc.cmd
2008-06-16 20:51:18 0 d-------- D:\Documents and Settings\Julie\Application Data\Logitech
2008-06-16 20:51:03 0 d-------- D:\Program Files\Common Files
2008-06-16 20:51:03 0 d-------- D:\Program Files\Common Files\LogiShrd
2008-06-16 20:50:39 0 d-------- D:\Program Files\Logitech
2008-06-16 20:50:37 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-06-16 20:48:51 0 d-------- D:\Program Files\Common Files\Logitech
2008-06-16 20:48:12 0 d-------- D:\Program Files\Common Files\InstallShield
2008-06-03 02:21:33 85664 --a------ D:\Documents and Settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2008-05-26 17:21:18 2239 --a------ D:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:31 AM]
"IMEKRMIG6.1"="D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [06/25/2002 05:39 PM]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 09:09 AM]
"PHIMETIPSYNC"="D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.exe" [07/14/2003 06:57 AM]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [10/06/2003 03:16 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [01/23/2007 03:44 PM D:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [01/12/2007 03:09 AM]
"LVCOMSX"="D:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [01/12/2007 03:12 AM]
"Grid Service"="D:\Program Files\GridService\peer.exe" [12/14/2007 04:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"IDMan"="D:\Program Files\Internet Download Manager\IDMan.exe" [08/09/2008 12:49 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

D:\Documents and Settings\Julie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Mouse.lnk - C:\Program Files\Bluetooth Mouse\MulMouse.exe [11/24/2007 1:20:11 AM]
Bluetooth.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2/27/2007 6:43:30 PM]
Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [6/16/2008 8:50:45 PM]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [6/16/2008 8:48:45 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{040817d0-3273-11dd-9b6d-0007e9afc561}]
AutoRun\command- G:\kdy.cmd
explore\Command- G:\kdy.cmd
open\Command- G:\kdy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2977ee37-80b8-11db-99f0-0007e9afc561}]
AutoRun\command- G:\eb9ehyh.exe
explore\Command- G:\eb9ehyh.exe
open\Command- G:\eb9ehyh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{484c06a5-6fb4-11db-99da-0007e9afc561}]
AutoRun\command- G:\eb9ehyh.exe
explore\Command- G:\eb9ehyh.exe
open\Command- G:\eb9ehyh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{937a875f-4da2-11dc-9a40-0007e9afc561}]
AutoRun\command- G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ad8df5-6f72-11db-8b91-806d6172696f}]
AutoRun\command- eb9ehyh.exe
explore\Command- eb9ehyh.exe
open\Command- eb9ehyh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ad8df6-6f72-11db-8b91-806d6172696f}]
AutoRun\command- eb9ehyh.exe
explore\Command- eb9ehyh.exe
open\Command- eb9ehyh.exe




-- Hosts -----------------------------------------------------------------------

127.255.255.255 serial.alcohol-soft.com
127.255.255.255 www.alcohol-soft.com
127.255.255.255 images.alcohol-soft.com
127.255.255.255 195.137.236.101
89.149.226.178 wiki.d-addicts.com


-- End of Deckard's System Scanner: finished at 2008-08-10 15:28:04 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023 MiB / 554.97 MiB
Pagefile Memory (total/avail): 2463.6 MiB / 2085.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.24 GiB total, 18.26 GiB free.
D: is Fixed (NTFS) - 127.99 GiB total, 10.98 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.24 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD1600BB-00HTA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\AIM\\aim.exe"="D:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\WINDOWS\\system32\\FSCAgent.exe"="D:\\WINDOWS\\system32\\FSCAgent.exe:*:Enabled:???? ???? ??"
"D:\\WINDOWS\\system32\\ClubBox.exe"="D:\\WINDOWS\\system32\\ClubBox.exe:*:Enabled:瀣反国胶 驿囡帱见 包府帔"
"D:\\WINDOWS\\system32\\grdmgr.exe"="D:\\WINDOWS\\system32\\grdmgr.exe:*:Enabled:CDN ???? ??"
"D:\\Documents and Settings\\Julie\\Desktop\\ClubBox.exe"="D:\\Documents and Settings\\Julie\\Desktop\\ClubBox.exe:*:Enabled:CLUBBOX File Transfer Manager V2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"="D:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Program Files\\Last.fm\\LastFM.exe"="D:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"D:\\Program Files\\CC File Transfer\\ccfiletransfer.exe"="D:\\Program Files\\CC File Transfer\\ccfiletransfer.exe:*:Enabled:CCFileTransfer"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="D:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\xchat\\xchat.exe"="D:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe"="C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe:*:Enabled:GOGOBOX????Daemon"
"D:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"="D:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe:*:Enabled:gogobox???????"
"D:\\Program Files\\NextLink\\GOGOBOX\\GFSCAgent.exe"="D:\\Program Files\\NextLink\\GOGOBOX\\GFSCAgent.exe:*:Enabled:gogobox????daemon(????)"
"D:\\Program Files\\PPLive\\PPLive.exe"="D:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\WINDOWS\\system32\\ftp.exe"="D:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Protocol"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Julie\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=CHI-74CPI7FEFWR
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Julie
LOGONSERVER=\\CHI-74CPI7FEFWR
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\system32\WBEM;D:\Program Files\Common Files\Adobe\AGL;D:\PROGRA~1\Lucky;D:\Program Files\Common Files\GTK\2.0\bin;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Julie\LOCALS~1\Temp
TMP=D:\DOCUME~1\Julie\LOCALS~1\Temp
USERDOMAIN=CHI-74CPI7FEFWR
USERNAME=Julie
USERPROFILE=D:\Documents and Settings\Julie
windir=D:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Andy (admin)
Amy (admin)
Anna (admin)
Julie (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> D:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> D:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
???????? 2003 --> MsiExec.exe /I{F282D708-D8A3-48B4-ACF3-77B3C33D0DE7}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 -->
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Reader Korean Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-7E8A45000001}
Adobe Shockwave Player --> D:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AllToAVI v4 r5394 --> D:\Program Files\AllToAVI\uninst.exe
AOL Instant Messenger --> D:\Program Files\AIM\uninstll.exe -LOG= D:\Program Files\AIM\install.log -OEM=
Apophysis 2.0 --> "D:\Program Files\Apophysis 2.0\uninstall.exe"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Audacity 1.2.6 --> "D:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> D:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AviSynth 2.5 --> "D:\Program Files\AviSynth 2.5\Uninstall.exe"
BitPim 1.0.5 --> "D:\Program Files\BitPim\unins000.exe"
Bluetooth Mouse 1.00.02 (Build 1000) --> D:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Bluetooth Mouse\uninst.isu" -c"C:\Program Files\Bluetooth Mouse\UnInst.dll"
BSPlayer --> "D:\Program Files\Webteh\BSplayer\uninstall.exe"
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Clubbox 颇老傈价包府磊 --> D:\WINDOWS\system32\ClubboxUninstall.exe
Color7 Video Studio Trial Version (English) 7.9.0.6 --> "D:\Program Files\Color7 Video Studio\unins000.exe"
Cool MP3 Splitter 2.2 --> "D:\Program Files\Cool MP3 Splitter\unins000.exe"
Dell Digital Jukebox Driver --> D:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell DJ Explorer --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
Dell ResourceCD --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivXLand Media Subtitler --> D:\WINDOWS\unvise32.exe D:\Program Files\Media Subtitler\uninstal.log
Dragon IPTV StarCast 2.2.5 --> D:\Program Files\Dragon IPTV StarCast\uninst.exe
DVD Shrink 3.2 --> "D:\Program Files\DVD Shrink\unins000.exe"
FlashGet(JetCar) --> D:\PROGRA~1\FlashGet\UNWISE.EXE D:\PROGRA~1\FlashGet\INSTALL.LOG
Free Video to Mp3 Converter version 2.5 --> "D:\Program Files\DVDVIDEOSOFT\Free Video to Mp3 Converter\unins000.exe"
Geniesoft Overture v4.1.0.1 --> "D:\Program Files\GenieSoft\Overture 4.1\Uninstall\unins000.exe"
GOGOBOX郎肚癳恨瞶 --> D:\Program Files\NextLink\GOGOBOX\GOGOBOXUninstall.exe
GTK+ 2.6.9 runtime environment --> "D:\Program Files\Common Files\GTK\2.0\unins000.exe"
Hamachi 1.0.2.5 --> D:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "D:\Program Files\ImgBurn\uninstall.exe"
ImTOO 3GP Video Converter --> D:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Internet Download Manager --> D:\Program Files\Internet Download Manager\Uninstall.exe
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.9.0 Full --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
KKBOX --> D:\WINDOWS\iun6002.exe "D:\Program Files\KKBOX\irunin.ini"
Logitech Communications Manager --> MsiExec.exe /I{BD202930-5F70-4B35-B875-1E28604F328D}
Logitech Desktop Messenger --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mega Manager --> D:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "D:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Mozilla Firefox (2.0.0.16) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> D:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Noiseware Professional Plug-in --> MsiExec.exe /I{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}
NVIDIA Display Driver --> D:\WINDOWS\System32\nvudisp.exe Uninstall D:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe D:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RaySource 2.0.10.7348 --> D:\Program Files\RaySource\uninst.exe
RealPlayer --> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
sabbu 0.3.1-BETA9 --> "D:\Program Files\sabbu\unins000.exe"
Sandlot Games Client Services --> "D:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Skype 3.0 --> "D:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SubRip 1.17.1 (remove only) --> "D:\Program Files\SubRip\Uninstall.exe"
TMPGEnc DVD Author 1.6 --> MsiExec.exe /I{9CD89DD7-234A-4801-9D87-3DE352E146A0}
VobSub v2.23 (Remove Only) --> "D:\Program Files\Gabest\VobSub\uninstall.exe"
Warcraft III: All Products --> D:\WINDOWS\War3Unin.exe D:\WINDOWS\War3Unin.dat
WebFldrs XP -->
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Win AVI HelixSDK --> "D:\Program Files\WinAVIVideoConverter\HelixSDK\unins000.exe"
Winamp --> "D:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter --> "D:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Driver Package - Broadcom (BTWUSB) BTW (12/19/2006 5.1.0.2900) --> D:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u D:\WINDOWS\system32\DRVSTORE\btwusb_376BF3743D44DDC2E0168FC9462304393B565C24\btwusb.inf
Windows Driver Package - WayTech (Si670m) BTW (04/11/2007 1.0) --> D:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u D:\WINDOWS\system32\DRVSTORE\flter2k_1AE52A472F87737815E896B0FFF08D7692D5E27F\flter2k.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6326 / Success
Event Submitted/Written: 08/09/2008 06:53:14 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6312 / Success
Event Submitted/Written: 08/09/2008 01:37:31 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6307 / Error
Event Submitted/Written: 08/09/2008 00:38:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.4669, faulting module unknown, version 0.0.0.0, fault address 0x03c6a7fe.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type6302 / Error
Event Submitted/Written: 08/09/2008 11:52:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.4669, faulting module nppl3260.dll, version 6.0.12.46, fault address 0x000054bb.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type6299 / Error
Event Submitted/Written: 08/09/2008 11:51:13 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 845050250.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7706315 / Warning
Event Submitted/Written: 08/10/2008 03:17:32 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type7706310 / Warning
Event Submitted/Written: 08/10/2008 03:16:36 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type7706309 / Warning
Event Submitted/Written: 08/10/2008 11:52:17 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0007E9AFC561. The IP address being used is 169.254.160.19.

Event Record #/Type7706307 / Error
Event Submitted/Written: 08/10/2008 11:51:16 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.11 on the
Network Card with network address 0007E9AFC561.

Event Record #/Type7706306 / Warning
Event Submitted/Written: 08/10/2008 11:51:16 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0007E9AFC561. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-08-10 15:28:04 ------------



THANKYOU!

my name is juliee.
let's be awkward friends
^__^


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:05 PM

Posted 19 August 2008 - 09:45 AM

Hello, Buggie.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search area select Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Uninstall List
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:05 PM

Posted 22 August 2008 - 08:57 AM

Hello, Buggie.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users