Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Vundo/virtumonde Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 El Espectro

El Espectro

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 12 August 2008 - 03:21 PM

Hello:
Problem started yesterday with popups (usually of "Registry Defender for Windows") and random .DLLs running themselves (on bootup, I get messages telling me the program "software.php" is trying to open, and wants to know what program to use to open it with). McAfee doesn't find anything. Spybot finds Virtumonde, and SUPERAntiSpyware Free finds Vundo. Used Spybot's TeaTimer to block some of the .DLLs, but they kept trying to run until I either allowed them, or my desktop crashed. Also ran Symantec Vundo Removal Tool but it found nothing. Also have SpywareBlaster and Glary Utilities Spyware Removal, neither doing much of anything. Please help!


Deckard's System Scanner v20071014.68
Run by Lee on 2008-08-12 15:59:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-12 20:00:01 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).


-- HijackThis (run as Lee.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:30 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\7ZOH7R97\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goucher.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {9993d1bf-6393-e10b-df64-cc4c7cc356b6} - {6b653cc7-c4cc-46fd-b01e-3936fb1d3999} - C:\WINDOWS\system32\xtxsud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AB57351A-39EC-4C95-A45C-FFEF86BD7204} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {E482A951-26ED-4898-A1EB-09A942D95A52} - C:\WINDOWS\system32\yayxVlJC.dll
O2 - BHO: (no name) - {F24DFA79-FC7C-4D67-A080-738210464F4A} - C:\WINDOWS\system32\urqPHxYp.dll
O2 - BHO: (no name) - {F535D5D0-3B91-4B44-AB74-B5D3B8CF118F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LoadAudio] C:\WINDOWS\snd2d3d.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm238OUUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: rqRKEUKD - C:\WINDOWS\
O20 - Winlogon Notify: ssqrrQgH - ssqrrQgH.dll (file missing)
O20 - Winlogon Notify: yayxVlJC - C:\WINDOWS\SYSTEM32\yayxVlJC.dll
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10126 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel Corporation; SSO Service>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-12 11:21:06 308 --a------ C:\WINDOWS\Tasks\GlaryInitialize.job
2008-08-01 01:00:19 328 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-07-15 01:18:27 336 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-12 11:26:06 34176 -----n--- C:\WINDOWS\system32\geBqPFUK.dll
2008-08-12 10:13:35 0 d-------- C:\Program Files\Trend Micro
2008-08-12 00:39:49 120960 -----n--- C:\WINDOWS\system32\xtxsud.dll
2008-08-12 00:39:49 120960 --a------ C:\WINDOWS\system32\wstyftkt.dll
2008-08-12 00:36:49 98688 --a------ C:\WINDOWS\system32\kunktwbm.dll
2008-08-12 00:34:34 120960 --a------ C:\WINDOWS\system32\sznwye.dll
2008-08-12 00:34:33 120960 --a------ C:\WINDOWS\system32\jxaticju.dll
2008-08-12 00:33:27 1522 --ahs---- C:\WINDOWS\system32\pYxHPqru.ini2
2008-08-12 00:33:21 323328 -----n--- C:\WINDOWS\system32\urqPHxYp.dll
2008-08-12 00:28:18 34176 -----n--- C:\WINDOWS\system32\yayxVlJC.dll
2008-08-12 00:26:03 0 d-------- C:\Program Files\SpywareBlaster
2008-08-11 22:47:19 0 d-------- C:\WINDOWS\CSC
2008-08-11 22:40:16 120960 --a------ C:\WINDOWS\system32\lhvkfx.dll
2008-08-11 22:40:14 120960 --a------ C:\WINDOWS\system32\befhhijp.dll
2008-08-11 22:37:07 532181 --ahs---- C:\WINDOWS\system32\GPWvyyxx.ini2
2008-08-11 22:12:31 0 d-------- C:\VundoFix Backups
2008-08-11 21:13:33 120960 --a------ C:\WINDOWS\system32\bcsxrm.dll
2008-08-11 21:13:31 120960 --a------ C:\WINDOWS\system32\gtcvmsga.dll
2008-08-11 21:13:24 98688 --a------ C:\WINDOWS\system32\ydmrcgpv.dll
2008-08-11 21:12:14 529936 --ahs---- C:\WINDOWS\system32\hgiiPXbc.ini2
2008-08-11 20:06:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-11 20:05:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-11 20:05:48 0 d-------- C:\Documents and Settings\Lee\Application Data\SUPERAntiSpyware.com
2008-08-11 20:05:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 17:28:41 657408 --a------ C:\WINDOWS\is-MPHNR.exe <Not Verified; ; Inno Setup>
2008-08-11 16:35:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-11 14:54:36 120960 --a------ C:\WINDOWS\system32\urbjprne.dll
2008-08-11 14:53:27 3452 --ahs---- C:\WINDOWS\system32\QAKlmnnn.ini2
2008-07-31 18:35:29 0 d-------- C:\WPIR
2008-07-31 16:27:47 0 d-------- C:\Program Files\PopCap Games
2008-07-31 16:26:49 0 d-------- C:\Program Files\Gutterball 2
2008-07-31 16:26:22 0 d-------- C:\Program Files\Battleships
2008-07-31 13:55:07 0 d-------- C:\Program Files\Magic Ball 3
2008-07-31 13:44:30 99328 --a------ C:\WINDOWS\snd2d3d.exe
2008-07-31 13:44:28 0 d-------- C:\Program Files\Magic Ball 2 New Worlds
2008-07-31 13:34:55 0 d-------- C:\Program Files\Magic Ball
2008-07-30 13:49:07 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-07-24 22:23:38 0 d-------- C:\Program Files\Microprose
2008-07-24 22:23:27 0 d-------- C:\Program Files\WarZone
2008-07-23 12:00:27 0 d-------- C:\Program Files\Audacity
2008-07-23 11:45:48 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-13 03:00:48 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-12 17:11:51 0 --a------ C:\Program Files\temp01
2008-07-12 17:11:50 0 d-------- C:\Program Files\bfgclient
2008-07-12 17:05:15 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 17:00:33 0 d-------- C:\Program Files\Empires & Dungeons
2008-07-12 16:52:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 16:51:56 0 d-------- C:\Program Files\Gamenext


-- Find3M Report ---------------------------------------------------------------

2008-08-12 16:00:54 0 d-------- C:\Documents and Settings\Lee\Application Data\uTorrent
2008-08-11 20:05:21 0 d-------- C:\Program Files\Common Files
2008-08-11 19:58:16 27649 --a------ C:\WINDOWS\system32\nvModes.dat
2008-08-11 18:28:18 0 d-------- C:\Program Files\FunWebProducts
2008-08-11 17:44:49 0 d-------- C:\Program Files\Glary Utilities
2008-08-11 17:41:12 0 d-------- C:\Program Files\AVI Codec Pack
2008-08-11 14:41:03 0 d-------- C:\Program Files\McAfee
2008-08-01 13:18:48 33 --a------ C:\WINDOWS\popcinfo.dat
2008-08-01 02:40:48 0 d-------- C:\Documents and Settings\Lee\Application Data\Adobe
2008-07-30 13:49:36 0 d-------- C:\Program Files\Google
2008-07-24 23:21:06 0 d-------- C:\Program Files\Free FLV Converter
2008-07-24 21:10:36 0 d-------- C:\Program Files\Rumble Box
2008-07-23 11:54:03 1028 --a------ C:\Documents and Settings\Lee\Application Data\WavCodec.wff
2008-07-22 21:00:20 0 d-------- C:\Program Files\Platypus
2008-07-21 22:27:25 0 d-------- C:\Program Files\Flip Words
2008-07-11 23:59:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 23:59:09 0 --a------ C:\WINDOWS\PowerReg.dat
2008-07-11 23:57:23 0 d-------- C:\Program Files\Infogrames
2008-07-11 23:53:45 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-11 23:47:53 0 d-------- C:\Documents and Settings\Lee\Application Data\DAEMON Tools
2008-07-11 22:21:52 0 d-------- C:\Documents and Settings\Lee\Application Data\Skype
2008-07-11 21:44:26 0 d-------- C:\Documents and Settings\Lee\Application Data\skypePM
2008-07-11 21:41:05 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-07-11 21:31:30 0 d-------- C:\Program Files\Logitech
2008-07-11 17:54:51 0 d-------- C:\Program Files\directx
2008-07-11 17:34:35 0 d-------- C:\Program Files\BFG
2008-07-11 17:28:41 0 d-------- C:\Program Files\GameHouse
2008-07-11 17:20:25 0 d-------- C:\Program Files\Super Text Twist
2008-07-11 17:20:12 0 d-------- C:\Program Files\ReflexiveArcade
2008-07-08 10:47:43 0 d-------- C:\Documents and Settings\Lee\Application Data\GlarySoft
2008-07-07 22:30:25 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-29 21:24:11 0 d-------- C:\Program Files\GlobalConquest
2008-06-29 21:19:51 0 d-------- C:\Program Files\pdf995
2008-06-29 21:18:57 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-06-29 21:18:57 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-06-29 21:08:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-29 14:51:57 0 d-------- C:\Program Files\Darkstar One
2008-06-28 16:35:42 0 d-------- C:\Program Files\MSXML 4.0
2008-06-28 01:46:26 0 d-------- C:\Documents and Settings\Lee\Application Data\DivX
2008-06-27 23:16:43 0 d-------- C:\Program Files\DivX
2008-06-27 23:03:42 0 d-------- C:\Program Files\Xvid
2008-06-27 22:12:30 0 d-------- C:\Program Files\RocketDock
2008-06-27 21:53:28 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-27 21:50:29 0 d-------- C:\Program Files\McAfee.com
2008-06-27 21:05:45 0 d-------- C:\Program Files\MyWebSearch
2008-06-27 21:05:41 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-06-27 20:45:12 0 d-------- C:\Program Files\Microsoft Works
2008-06-27 20:44:45 0 d-------- C:\Program Files\Microsoft.NET
2008-06-27 20:35:28 130493 --a------ C:\WINDOWS\HPHins13.dat
2008-06-27 20:35:23 0 d-------- C:\Program Files\UnH Solutions
2008-06-27 20:34:17 0 d-------- C:\Documents and Settings\Lee\Application Data\HP
2008-06-27 20:33:25 0 d-------- C:\Program Files\HP
2008-06-27 20:32:32 0 d-------- C:\Program Files\Common Files\HP
2008-06-27 20:11:53 0 --a------ C:\WINDOWS\system32\MSVolume.dll
2008-06-27 20:06:36 0 d-------- C:\Documents and Settings\Lee\Application Data\Sony Corporation
2008-06-27 20:06:20 0 d-------- C:\Program Files\CyberLink
2008-06-27 20:04:09 0 d-------- C:\Documents and Settings\Lee\Application Data\NCH Swift Sound
2008-06-27 20:04:00 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-27 19:22:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-27 19:11:23 0 d-------- C:\Program Files\MSBuild
2008-06-27 19:06:03 0 d-------- C:\Program Files\Reference Assemblies
2008-06-27 18:50:30 0 d-------- C:\Program Files\Power Tab Software
2008-06-27 18:49:15 0 d-------- C:\Documents and Settings\Lee\Application Data\WinRAR
2008-06-27 18:41:05 0 d-------- C:\Program Files\uTorrent
2008-06-27 18:37:08 0 d-------- C:\Program Files\Sony
2008-06-27 18:35:58 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-27 18:35:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-27 16:56:10 0 d-------- C:\Program Files\Defraggler
2008-06-27 16:50:33 0 d-------- C:\Documents and Settings\Lee\Application Data\acccore
2008-06-27 16:34:09 0 d-------- C:\Program Files\MSXML 6.0
2008-06-27 16:33:43 0 d-------- C:\Documents and Settings\Lee\Application Data\Google
2008-06-27 16:20:04 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-27 16:16:45 0 d-------- C:\Program Files\AIM6
2008-06-27 16:16:44 0 d-------- C:\Program Files\Viewpoint
2008-06-27 16:16:39 0 d-------- C:\Program Files\Skype
2008-06-27 16:16:32 0 d-------- C:\Program Files\Common Files\Skype
2008-06-27 16:15:43 0 d-------- C:\Program Files\Common Files\AOL
2008-06-27 15:42:29 0 d-------- C:\Program Files\Messenger
2008-06-27 15:28:46 0 d-------- C:\Program Files\O2Micro OZ776 SCR Driver
2008-06-27 15:17:28 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-06-27 15:15:42 0 d-------- C:\Documents and Settings\Lee\Application Data\Intel
2008-06-27 15:13:07 0 d-------- C:\Program Files\Apoint
2008-06-27 14:51:21 0 d-------- C:\Program Files\Broadcom
2008-06-27 14:28:20 0 d-------- C:\Program Files\CONEXANT
2008-06-27 14:28:08 0 d-------- C:\Program Files\Intel
2008-06-27 14:27:27 0 d-------- C:\Program Files\SigmaTel
2008-06-27 14:25:42 0 d-------- C:\Program Files\Dell
2008-06-27 14:20:20 0 d-------- C:\Documents and Settings\Lee\Application Data\InstallShield
2008-06-27 14:17:15 0 d-------- C:\Documents and Settings\Lee\Application Data\Macromedia
2008-06-27 14:14:18 0 d-------- C:\Program Files\Citrix
2008-06-27 14:04:35 0 d-------- C:\Documents and Settings\Lee\Application Data\Identities
2008-06-27 13:59:43 0 d-------- C:\Program Files\microsoft frontpage
2008-06-27 13:59:03 0 -rahs---- C:\MSDOS.SYS
2008-06-27 13:59:03 0 -rahs---- C:\IO.SYS
2008-06-27 13:59:03 0 --a------ C:\CONFIG.SYS
2008-06-27 13:59:03 0 --a------ C:\AUTOEXEC.BAT
2008-06-27 13:57:49 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-27 13:56:57 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-27 13:56:47 0 d-------- C:\Program Files\Movie Maker
2008-06-27 13:55:54 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-27 13:55:31 0 d-------- C:\Program Files\Online Services
2008-06-27 13:55:21 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-27 13:55:13 0 d-------- C:\Program Files\Windows NT
2008-06-27 09:48:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-27 09:48:38 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-27 09:48:11 62 --ahs---- C:\Documents and Settings\Lee\Application Data\desktop.ini
2008-06-13 01:00:08 225280 --a------ C:\WINDOWS\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-06-04 18:42:54 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-04 18:42:54 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-04 18:42:54 9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-06-04 18:42:54 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-04 18:42:54 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b653cc7-c4cc-46fd-b01e-3936fb1d3999}]
08/12/2008 12:39 AM 120960 --------- C:\WINDOWS\system32\xtxsud.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB57351A-39EC-4C95-A45C-FFEF86BD7204}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E482A951-26ED-4898-A1EB-09A942D95A52}]
08/12/2008 12:28 AM 34176 --------- C:\WINDOWS\system32\yayxVlJC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F24DFA79-FC7C-4D67-A080-738210464F4A}]
08/12/2008 12:33 AM 323328 --------- C:\WINDOWS\system32\urqPHxYp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F535D5D0-3B91-4B44-AB74-B5D3B8CF118F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 02:13 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 02:18 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 02:13 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/22/2008 05:46 AM]
"nwiz"="nwiz.exe" [02/22/2008 05:46 AM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [02/22/2008 05:46 AM C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/22/2008 05:46 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/08/2007 01:12 AM]
"LoadAudio"="C:\WINDOWS\snd2d3d.exe" [10/27/2007 10:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/27/2008 04:31 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
"{E482A951-26ED-4898-A1EB-09A942D95A52}"= C:\WINDOWS\system32\yayxVlJC.dll [08/12/2008 12:28 AM 34176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 06/27/2008 02:14 PM 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKEUKD]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrrQgH]
ssqrrQgH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxVlJC]
yayxVlJC.dll 08/12/2008 12:28 AM 34176 C:\WINDOWS\system32\yayxVlJC.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqPHxYp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8972 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-12 16:02:42 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 1022.05 MiB / 242.09 MiB
Pagefile Memory (total/avail): 2458.86 MiB / 1618.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.43 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 47.19 GiB free.
D: is CDROM (CDFS)
E: is Fixed (FAT32) - 93.13 GiB total, 17.76 GiB free.
F: is CDROM (No Media)
G: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST980825AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE2 - SONY ATRAC HDD PA USB Device - 18.62 GiB - 1 partition
\PARTITION0 - Unknown - 18.63 GiB - G:

\\.\PHYSICALDRIVE1 - ST910082 4A USB Device - 93.16 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 93.15 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lee\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GOUCHER-61C6B7F
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lee
LOGONSERVER=\\GOUCHER-61C6B7F
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Lee\LOCALS~1\Temp
TMP=C:\DOCUME~1\Lee\LOCALS~1\Temp
USERDOMAIN=GOUCHER-61C6B7F
USERNAME=Lee
USERPROFILE=C:\Documents and Settings\Lee
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Lee (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
battleshipsv1.11 --> "C:\Program Files\Battleships\unins000.exe"
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
BookWorm Deluxe 1.02 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Darkstar One --> "C:\Program Files\Darkstar One\unins000.exe"
Defraggler (remove only) --> "C:\Program Files\Defraggler\uninst.exe"
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Deus Ex --> C:\DeusEx\System\Setup.exe uninstall "Deus Ex"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Empires & Dungeons (remove only) --> C:\Program Files\Empires & Dungeons\Uninstall.exe
Flash Saving Plugin --> "C:\Program Files\UnH Solutions\Flash Saving Plugin\unins000.exe"
Flip Words --> "C:\Program Files\Flip Words\unins000.exe"
Free FLV Converter V 5.0 --> "C:\Program Files\Free FLV Converter\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Glary Utilities 2.6 --> "C:\Program Files\Glary Utilities\unins000.exe"
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.514 --> C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Gutterball 2 --> "C:\Program Files\Gutterball 2\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Deskjet 8.0 Software --> C:\Program Files\HP\Digital Imaging\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}\setup\hpzscr01.exe -datfile hphscr13.dat -showdisconnect -forcereboot
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Insaniquarium Deluxe --> C:\PROGRA~1\GAMEHO~1\INSANI~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\INSANI~1\INSTALL.LOG
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Line of Sight - Vietnam --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{D9518C0C-3263-4882-93D6-B0F3935BED6B}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic Ball --> "C:\Program Files\Magic Ball\unins000.exe"
Magic Ball 2 New Worlds --> "C:\Program Files\Magic Ball 2 New Worlds\unins000.exe"
Magic Ball 3 --> "C:\Program Files\Magic Ball 3\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OZ776 SCR Driver V1.1.4.202 --> "C:\Program Files\InstallShield Installation Information\{EDC2B89F-3F72-48EA-B63E-985BC51622E4}\setup.exe" -runfromtemp -l0x0409 -removeonly
OZ776 SCR Driver V1.1.4.202 --> MsiExec.exe /X{EDC2B89F-3F72-48EA-B63E-985BC51622E4}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
Platypus --> "C:\Program Files\Platypus\unins000.exe"
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Risk WarZone Client --> C:\PROGRA~1\WarZone\UNWISE.EXE C:\PROGRA~1\WarZone\INSTALL.LOG
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Rumble Box --> C:\Program Files\Rumble Box\uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Super Text Twist --> "C:\Program Files\Super Text Twist\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SWF Opener --> "C:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WarZone Client --> C:\PROGRA~1\WarZone\UNWISE.EXE C:\PROGRA~1\WarZone\INSTALL.LOG
WavePad Sound Editor --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type812 / Error
Event Submitted/Written: 08/12/2008 00:34:56 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.6.0.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type793 / Error
Event Submitted/Written: 08/11/2008 10:36:13 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.6.0.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type779 / Error
Event Submitted/Written: 08/11/2008 10:03:49 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.6.0.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type765 / Warning
Event Submitted/Written: 08/11/2008 09:33:45 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type749 / Error
Event Submitted/Written: 08/11/2008 08:03:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2427 / Warning
Event Submitted/Written: 08/12/2008 03:42:23 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2426 / Warning
Event Submitted/Written: 08/12/2008 02:44:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2425 / Warning
Event Submitted/Written: 08/12/2008 02:16:56 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2421 / Error
Event Submitted/Written: 08/12/2008 02:10:21 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2418 / Warning
Event Submitted/Written: 08/12/2008 02:01:35 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-08-12 16:02:42 ------------

BC AdBot (Login to Remove)

 


#2 El Espectro

El Espectro
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 12 August 2008 - 03:23 PM

Also, I think the source may have been an accidental installation of "Search and Destroy," a fake malware scanner/remover.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:36 PM

Posted 19 August 2008 - 12:01 AM

Hello El Espectro,

Sorry for the delay. We have many logs backed up.


Please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 19 August 2008 - 12:02 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:36 PM

Posted 27 August 2008 - 11:49 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users