PDA

View Full Version : another virtumonde victim



willard419
2008-05-13, 22:31
Hello here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:04 AM, on 5/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2std.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Gigabyte\Gigabyte WI01GS Wireless Mini PCI Adapter\Installer\WIN2K\GNConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Grisoft\AVG7\avgwa.dat
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\Windows\system32\iiffDSKE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99FECBB6-8A01-4E06-9184-9A7C52A3F59C} - C:\Windows\system32\pmnkKccd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {3802c435-284c-9f1b-d094-354a45580bbf} - {fbb08554-a453-490d-b1f9-c482534c2083} - C:\Windows\system32\vunulnic.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iiffDSKE.dll,#1
O4 - HKLM\..\Run: [BM7b3d8346] Rundll32.exe "C:\Windows\system32\oceomera.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8916] command /c del "C:\Windows\System32\pmnkKccd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7541] cmd /c del "C:\Windows\System32\pmnkKccd.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [SpybotDeletingB1859] command /c del "C:\Windows\System32\pmnkKccd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7191] cmd /c del "C:\Windows\System32\pmnkKccd.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: GN-WI01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WI01GS Wireless Mini PCI Adapter\Installer\WIN2K\GNConfig.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\Windows\system32\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12409 bytes

Shaba
2008-05-14, 12:08
Hi willard419

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.

Post:

- dss logs
- mbam report

willard419
2008-05-14, 22:24
Deckard's System Scanner v20071014.68
Run by Willard on 2008-05-14 11:09:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-05-13 21:33:27 UTC - RP323 - Scheduled Checkpoint
2: 2008-05-13 08:00:00 UTC - RP322 - Scheduled Checkpoint
1: 2008-05-12 14:13:40 UTC - RP321 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Willard.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:59 AM, on 5/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gigabyte\Gigabyte WI01GS Wireless Mini PCI Adapter\Installer\WIN2K\GNConfig.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
D:\New Folder\stuff\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Willard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {3802c435-284c-9f1b-d094-354a45580bbf} - {fbb08554-a453-490d-b1f9-c482534c2083} - C:\Windows\system32\vunulnic.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: GN-WI01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WI01GS Wireless Mini PCI Adapter\Installer\WIN2K\GNConfig.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\Windows\system32\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9572 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 pgfilter - \??\c:\program files\peerguardian2\pgfilter.sys
S3 TVICHW32 - \??\c:\windows\system32\drivers\tvichw32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 O2Flash (O2Micro Flash Memory) - c:\windows\system32\o2flash.exe
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 11:02:11 442 --a------ C:\Windows\Tasks\RegCure Program Check.job
2008-05-08 10:13:19 376 --a------ C:\Windows\Tasks\RegCure.job


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 03:18:10 124416 -----n--- C:\Windows\system32\jvpgepst.dll
2008-05-14 03:12:59 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-14 03:12:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-13 21:43:14 123456 --a------ C:\Windows\system32\bageakbb.dll
2008-05-13 21:36:31 57344 -----n--- C:\Windows\system32\geBQJaWp.dll
2008-05-13 11:59:51 114176 -----n--- C:\Windows\system32\qxqpbrha.dll
2008-05-13 11:13:25 0 d-------- C:\Program Files\Trend Micro
2008-05-13 03:24:27 131584 --a------ C:\Windows\system32\vunulnic.dll
2008-05-13 03:18:27 125952 --a------ C:\Windows\system32\oceomera.dll
2008-05-12 06:12:38 371712 -----n--- C:\Windows\system32\pmnkKccd.dll
2008-05-10 14:02:47 0 d-------- C:\Users\All Users\PC Suite
2008-05-10 14:02:05 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-10 14:02:05 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-10 14:01:14 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-10 14:00:07 0 d-------- C:\Program Files\Nokia
2008-05-10 13:59:11 0 d-------- C:\Users\All Users\Installations
2008-05-05 12:47:00 0 d-------- C:\Program Files\RegCure
2008-05-02 13:00:49 69632 --a------ C:\Windows\system32\xmltok.dll
2008-05-02 13:00:49 36864 --a------ C:\Windows\system32\xmlparse.dll
2008-05-02 13:00:48 0 d-------- C:\Program Files\Ubi Soft
2008-05-01 15:04:33 0 -rahs---- C:\MSDOS.SYS
2008-05-01 15:04:33 0 -rahs---- C:\IO.SYS
2008-05-01 14:17:43 0 d-------- C:\Windows\system32\Futuremark
2008-05-01 14:17:43 3972 -----n--- C:\Windows\system32\drivers\PciBus.sys
2008-05-01 14:16:41 0 d-------- C:\Program Files\Futuremark
2008-05-01 14:08:03 0 d-------- C:\Program Files\EA GAMES
2008-04-22 01:41:00 0 d-------- C:\Users\All Users\Gamespot
2008-04-22 01:41:00 0 d-------- C:\Program Files\GameSpot
2008-04-21 12:48:27 201728 --a------ C:\Windows\system32\GT_ScreenSaver_01_02.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-04-21 12:48:26 0 d-------- C:\Windows\system32\GT_ScreenSaver_01_02 dir
2008-04-21 03:04:25 0 d-------- C:\Windows\vbSkinner
2008-04-21 03:04:18 0 d-------- C:\Program Files\PFConfig
2008-04-20 22:36:46 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-20 14:47:36 0 d-------- C:\Program Files\Apple Software Update
2008-04-16 15:25:45 0 d-------- C:\Program Files\DreamCatcher
2008-04-16 15:24:13 90112 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-04-15 18:11:01 0 d-------- C:\Windows\system32\xlive
2008-04-15 17:44:59 0 d-------- C:\Users\All Users\Microsoft Games
2008-04-14 20:27:03 0 dr-h----- C:\$VAULT$.AVG
2008-04-14 17:02:55 0 d-------- C:\Users\All Users\Grisoft
2008-04-14 17:02:55 0 d-------- C:\Users\All Users\avg7
2008-04-14 02:28:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-14 02:17:19 0 d-------- C:\Program Files\CCleaner
2008-04-14 02:00:50 223831578 --a------ C:\SYM_REGISTRY_BACKUP.reg


-- Find3M Report ---------------------------------------------------------------

2008-05-14 11:04:05 0 d-------- C:\Users\Willard\AppData\Roaming\Skype
2008-05-14 11:03:35 41194 --a------ C:\Users\Willard\AppData\Roaming\nvModes.001
2008-05-14 03:13:49 0 d-------- C:\Users\Willard\AppData\Roaming\Malwarebytes
2008-05-14 00:06:56 0 d-------- C:\Users\Willard\AppData\Roaming\skypePM
2008-05-13 02:37:45 41194 --a------ C:\Users\Willard\AppData\Roaming\nvModes.dat
2008-05-12 04:23:27 0 d-------- C:\Users\Willard\AppData\Roaming\AVG7
2008-05-10 15:03:32 0 d-------- C:\Users\Willard\AppData\Roaming\Nokia
2008-05-10 15:03:32 1699131 --a------ C:\Users\Willard\AppData\Roaming\NMM-MetaData.db
2008-05-10 14:02:48 0 d-------- C:\Users\Willard\AppData\Roaming\PC Suite
2008-05-10 14:02:05 0 d-------- C:\Program Files\Common Files
2008-05-10 14:01:53 0 d-------- C:\Program Files\DIFX
2008-05-05 13:01:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-28 17:36:31 16 --a------ C:\Windows\popcinfo.dat
2008-04-26 15:14:32 0 d-------- C:\Program Files\Common Files\Steam
2008-04-22 01:41:00 6965 --a------ C:\Program Files\install.log
2008-04-21 02:41:43 0 d-------- C:\Program Files\BitComet
2008-04-15 17:44:15 0 d-------- C:\Users\Willard\AppData\Roaming\Microsoft Game Studios
2008-04-15 16:47:54 0 d-------- C:\Program Files\GameSpy Arcade
2008-04-13 23:33:48 0 d-------- C:\Users\Willard\AppData\Roaming\Adobe
2008-04-13 23:33:45 0 d-------- C:\Program Files\Adobe Media Player
2008-04-13 23:33:43 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-12 17:00:05 89712 --ah----- C:\Windows\system32\mlfcache.dat
2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-09 11:42:01 0 d-------- C:\Program Files\Windows Mail
2008-04-08 15:33:11 831 --a------ C:\Windows\eReg.dat
2008-04-08 15:01:11 0 d-------- C:\Program Files\Creative
2008-04-07 00:22:18 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-04 14:19:07 2560 --a------ C:\Windows\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-04-04 03:20:05 0 d-------- C:\Program Files\iTunes
2008-04-04 03:20:00 0 d-------- C:\Program Files\iPod
2008-04-04 03:19:16 0 d-------- C:\Program Files\QuickTime
2008-03-31 15:03:10 174 --ahs---- C:\Program Files\desktop.ini
2008-03-31 14:54:47 0 d-------- C:\Program Files\Windows Sidebar
2008-03-31 14:54:47 0 d-------- C:\Program Files\Windows Calendar
2008-03-31 14:54:47 0 d-------- C:\Program Files\Movie Maker
2008-03-31 14:54:45 0 d-------- C:\Program Files\Windows Collaboration
2008-03-31 14:54:44 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-31 14:54:44 0 d-------- C:\Program Files\Windows Journal
2008-03-31 14:54:40 0 d-------- C:\Program Files\Windows Defender
2008-03-31 11:53:16 0 d-------- C:\Program Files\Skype
2008-03-31 11:53:13 0 d-------- C:\Program Files\Common Files\Skype
2008-03-31 03:53:56 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-22 20:21:16 0 d-------- C:\Users\Willard\AppData\Roaming\Apple Computer
2008-03-13 14:51:01 720896 --a------ C:\Windows\iun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-13 01:54:23 1738 --a------ C:\Windows\mozver.dat
2008-03-04 03:02:44 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-02-26 02:22:35 21129 --a------ C:\Users\Willard\AppData\Roaming\UserTile.png


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbb08554-a453-490d-b1f9-c482534c2083}]
05/13/2008 03:24 AM 131584 --a------ C:\Windows\system32\vunulnic.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/18/2008 11:38 PM]
"RtHDVCpl"="RtHDVCpl.exe" [07/06/2007 11:06 AM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/22/2006 09:20 PM]
"snp2std"="C:\Windows\vsnp2std.exe" [09/16/2006 05:21 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/12/2007 05:28 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/12/2007 05:28 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/12/2007 05:28 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/14/2008 06:10 PM]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [11/16/2007 05:20 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/22/2008 02:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/18/2008 11:33 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/18/2008 11:33 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/10/2008 12:52 PM]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [03/26/2008 06:41 PM]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [04/16/2008 12:53 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GN-WI01GS Utility.lnk - C:\Program Files\Gigabyte\Gigabyte WI01GS Wireless Mini PCI Adapter\Installer\WIN2K\GNConfig.exe [2/18/2008 7:39:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 04/14/2008 05:03 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Willard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\Willard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Willard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ubisoft register.lnk]
path=C:\Users\Willard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk
backup=C:\Windows\pss\ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8400 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-14 11:12:35 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-66
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 2046.7 MiB / 1313.68 MiB
Pagefile Memory (total/avail): 4337.83 MiB / 3260.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1890.38 MiB

C: is Fixed (NTFS) - 29.3 GiB total, 7.25 GiB free.
D: is Fixed (NTFS) - 119.75 GiB total, 22.17 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD16 00BEVS-22RST SCSI Disk Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.3 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 119.75 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.523 v7.5.523 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Willard\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WILLARD-LAPTOP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Willard
LOCALAPPDATA=C:\Users\Willard\AppData\Local
LOGONSERVER=\\WILLARD-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Windows Live\Mail\;C:\Program Files\Windows Live\Messenger\;C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Lenovo;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Willard\AppData\Local\Temp
TMP=C:\Users\Willard\AppData\Local\Temp
USERDOMAIN=Willard-Laptop
USERNAME=Willard
USERPROFILE=C:\Users\Willard
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Willard [I](admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
3DMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\Setup.exe" -l0x9
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bejeweled 2 Deluxe --> C:\Windows\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DeskScapes --> C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\INSTALL.LOG
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
DriverAgent Plugin for Netscape by TouchStone Software --> RunDll32.exe advpack.dll, LaunchINFSection driveragent_np.inf,TVICHW32Remove
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
EAX Unified --> C:\Windows\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gigabyte GN-WI01GS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D36E972-E325-11CE-BFC1-08002BE10318}\setup.exe" -l0x9 -removeonly
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GT_ScreenSaver_01_02 --> C:\Windows\system32\GT_ScreenSaver_01_02.scr /u
Halo 2 for Windows Vista --> D:\Halo 2\StartUp.exe /tnp:/remove
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IE7Pro --> C:\Program Files\IEPro\uninst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Mafia --> D:\Mafia\Mafia\MafiaSetup.exe
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Medal of Honor Allied Assault(tm) Breakthrough --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}\Setup.exe" -l0x9
Medal of Honor Allied Assault(tm) Breakthrough Patch v2.40 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF9046D6-5F1F-40B6-9782-3DC2D902D391}\Setup.exe" -l0x9
Medal of Honor Allied Assault(tm) Spearhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9
Medal of Honor Allied Assault(tm) Spearhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}\Setup.exe" -l0x9
Medal of Honor Pacific Assault(tm) Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F2F6F0B-B43B-4A64-B137-8E0CE3F76F5F}\setup.exe" -l0x9 -removeonly
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MX vs ATV Unleashed --> MsiExec.exe /X{BBE18EBD-CD44-4C51-8BC5-577ECCCEC68F}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero 7 Ultra Edition --> MsiExec.exe /X{26D3E377-1DCA-4043-9410-B4A9BACF1033}
Nero 7 Ultra Edition --> MsiExec.exe /X{29CBFC23-05A7-4286-93B8-BABE29BC1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng_us_web.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
O2Micro Flash Memory Card Windows Driver V2.04 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB1B0104-6A57-446F-B855-FDF49151BE0C} /l1033
Painkiller --> C:\Windows\unvise32.exe d:\painkiller\uninstal.log
Painkiller - Battle Out Of Hell --> C:\Windows\unvise32.exe d:\painkiller\uninstal.log
PARANOIA 1.2 --> "D:\Steam\SteamApps\willard419\half-life\Half-Life\unins000.exe"
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Pcsx2 0.9.4 Watermoose --> "C:\Program Files\Pcsx2_0.9.4\unins000.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PFConfig 1.0.144 --> C:\Program Files\PFConfig\uninst.exe
PLAYSTATION(R)Network Downloader --> MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PowerDVD Ultra --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RegCure 1.5.0.1 --> C:\Program Files\RegCure\uninst.exe
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\Windows\unins000.exe"
Star Wars JK II Jedi Outcast --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Godfather™ The Game --> D:\The Godfather\EAUninstall.exe
USB2.0 PC Camera (SN9C201&202) --> C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Will Rock --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58DB5417-E1FF-4EF6-A93C-592D35F01E84}\setup.exe" -l0x9
Windows Driver Package - AuthenTec, Inc. (ATSWPDRV) Biometric (11/14/2006 7.7.0.22) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\Windows\system32\DRVSTORE\atswpdrv_307EB2EA4F40D98CDB41D7FC47A4CF1E2F1EFF95\atswpdrv.inf
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Sound Schemes --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type11588 / Success
Event Submitted/Written: 05/14/2008 11:04:24 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type11580 / Success
Event Submitted/Written: 05/14/2008 11:02:21 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type11579 / Success
Event Submitted/Written: 05/14/2008 11:02:20 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type11574 / Success
Event Submitted/Written: 05/14/2008 11:02:10 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type11546 / Error
Event Submitted/Written: 05/14/2008 03:21:12 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application FIREFOX.EXE, version 1.8.20080.40413, time stamp 0x47f6a3d0, faulting module jvpgepst.dll_unloaded, version 0.0.0.0, time stamp 0x4821b038, exception code 0xc0000005, fault offset 0x02341569,
process id 0x7b4, application start time 0xFIREFOX.EXE0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type47428 / Warning
Event Submitted/Written: 05/14/2008 11:11:20 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Willard-Laptop27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Willard-Laptop27 can't undo changes that you allow.

For more information please see the following:
%Willard-Laptop275

Scan ID: {E9293194-95EB-4330-9B9D-682689707CF6}

User: Willard-Laptop\Willard

Name: %Willard-Laptop271

ID: %Willard-Laptop272

Severity ID: %Willard-Laptop273

Category ID: %Willard-Laptop274

Path Found: %Willard-Laptop276

Alert Type: %Willard-Laptop278

Detection Type: 1.1.1600.02

Event Record #/Type47427 / Warning
Event Submitted/Written: 05/14/2008 11:11:20 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Willard-Laptop27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Willard-Laptop27 can't undo changes that you allow.

For more information please see the following:
%Willard-Laptop275

Scan ID: {F5C6B60C-D478-4FC7-8DD9-901CFB90CADA}

User: Willard-Laptop\Willard

Name: %Willard-Laptop271

ID: %Willard-Laptop272

Severity ID: %Willard-Laptop273

Category ID: %Willard-Laptop274

Path Found: %Willard-Laptop276

Alert Type: %Willard-Laptop278

Detection Type: 1.1.1600.02

Event Record #/Type47426 / Warning
Event Submitted/Written: 05/14/2008 11:11:20 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Willard-Laptop27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Willard-Laptop27 can't undo changes that you allow.

For more information please see the following:
%Willard-Laptop275

Scan ID: {68D09AF3-3644-45DC-A8FF-E4F11548014F}

User: Willard-Laptop\Willard

Name: %Willard-Laptop271

ID: %Willard-Laptop272

Severity ID: %Willard-Laptop273

Category ID: %Willard-Laptop274

Path Found: %Willard-Laptop276

Alert Type: %Willard-Laptop278

Detection Type: 1.1.1600.02

Event Record #/Type47425 / Warning
Event Submitted/Written: 05/14/2008 11:11:17 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Willard-Laptop27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Willard-Laptop27 can't undo changes that you allow.

For more information please see the following:
%Willard-Laptop275

Scan ID: {74910999-CB4A-46B0-A85F-BDDF130940F1}

User: Willard-Laptop\Willard

Name: %Willard-Laptop271

ID: %Willard-Laptop272

Severity ID: %Willard-Laptop273

Category ID: %Willard-Laptop274

Path Found: %Willard-Laptop276

Alert Type: %Willard-Laptop278

Detection Type: 1.1.1600.02

Event Record #/Type47424 / Warning
Event Submitted/Written: 05/14/2008 11:11:17 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Willard-Laptop27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Willard-Laptop27 can't undo changes that you allow.

For more information please see the following:
%Willard-Laptop275

Scan ID: {F6BFE7A4-FFB2-4BB6-806B-CF5791B7B87D}

User: Willard-Laptop\Willard

Name: %Willard-Laptop271

ID: %Willard-Laptop272

Severity ID: %Willard-Laptop273

Category ID: %Willard-Laptop274

Path Found: %Willard-Laptop276

Alert Type: %Willard-Laptop278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-05-14 11:12:35 ------------

willard419
2008-05-14, 22:28
Malwarebytes' Anti-Malware 1.12
Database version: 745

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237880
Time elapsed: 57 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\pmnkKccd.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\qxqpbrha.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\geBQJaWp.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1881adf-3a0e-4609-add4-ee607c935387} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f1881adf-3a0e-4609-add4-ee607c935387} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingA6126 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingC1553 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\780eb0da (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7b3d8346 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnkkccd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnkkccd -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\hGVOFvTm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mTvFOVGh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mTvFOVGh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnkKccd.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\dccKknmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\dccKknmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qxqpbrha.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ahrbpqxq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\geBQJaWp.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\jvpgepst.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tuvVLbCu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Shaba
2008-05-17, 10:52
Hi and sorry for delay

I have in some way missed your reply.

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



C:\Windows\system32\jvpgepst.dll
C:\Windows\system32\bageakbb.dll
C:\Windows\system32\geBQJaWp.dll
C:\Windows\system32\qxqpbrha.dll
C:\Windows\system32\vunulnic.dll
C:\Windows\system32\oceomera.dll
C:\Windows\system32\pmnkKccd.dll


Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run dss

Post:

- dss main.txt
- otmoveit2 report

Shaba
2008-05-22, 14:46
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.