Virtumonde.. like everyone else?

K

Kyeris

New member
I've been using Spybot for years, never really had a problem like this. I've looked around on the forum for the past hour or so, looking at other problems with Virtumonde, but I'm afraid to try something if it's not meant for me and it just makes it worse..

I attempted fixing it with Spybot, I was requested to restart, I restarted and a spybot scan came up, detected Virtumonde, asked me to restart again. Restarted, it came up again, detected Virtumonde, asked me to restart again. Loop after loop after loop.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:46 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\anotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [f8d6ed64] rundll32.exe "C:\WINDOWS\system32\myatwdqc.dll",b
O4 - HKLM\..\Run: [BMfbe5def8] Rundll32.exe "C:\WINDOWS\system32\xudnvmir.dll",s
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: AutoGK
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211034831875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211138949812
O20 - AppInit_DLLs: tddydf.dll iwwkkj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8ea04f266e03a) (gupdate1c8ea04f266e03a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8960 bytes
Click to expand...
 
Hi

Download Deckard's System Scanner (formerly Comboscan) to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Then do the same with extra.txt

Note: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt

Please remember to post both txt files ...


Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

THEN ..

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)
    • Scan Options:

    • Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:

    • Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt

THEN ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.


steam
 
main.txt

Deckard's System Scanner v20071014.68
Run by Logan on 2008-08-16 19:28:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
115: 2008-08-17 00:28:52 UTC - RP122 - Deckard's System Scanner Restore Point
114: 2008-08-17 00:11:56 UTC - RP121 - System Checkpoint
113: 2008-08-16 03:04:15 UTC - RP120 - Last known good configuration
112: 2008-08-16 03:04:12 UTC - RP119 - System Checkpoint
111: 2008-08-16 03:04:12 UTC - RP118 - System Checkpoint


-- First Restore Point --
1: 2008-08-16 03:04:01 UTC - RP8 - Installed Microsoft Office Professional Edition 2003


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Logan.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:46 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Logan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Logan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {46DBEC61-2FCC-443D-BBB6-0B44D5347DBD} - C:\WINDOWS\system32\vtUnnkLD.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7543347C-E33D-49FE-B2F0-580DAF43F608} - C:\WINDOWS\system32\mlJDTmNF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {c9086be0-f646-411f-91ec-edbcefaeaaf3} - C:\WINDOWS\system32\iwwkkj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [f8d6ed64] rundll32.exe "C:\WINDOWS\system32\myatwdqc.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMfbe5def8] Rundll32.exe "C:\WINDOWS\system32\xudnvmir.dll",s
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: AutoGK
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211034831875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211138949812
O20 - AppInit_DLLs: tddydf.dll iwwkkj.dll
O20 - Winlogon Notify: mlJDTmNF - C:\WINDOWS\SYSTEM32\mlJDTmNF.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8ea04f266e03a) (gupdate1c8ea04f266e03a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9526 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>

S3 RivaTuner32 - c:\program files\rivatuner v2.09\rivatuner32.sys
S3 RTL8187B (TRENDnet TEW-424UB 54M USB Dongle) - c:\windows\system32\drivers\rtl8187b.sys <Not Verified; Realtek Semiconductor Corporation; Realtek RTL8187B Wireless USB 2.0 Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-16 19:20:01 294 --a------ C:\WINDOWS\Tasks\GoogleUpdateTask.job
2008-08-13 19:38:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-16 and 2008-08-16 -----------------------------

2008-08-16 18:54:46 1506880 ---hs---- C:\WINDOWS\system32\cqdwtaym.ini2
2008-08-16 18:44:42 0 d-------- C:\Program Files\Alwil Software
2008-08-16 14:21:19 0 dr-h----- C:\Documents and Settings\Logan\Recent
2008-08-16 14:18:00 0 d-------- C:\Program Files\CCleaner
2008-08-16 14:15:47 0 d-------- C:\Program Files\Trend Micro
2008-08-16 13:20:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-16 04:12:51 85504 --a------ C:\WINDOWS\system32\myatwdqc.dll
2008-08-16 04:09:52 107008 --a------ C:\WINDOWS\system32\iwwkkj.dll
2008-08-16 04:09:51 107008 --a------ C:\WINDOWS\system32\tndvotqw.dll
2008-08-16 04:06:51 93184 --a------ C:\WINDOWS\system32\xudnvmir.dll
2008-08-15 22:04:51 107008 --a------ C:\WINDOWS\system32\tddydf.dll
2008-08-15 22:04:50 107008 --a------ C:\WINDOWS\system32\egtxpvmx.dll
2008-08-15 22:04:44 92672 --a------ C:\WINDOWS\system32\cixhygkl.dll
2008-08-15 22:03:51 843052 --ahs---- C:\WINDOWS\system32\DLknnUtv.ini2
2008-08-15 22:03:46 249856 --a------ C:\WINDOWS\system32\vtUnnkLD.dll
2008-08-15 21:58:44 39424 --a------ C:\WINDOWS\system32\mlJDTmNF.dll
2008-08-15 21:58:44 39424 --a------ C:\WINDOWS\system32\khfCTnom.dll
2008-08-11 23:45:12 0 d-------- C:\Documents and Settings\Logan\Application Data\Canneverbe_Limited
2008-08-11 23:44:55 0 d-------- C:\Program Files\CDBurnerXP
2008-08-09 17:38:25 0 d-------- C:\Documents and Settings\Logan\Application Data\Andrew Paseltiner
2008-08-07 19:15:54 0 d-------- C:\Program Files\HOTLLAMA MEDIA
2008-08-07 19:15:40 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-08-07 16:46:05 18816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
2008-08-07 16:46:05 0 d-------- C:\Program Files\dvd43
2008-08-07 13:00:20 0 d-------- C:\iTunes Movies
2008-08-07 11:28:47 0 d-------- C:\Documents and Settings\Logan\Application Data\WinFF
2008-08-04 12:12:27 532480 --a------ C:\WINDOWS\system32\FLIQLO.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-08-04 12:12:27 0 d-------- C:\WINDOWS\system32\FLIQLO dir
2008-08-03 20:20:07 0 d-------- C:\Program Files\iPod
2008-07-30 21:09:51 17 --a------ C:\WINDOWS\system32\'
2008-07-30 21:08:57 5760 --a------ C:\WINDOWS\system32\vnchelp.dll <Not Verified; RDV Soft; UltraVnc Kernel>
2008-07-30 21:08:56 0 d-------- C:\Program Files\UltraVNC
2008-07-29 14:35:42 0 d-------- C:\Documents and Settings\the rest\Application Data\Apple Computer
2008-07-26 17:15:55 0 d-------- C:\Documents and Settings\Logan\AIMPro
2008-07-26 16:55:45 0 d-------- C:\Documents and Settings\Logan\Application Data\AIMPro
2008-07-26 16:55:37 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-07-26 16:55:24 0 d-------- C:\Program Files\AIM
2008-07-26 16:55:19 0 d-------- C:\Documents and Settings\Logan\Application Data\AIM
2008-07-24 12:59:07 0 d-------- C:\Program Files\World of Warcraft 2.4.2
2008-07-23 21:55:02 0 d-------- C:\Documents and Settings\Logan\Application Data\SecondLife
2008-07-23 21:54:42 0 d-------- C:\Program Files\SecondLife
2008-07-22 15:58:02 0 d-------- C:\Program Files\Avi2Dvd
2008-07-22 15:30:41 0 d-------- C:\Program Files\Handbrake
2008-07-21 00:58:10 322990 --a------ C:\WINDOWS\system32\libssl32.dll
2008-07-21 00:58:10 1536143 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-21 00:58:10 398848 --a------ C:\WINDOWS\system32\libcurl.dll <Not Verified; The cURL library, http://curl.haxx.se/; The cURL library>
2008-07-19 20:07:13 0 d-------- C:\Program Files\Google
2008-07-18 20:01:23 0 d-------- C:\Program Files\iPhoneOrderStatus
2008-07-18 20:01:21 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-18 18:46:26 0 d-------- C:\xampp
2008-07-18 18:04:53 0 d-------- C:\Documents and Settings\the rest\Application Data\Macromedia
2008-07-18 18:04:53 0 d-------- C:\Documents and Settings\the rest\Application Data\Adobe
2008-07-18 18:04:20 0 d-------- C:\Documents and Settings\the rest\Application Data\Mozilla
2008-07-16 21:13:59 0 d--hs---- C:\Documents and Settings\Logan\Application Data\.#
2008-07-16 21:13:55 0 d-------- C:\Program Files\Folder Lock
2008-07-16 19:43:32 0 d-------- C:\Program Files\Vstep
2008-07-16 19:23:01 0 d-------- C:\Program Files\ValuSoft
2008-07-16 19:21:56 0 d-------- C:\Program Files\PowerISO


-- Find3M Report ---------------------------------------------------------------

2008-08-16 14:18:09 0 d-------- C:\Program Files\Yahoo!
2008-08-16 13:02:11 0 d-------- C:\Documents and Settings\Logan\Application Data\uTorrent
2008-08-16 12:20:23 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-08-15 00:46:25 600 --a------ C:\Documents and Settings\Logan\Application Data\winscp.rnd
2008-08-13 21:11:03 0 d-------- C:\Documents and Settings\Logan\Application Data\LimeWire
2008-08-13 01:13:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-06 18:53:56 0 d-------- C:\Program Files\SureThing CD Labeler 5
2008-08-06 18:53:47 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-08-03 20:20:21 0 d-------- C:\Program Files\iTunes
2008-07-26 16:55:37 0 d-------- C:\Program Files\Common Files
2008-07-24 22:11:04 0 d-------- C:\Program Files\World of Warcraft 2.3
2008-07-24 13:11:31 0 d-------- C:\Program Files\World of Warcraft
2008-07-22 15:58:28 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-21 15:50:19 0 d-------- C:\Program Files\iLiberty
2008-07-21 15:49:16 0 d-------- C:\Documents and Settings\Logan\Application Data\Adobe
2008-07-15 20:08:34 0 d-------- C:\Program Files\LightScribeTemplateLabeler
2008-07-15 20:07:19 0 d-------- C:\Program Files\Common Files\LightScribe
2008-07-13 21:56:51 0 d-------- C:\Documents and Settings\Logan\Application Data\DivX
2008-07-13 20:25:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-13 20:24:51 0 d-------- C:\Program Files\TRENDnet
2008-07-10 21:14:01 0 d-------- C:\Program Files\QuickTime
2008-07-10 21:13:17 0 d-------- C:\Program Files\Apple Software Update
2008-07-08 21:10:04 0 d-------- C:\Program Files\Xfire
2008-07-08 17:18:01 0 d-------- C:\Documents and Settings\Logan\Application Data\mIRC
2008-07-08 17:17:41 0 d-------- C:\Program Files\mIRC
2008-07-08 16:03:23 0 d-------- C:\Documents and Settings\Logan\Application Data\Notepad++
2008-07-08 15:29:43 0 d-------- C:\Program Files\Notepad++
2008-07-06 23:04:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-06 22:59:00 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-06 20:30:51 0 d-------- C:\Documents and Settings\Logan\Application Data\Xfire
2008-07-03 21:42:42 0 d-------- C:\Documents and Settings\Logan\Application Data\Sun
2008-07-02 22:47:57 0 d-------- C:\Program Files\DivX
2008-07-02 01:08:19 0 d-------- C:\Documents and Settings\Logan\Application Data\CopyTransPhoto
2008-06-27 23:49:31 0 d-------- C:\Program Files\LimeWire
2008-06-27 23:49:27 0 d-------- C:\Program Files\Java
2008-06-27 23:48:30 0 d-------- C:\Program Files\Common Files\Java
2008-06-23 20:16:53 0 d-------- C:\Program Files\MSXML 4.0
2008-06-23 19:56:50 0 d-------- C:\Program Files\Microsoft Games
2008-06-23 00:43:32 0 d-------- C:\Program Files\Activision
2008-06-22 17:06:08 564 --a------ C:\Documents and Settings\Logan\Application Data\AutoGK.ini
2008-06-22 16:30:14 0 d-------- C:\Program Files\AutoGK
2008-06-22 16:30:13 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-22 16:29:46 0 d-------- C:\Program Files\Gabest
2008-06-22 16:19:44 0 d-------- C:\Documents and Settings\Logan\Application Data\Moyea
2008-06-22 00:26:20 0 d-------- C:\Program Files\Red Kawa
2008-06-19 22:19:01 0 d-------- C:\Documents and Settings\Logan\Application Data\Winamp
2008-06-19 22:17:50 0 d-------- C:\Program Files\Winamp
2008-06-17 01:49:35 0 d-------- C:\Program Files\Qualcomm
2008-06-13 22:36:36 1236992 --a------ C:\WINDOWS\system32\cpuz142.exe <Not Verified; CPUID; CPU-Z Application>
2008-05-30 12:22:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 12:18:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-30 12:18:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-30 12:18:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 12:18:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 12:18:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 12:18:48 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 12:18:48 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 12:18:00 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-17 09:38:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-17 09:22:01 0 -rahs---- C:\MSDOS.SYS
2008-05-17 09:22:01 0 -rahs---- C:\IO.SYS
2008-05-17 09:20:03 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-17 04:01:51 62 --ahs---- C:\Documents and Settings\Logan\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46DBEC61-2FCC-443D-BBB6-0B44D5347DBD}]
08/15/2008 10:03 PM 249856 --a------ C:\WINDOWS\system32\vtUnnkLD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7543347C-E33D-49FE-B2F0-580DAF43F608}]
08/15/2008 09:58 PM 39424 --a------ C:\WINDOWS\system32\mlJDTmNF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9086be0-f646-411f-91ec-edbcefaeaaf3}]
08/16/2008 04:09 AM 107008 --a------ C:\WINDOWS\system32\iwwkkj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [10/29/2006 10:49 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/02/2005 09:43 PM C:\WINDOWS\Alcmtr.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM]
"f8d6ed64"="C:\WINDOWS\system32\myatwdqc.dll" [08/16/2008 04:12 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 09:38 AM]
"BMfbe5def8"="C:\WINDOWS\system32\xudnvmir.dll" [08/16/2008 04:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe" [01/17/2008 12:30 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Aim6"="" []
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [06/09/2008 10:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5/18/2008 12:32:17 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7543347C-E33D-49FE-B2F0-580DAF43F608}"= C:\WINDOWS\system32\mlJDTmNF.dll [08/15/2008 09:58 PM 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJDTmNF]
mlJDTmNF.dll 08/15/2008 09:58 PM 39424 C:\WINDOWS\system32\mlJDTmNF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=tddydf.dll iwwkkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUnnkLD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.14.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.14.lnk
backup=C:\WINDOWS\pss\Wireless Configuration Utility HW.14.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Logan^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Logan\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Logan^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Logan\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
"C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
"C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
"C:\Program Files\VMware\VMware Player\hqtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
*Newly Created Service* - EVERESTDRIVER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

9021 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-16 19:30:30 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 17%
Physical Memory (total/avail): 3327.47 MiB / 2745.91 MiB
Pagefile Memory (total/avail): 5211.3 MiB / 4690.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.05 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 465.76 GiB total, 310.48 GiB free.
D: is Fixed (NTFS) - 298.09 GiB total, 266.42 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD32 00AAJS-22RYA SCSI Disk Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - D:

\\.\PHYSICALDRIVE1 - NVIDIA STRIPE 465.76G - 465.77 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------



-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Logan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KYERIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Logan
LOGONSERVER=\\KYERIS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Logan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Logan\LOCALS~1\Temp
USERDOMAIN=KYERIS
USERNAME=Logan
USERPROFILE=C:\Documents and Settings\Logan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Logan (admin)
the rest
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
18 Wheels of Steel American Long Haul 1.00 --> C:\Program Files\ValuSoft\18 Wheels of Steel American Long Haul\Uninstall.exe
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Pro --> MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}
AMD Processor Driver --> C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bus Driver --> "C:\WINDOWS\Bus Driver\uninstall.exe" "/U:C:\Program Files\Bus Driver\Uninstall\uninstall.xml"
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CopyTrans Suite Remove Only --> C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD43 v4.3.1 --> "C:\Program Files\dvd43\unins000.exe"
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EVEREST Ultimate v4.20.1257 + Corporate Edition Beta Registered --> "C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\unins000.exe"
FLIQLO Screen Saver --> C:\WINDOWS\system32\FLIQLO.scr /u
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Google Update --> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Handbrake 0.9.2 --> C:\Program Files\Handbrake\uninst.exe
HD Tach version 3 --> "C:\Program Files\Simpli Software\HD Tach\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iPhoneOrderStatus --> msiexec /qb /x {3309F42A-9D81-D7C4-AF41-D5399F61869C}
iPhoneOrderStatus --> MsiExec.exe /I{3309F42A-9D81-D7C4-AF41-D5399F61869C}
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
KeePass Password Safe 1.11 --> "C:\Program Files\KeePass Password Safe\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LightScribe System Software 1.14.17.1 --> MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
LightScribeTemplateLabeler --> MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LimeWire PRO 4.17.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Lively by Google --> MsiExec.exe /X{646D047E-4618-4060-8F5E-1DEFF7D77123}
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X --> MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 1 --> c:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
Princeton(r) Monitor Driver --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Princeton\Princeton Monitor Driver\DeIsL2.isu" -cC:\PROGRA~1\PRINCE~1\PRINCE~1\_ISREG32.DLL
PureVoice --> "C:\Program Files\Qualcomm\PureVoice\uninstall.exe"
PuTTY version 0.60 --> "C:\Program Files\PuTTY\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
RivaTuner v2.09 --> "C:\Program Files\RivaTuner v2.09\uninstall.exe"
Rohan_USA --> D:\games\rohan\GoUninstUSA.exe
SeaTools for Windows --> MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Ship Simulator 2008 --> "C:\Program Files\Vstep\ShipSim2008\uninstall.exe"
Sonic CinePlayer DVD Pack --> MsiExec.exe /I{D4576E0D-2295-4B8E-B663-B68086B00EE5}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SureThing CD Labeler LightScribe 5.0.581.0 --> "C:\Program Files\SureThing CD Labeler 5\unins000.exe"
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{C43421C0-0DCB-4F26-8A3B-BF16155F9879}
UltraVNC v1.0.2 --> "C:\Program Files\UltraVNC\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.08 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VMware Player --> MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR --> "C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
WinSCP 4.1.2 beta --> "C:\Program Files\WinSCP\unins000.exe"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=4d89fb8d52541cc9, processorArchitecture=msil
XAMPP 1.6.7 --> "c:\xampp\uninstall.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}


-- Application Event Log -------------------------------------------------------

Event Record #/Type777 / Warning
Event Submitted/Written: 08/16/2008 07:00:08 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type753 / Error
Event Submitted/Written: 08/16/2008 02:38:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module vtunnkld.dll, version 0.0.0.0, fault address 0x00063293.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type690 / Error
Event Submitted/Written: 08/16/2008 04:13:58 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.9.0.3105, faulting module myatwdqc.dll, version 0.0.0.0, fault address 0x00001559.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type666 / Success
Event Submitted/Written: 08/15/2008 10:38:52 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type654 / Error
Event Submitted/Written: 08/15/2008 10:14:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.7.1.11, faulting module itunes.exe, version 7.7.1.11, fault address 0x001004bf.
Processing media-specific event for [itunes.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8924 / Error
Event Submitted/Written: 08/16/2008 07:20:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Event Record #/Type8923 / Error
Event Submitted/Written: 08/16/2008 07:20:55 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.

Event Record #/Type8893 / Error
Event Submitted/Written: 08/16/2008 07:16:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Event Record #/Type8892 / Error
Event Submitted/Written: 08/16/2008 07:16:22 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.

Event Record #/Type8876 / Error
Event Submitted/Written: 08/16/2008 07:11:34 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-08-16 19:30:30 ------------

And then it comes to uTorrent, I've seen other theads about the warnings about it, yes I'm aware, I really only use it for downloading linux distros and world of warcraft updates.

I recently switched from nod32 -> avast because my nod32 trial was over.
 
Last edited by a moderator:
Couldn't edit to add the rest...

I attempted running the kaspersky scan, but firefox just crashed, and I couldn't manage to get java to work on IE....

I ran the NOD32 scans and avast scans and came back with all clear.. if that counts.

For Malwarebytes'

Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 3

7:51:52 PM 8/16/2008
mbam-log-8-16-2008 (19-51-52).txt

Scan type: Quick Scan
Objects scanned: 49097
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\myatwdqc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUnnkLD.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xudnvmir.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tddydf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iwwkkj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mlJDTmNF.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46dbec61-2fcc-443d-bbb6-0b44d5347dbd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46dbec61-2fcc-443d-bbb6-0b44d5347dbd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9086be0-f646-411f-91ec-edbcefaeaaf3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9086be0-f646-411f-91ec-edbcefaeaaf3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7543347c-e33d-49fe-b2f0-580daf43f608} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7543347c-e33d-49fe-b2f0-580daf43f608} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljdtmnf (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f8d6ed64 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmfbe5def8 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7543347c-e33d-49fe-b2f0-580daf43f608} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtunnkld -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtunnkld -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vtUnnkLD.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\DLknnUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DLknnUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\myatwdqc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cqdwtaym.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cqdwtaym.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xudnvmir.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tddydf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iwwkkj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mlJDTmNF.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\cixhygkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egtxpvmx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tndvotqw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfbe5def8.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfbe5def8.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCTnom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 
Last edited by a moderator:
Malware just totally screwed over my computer. For every process that is open, even at login, I get an error:

"The application or DLL tddydf.dll is not a valid Windows image. Please check this against your installation diskette."

This happens for every service I have opened. The title on the error window will change:

________.exe - Bad Image
^ service name
 
Hi

Please don't put logs in code boxes, it makes them harder to read :)

Don't worry about the error messages, that's the malware putting up a fight against removal ... The bad files are being removed but windows is still looking for them to run them because there are still references in the registry, once we've cleaned you, those error messages will disappear ...

And then it comes to uTorrent, I've seen other theads about the warnings about it, yes I'm aware, I really only use it for downloading linux distros and world of warcraft updates.
Click to expand...

You also have LimeWire installed, because of new policy in this forum I am obliged to ask you to read this post :-

http://forums.spybot.info/showpost.php?p=218503&postcount=4

I am not going to ask you to uninstall any P2P programs, because you could uninstall them, then when we are finished re-install them again, which is just wasting your time & mine. I also don't believe I have the moral right to act as judge, jury & executioner on the issue of what programs you can or can't run on your own computer. But I do ask that you read the above thread carefully so that you are aware of the dangers of P2P, use any P2P program sparingly, & always have any file downloaded via a P2P program scanned for malware before running it.

Have the file scanned at any of these sites :-

http://virusscan.jotti.org/
http://www.virustotal.com/flash/index_en.html
http://www.virscan.org/

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
 
ComboFix 08-08-17.01 - Logan 2008-08-17 17:20:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2830 [GMT -5:00]
Running from: C:\Documents and Settings\Logan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Logan\Application Data\.#
C:\Documents and Settings\Logan\Application Data\.#\MBX@E98@3839D0.###
C:\Documents and Settings\Logan\Application Data\.#\MBX@E98@3839E0.###
C:\Documents and Settings\Logan\Application Data\macromedia\Flash Player\#SharedObjects\G2LSA8VA\interclick.com
C:\Documents and Settings\Logan\Application Data\macromedia\Flash Player\#SharedObjects\G2LSA8VA\interclick.com\ud.sol
C:\Documents and Settings\Logan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Logan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Logan\UserData
C:\Documents and Settings\Logan\UserData\CZ8NED0N\oWindowsUpdate[1].xml
C:\Documents and Settings\Logan\UserData\index.dat
C:\Documents and Settings\Logan\UserData\SPE5C1UD\oWindowsUpdate[1].xml
C:\Documents and Settings\the rest\Application Data\macromedia\Flash Player\#SharedObjects\F4E2GVKK\interclick.com
C:\Documents and Settings\the rest\Application Data\macromedia\Flash Player\#SharedObjects\F4E2GVKK\interclick.com\ud.sol
C:\Documents and Settings\the rest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\the rest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\the rest\Cookies\the_rest@a.fandango[2].txt
C:\Documents and Settings\the rest\Cookies\the_rest@ad.yieldmanager[2].txt
C:\Documents and Settings\the rest\Cookies\the_rest@advertising[2].txt
C:\Documents and Settings\the rest\Cookies\the_rest@fandango[1].txt
C:\Documents and Settings\the rest\Cookies\the_rest@revsci[1].txt
C:\Documents and Settings\the rest\Cookies\the_rest@trafficmp[1].txt
C:\WINDOWS\system32\eghlmyiv.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.

2008-08-17 16:42 . 2008-08-17 16:42 7,796 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-08-17 00:39 . 2008-08-17 00:39 <DIR> d-------- C:\Program Files\Flock
2008-08-17 00:39 . 2008-08-17 00:39 <DIR> d-------- C:\Documents and Settings\Logan\Application Data\Flock
2008-08-16 19:43 . 2008-08-16 19:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 19:43 . 2008-08-16 19:43 <DIR> d-------- C:\Documents and Settings\Logan\Application Data\Malwarebytes
2008-08-16 19:43 . 2008-08-16 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 19:43 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 19:43 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 19:40 . 2008-08-16 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-16 19:28 . 2008-08-16 19:28 <DIR> d-------- C:\Deckard
2008-08-16 18:54 . 2008-08-16 18:54 1,506,820 ---hs---- C:\WINDOWS\system32\cqdwtaym.tmp
2008-08-16 18:44 . 2008-08-16 18:44 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-16 14:18 . 2008-08-16 14:18 <DIR> d-------- C:\Program Files\CCleaner
2008-08-16 14:15 . 2008-08-16 14:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-16 13:20 . 2008-08-16 13:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-16 13:20 . 2008-08-16 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-11 23:45 . 2008-08-11 23:45 <DIR> d-------- C:\Documents and Settings\Logan\Application Data\Canneverbe_Limited
2008-08-11 23:44 . 2008-08-11 23:44 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-08-09 17:38 . 2008-08-09 17:38 <DIR> d-------- C:\Documents and Settings\Logan\Application Data\Andrew Paseltiner
2008-08-07 19:15 . 2008-08-07 19:15 <DIR> d-------- C:\Program Files\HOTLLAMA MEDIA
2008-08-07 19:15 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-08-07 16:46 . 2008-08-07 16:46 <DIR> d-------- C:\Program Files\dvd43
2008-08-07 16:46 . 2008-08-07 16:46 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-08-07 13:00 . 2008-08-11 23:38 <DIR> d-------- C:\iTunes Movies
2008-08-07 11:28 . 2008-08-11 23:54 <DIR> d-------- C:\Documents and Settings\Logan\Application Data\WinFF
2008-08-04 12:12 . 2008-08-04 12:12 <DIR> d-------- C:\WINDOWS\system32\FLIQLO dir
2008-08-04 12:12 . 2008-08-04 12:12 532,480 --a------ C:\WINDOWS\system32\FLIQLO.scr
2008-08-03 20:20 . 2008-08-03 20:20 <DIR> d-------- C:\Program Files\iPod
2008-07-30 21:09 . 2004-06-26 13:22 6,016 --a------ C:\WINDOWS\system32\drivers\vnccom.SYS
2008-07-30 21:09 . 2008-07-30 21:09 17 --a------ C:\WINDOWS\system32\'
2008-07-30 21:08 . 2008-07-30 21:10 <DIR> d-------- C:\Program Files\UltraVNC
2008-07-30 21:08 . 2005-06-10 22:02 12,800 --a------ C:\WINDOWS\system32\vncdrv.dll
2008-07-30 21:08 . 2004-06-26 13:21 5,760 --a------ C:\WINDOWS\system32\vnchelp.dll
2008-07-30 21:08 . 2004-06-26 13:22 4,736 --a------ C:\WINDOWS\system32\drivers\vncdrv.sys
2008-07-30 14:33 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-30 14:33 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-30 14:33 . 2008-04-13 13:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-30 14:33 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-29 14:35 . 2008-07-29 14:35 <DIR> d-------- C:\Documents and Settings\the rest\Application Data\Apple Computer
2008-07-26 17:15 . 2008-07-26 17:15 <DIR> d-------- C:\Documents and Settings\Logan\AIMPro
2008-07-26 16:55 . 2008-07-26 16:55 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-07-26 16:55 . 2008-07-26 16:55 <DIR> d-------- C:\Program Files\AIM
2008-07-26 16:55 . 2008-07-26 16:55 <DIR> d-------- C:\Documents and Settings\Logan\Application Data\AIMPro
2008-07-26 16:55 . 2008-07-26 16:55 <DIR> d-------- C:\Documents and Settings\Logan\Application Data\AIM
2008-07-24 12:59 . 2008-07-24 13:03 <DIR> d-------- C:\Program Files\World of Warcraft 2.4.2
2008-07-23 21:55 . 2008-07-23 21:55 <DIR> d-------- C:\Documents and Settings\Logan\Application Data\SecondLife
2008-07-23 21:54 . 2008-07-23 21:56 <DIR> d-------- C:\Program Files\SecondLife
2008-07-22 15:58 . 2008-08-07 12:09 <DIR> d-------- C:\Program Files\Avi2Dvd
2008-07-22 15:30 . 2008-08-07 12:12 <DIR> d-------- C:\Program Files\Handbrake
2008-07-21 00:58 . 2008-06-08 17:51 1,536,143 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-21 00:58 . 2008-06-08 18:28 398,848 --a------ C:\WINDOWS\system32\libcurl.dll
2008-07-21 00:58 . 2008-02-09 16:39 322,990 --a------ C:\WINDOWS\system32\libssl32.dll
2008-07-19 20:07 . 2008-08-01 17:24 <DIR> d-------- C:\Program Files\Google
2008-07-18 20:01 . 2008-07-18 20:01 <DIR> d-------- C:\Program Files\iPhoneOrderStatus
2008-07-18 20:01 . 2008-07-18 20:01 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-18 18:46 . 2008-07-21 10:09 <DIR> d-------- C:\xampp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-08-17 21:43 --------- d-----w C:\Program Files\Gabest
2008-08-17 18:10 --------- d-----w C:\Documents and Settings\Logan\Application Data\uTorrent
2008-08-17 00:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-08-16 19:18 --------- d-----w C:\Program Files\Yahoo!
2008-08-14 02:11 --------- d-----w C:\Documents and Settings\Logan\Application Data\LimeWire
2008-08-06 23:53 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2008-08-06 23:53 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-08-04 01:20 --------- d-----w C:\Program Files\iTunes
2008-07-25 03:11 --------- d-----w C:\Program Files\World of Warcraft 2.3
2008-07-24 18:11 --------- d-----w C:\Program Files\World of Warcraft
2008-07-22 20:58 --------- d-----w C:\Program Files\AviSynth 2.5
2008-07-21 20:50 --------- d-----w C:\Program Files\iLiberty
2008-07-17 02:20 --------- d-----w C:\Program Files\Folder Lock
2008-07-17 00:43 --------- d-----w C:\Program Files\Vstep
2008-07-17 00:21 --------- d-----w C:\Program Files\PowerISO
2008-07-16 01:08 --------- d-----w C:\Program Files\LightScribeTemplateLabeler
2008-07-16 01:07 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-07-16 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-07-15 15:08 --------- d-----w C:\Documents and Settings\the rest\Application Data\Logitech
2008-07-14 02:56 --------- d-----w C:\Documents and Settings\Logan\Application Data\DivX
2008-07-14 01:38 137,840 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-14 01:38 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-14 01:25 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-14 01:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 01:24 --------- d-----w C:\Program Files\TRENDnet
2008-07-11 02:14 --------- d-----w C:\Program Files\QuickTime
2008-07-11 02:13 --------- d-----w C:\Program Files\Apple Software Update
2008-07-10 14:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-09 03:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-09 02:10 --------- d-----w C:\Program Files\Xfire
2008-07-08 22:18 --------- d-----w C:\Documents and Settings\Logan\Application Data\mIRC
2008-07-08 22:17 --------- d-----w C:\Program Files\mIRC
2008-07-08 21:03 --------- d-----w C:\Documents and Settings\Logan\Application Data\Notepad++
2008-07-08 20:29 --------- d-----w C:\Program Files\Notepad++
2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-07-07 04:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-07 03:59 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-07 01:30 --------- d-----w C:\Documents and Settings\Logan\Application Data\Xfire
2008-07-03 03:47 --------- d-----w C:\Program Files\DivX
2008-07-02 06:08 --------- d-----w C:\Documents and Settings\Logan\Application Data\CopyTransPhoto
2008-06-28 04:49 --------- d-----w C:\Program Files\LimeWire
2008-06-28 04:49 --------- d-----w C:\Program Files\Java
2008-06-28 04:48 --------- d-----w C:\Program Files\Common Files\Java
2008-06-26 20:10 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-06-24 01:16 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-24 00:56 --------- d-----w C:\Program Files\Microsoft Games
2008-06-23 05:43 --------- d-----w C:\Program Files\Activision
2008-06-22 21:30 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-22 21:30 --------- d-----w C:\Program Files\AutoGK
2008-06-22 21:19 --------- d-----w C:\Documents and Settings\Logan\Application Data\Moyea
2008-06-22 05:26 --------- d-----w C:\Program Files\Red Kawa
2008-06-18 18:31 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-17 06:49 --------- d-----w C:\Program Files\Qualcomm
2008-06-14 03:36 1,236,992 ----a-w C:\WINDOWS\system32\cpuz142.exe
2008-05-30 17:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-30 17:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 17:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:19 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-30 17:19 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-26 23:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-20 16:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-20 01:27 22,328 ----a-w C:\Documents and Settings\Logan\Application Data\PnkBstrK.sys
2008-05-17 14:25 14,656 ----a-w C:\WINDOWS\gdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe" [2008-01-17 00:30 2057312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 10:16 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-29 22:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-18 12:32:17 692224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoGK
AutoGK.lnk - C:\Program Files\AutoGK\AutoGK.exe [2007-09-22 05:44:04 571904]
Uninstall.lnk - C:\Program Files\AutoGK\uninst.exe [2008-06-22 16:30:14 57638]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoGK\Tutorials
Catalan Tutorial.lnk - C:\Program Files\AutoGK\help\AutoGK_ca.html [2005-09-25 13:44:26 63000]
English Tutorial.lnk - C:\Program Files\AutoGK\help\AutoGK_en.html [2005-09-25 13:33:18 54676]
French Tutorial.lnk - C:\Program Files\AutoGK\help\AutoGK_fr.html [2005-10-08 17:02:28 61124]
Greek Tutorial.lnk - C:\Program Files\AutoGK\help\AutoGK_gr.html [2005-09-25 13:33:30 86622]
Italian Tutorial.lnk - C:\Program Files\AutoGK\help\AutoGK_it.html [2005-09-25 13:33:40 58529]
Portuguese Tutorial.lnk - C:\Program Files\AutoGK\help\AutoGK_pt.html [2005-10-08 05:22:52 48217]
Russian Tutorial.lnk - C:\Program Files\AutoGK\help\AutoGK_ru.html [2005-09-25 13:33:54 90150]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tddydf.dll iwwkkj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.14.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.14.lnk
backup=C:\WINDOWS\pss\Wireless Configuration Utility HW.14.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Logan^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Logan\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Logan^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Logan\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2008-04-09 10:00 826880 C:\Program Files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-12-04 05:57 2494464 C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-06-23 17:19 51184 C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 02:34 167936 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
--a------ 2008-04-28 13:25 2707456 C:\Program Files\RivaTuner v2.09\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-15 21:04 2879488 C:\WINDOWS\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-05-16 21:21]
R0 nvrd32;NVIDIA nForce RAID Driver;C:\WINDOWS\system32\DRIVERS\nvrd32.sys [2008-05-16 21:21]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 09:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 09:37]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 17:59]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
S1 gupdate1c8ea04f266e03a;Google Update Service (gupdate1c8ea04f266e03a);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-19 20:07]
S2 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 20:40]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-17 C:\WINDOWS\Tasks\GoogleUpdateTask.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-19 20:07]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
MSConfigStartUp-VMware hqtray - C:\Program Files\VMware\VMware Player\hqtray.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\85uq4nvx.default\
FF -: plugin - C:\Program Files\Google\Lively\nplively.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.121.17\npGoogleOneClick.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 17:24:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-08-17 17:30:50 - machine was rebooted [Logan]
ComboFix-quarantined-files.txt 2008-08-17 22:30:26

Pre-Run: 333,612,109,824 bytes free
Post-Run: 333,672,329,216 bytes free

332
 
HI

I couldn't manage to get java to work on IE....
Click to expand...

Although your version of java is out-of-date ... you should still be able to run a KASPERSKY scan with IE ...


Go to Add/Remove Programs & uninstall :-

Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 7' and press the 'Download' button.

Then try to run a new kaspersky scan

If it wont run & says anything about java, post what it says under Information on the left hand side ...


Please post a new Hijackthis log ....

steam
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 19, 2008 00:34:18
Records in database: 1107594
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 159882
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:59:44


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1

The selected area was scanned.

Not sure what it's doing with vnc and mirc?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:11 PM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\dotmacsyncclient.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: AutoGK
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211034831875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211138949812
O20 - AppInit_DLLs: tddydf.dll iwwkkj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8ea04f266e03a) (gupdate1c8ea04f266e03a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8724 bytes
 
Hi

RE: KASPERSKY ONLINE SCANNER 7 REPORT

Not sure what it's doing with vnc and mirc?
Click to expand...

Don't worry it's not doing anything with those files ... it's just drawing our attention to their presence, as this program could have been downloaded by malware ...

Did YOU download & install it yourself ? if you did then it's OK & you can just ignore those entries ...

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

O20 - AppInit_DLLs: tddydf.dll iwwkkj.dll


Reboot ... Post a new hijackthis log ...

hows the computer running now ?

steam
 
Last edited:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:22 PM, on 8/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoGK
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211034831875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211138949812
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8ea04f266e03a) (gupdate1c8ea04f266e03a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8465 bytes

It ran great before I even deleted what was just done in hijackthis.

Thanks steam (:
 
HI

Great .. your logs are now clean :)

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Clipboard01-1.gif


This will uninstall Combofix, delete any of its related folders and files (Qoobox, VundoFix Backups, Avenger, Deckard, _OTMoveIt), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Before you leave the site ...

Please Have a look here at ways to keep your computer safe :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279

Happy surfing

steam
 
You must log in or register to reply here.
Back
Top