Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Check My Hijack This Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Check My Hijack This Log

Unread postby Imanaznguy » October 18th, 2007, 4:54 am

Thanks for the help in advance

Logfile of HijackThis v1.99.0
Scan saved at 1:51:57 AM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\tpctdoln.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Crap I don't use\HijackThis-1.99.0.exe

O2 - BHO: (no name) - {015CDAF3-CC87-4F25-B935-3C98A32141E8} - C:\Program Files\WindowsUpdate\meso43855.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8E7F8BD9-73C1-47EF-8937-61270EC12383} - C:\WINDOWS\system32\awvtt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\gztqrjof.dll
O2 - BHO: (no name) - {EA5159DF-E413-4878-8AE2-D921D41BB942} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\gztqrjof.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [jlxmvhd] c:\windows\system32\absysao.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.5\webbuying.exe
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\MBOLS~1\wuaclt.exe" -vt ndrv
O4 - HKCU\..\Run: [Kwwszg] "C:\Documents and Settings\Owner\Application Data\??sembly\u?erinit.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8861804828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8861710421
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) - http://kronos.pomona.edu/WFC/plugins/j2 ... s-i586.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\tpctdoln.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Imanaznguy
Active Member
 
Posts: 3
Joined: October 18th, 2007, 4:53 am
Advertisement
Register to Remove

Unread postby SNOWHITE » October 18th, 2007, 9:13 am

Hello Imanaznguy :)

My name is SNOWHITE and I will be helping you with your Malware problem.

Please follow the steps below exactly in the order they are written:

Step #1

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #2

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

In your next post please include the following reports:
  • VundoFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby Imanaznguy » October 18th, 2007, 12:06 pm

Vundofix.txt


VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:26:40 AM 10/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\dvxkipll.ini
C:\WINDOWS\system32\gztqrjof.dll
C:\WINDOWS\system32\llpikxvd.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dvxkipll.ini
C:\WINDOWS\system32\dvxkipll.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gztqrjof.dll
C:\WINDOWS\system32\gztqrjof.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\llpikxvd.dll
C:\WINDOWS\system32\llpikxvd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gztqrjof.dll
C:\WINDOWS\system32\gztqrjof.dll Has been deleted!

Performing Repairs to the registry.
Done!


main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2007-10-18 08:54:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2007-10-18 16:54:25 UTC - RP1067 - Deckard's System Scanner Restore Point
66: 2007-10-18 09:27:21 UTC - RP1066 - System Checkpoint
65: 2007-10-17 06:09:51 UTC - RP1065 - System Checkpoint
64: 2007-10-16 05:50:35 UTC - RP1064 - System Checkpoint
63: 2007-10-14 23:22:24 UTC - RP1063 - Last known good configuration


-- First Restore Point --
1: 2007-07-21 13:29:29 UTC - RP1001 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 2.37 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-18 08:57:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
O2 - BHO: (no name) - {015CDAF3-CC87-4F25-B935-3C98A32141E8} - C:\Program Files\WindowsUpdate\meso43855.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {CDC59F8E-F118-41B9-BC83-990D2FF00694} - C:\WINDOWS\system32\awvtt.dll
O2 - BHO: (no name) - {EA5159DF-E413-4878-8AE2-D921D41BB942} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [jlxmvhd] c:\windows\system32\absysao.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.5\webbuying.exe
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\MBOLS~1\wuaclt.exe" -vt ndrv
O4 - HKCU\..\Run: [Kwwszg] "C:\Documents and Settings\Owner\Application Data\??sembly\u?erinit.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [lvvna.exe] C:\WINDOWS\system\lvvna.exe
O4 - HKCU\..\Policies\Explorer\Run: [jsuvojncu.exe] C:\WINDOWS\system\jsuvojncu.exe
O4 - HKCU\..\Policies\Explorer\Run: [llvlrun.exe] C:\WINDOWS\system\llvlrun.exe
O4 - HKCU\..\Policies\Explorer\Run: [mnmignvusr.exe] C:\WINDOWS\system\mnmignvusr.exe
O4 - HKCU\..\Policies\Explorer\Run: [jirq.exe] C:\WINDOWS\system\jirq.exe
O4 - HKCU\..\Policies\Explorer\Run: [iadtu.exe] C:\WINDOWS\system\iadtu.exe
O4 - HKCU\..\Policies\Explorer\Run: [pnjlgiq.exe] C:\WINDOWS\system\pnjlgiq.exe
O4 - HKCU\..\Policies\Explorer\Run: [ffri.exe] C:\WINDOWS\system\ffri.exe
O4 - HKCU\..\Policies\Explorer\Run: [ihokslrcu.exe] C:\WINDOWS\system\ihokslrcu.exe
O4 - HKCU\..\Policies\Explorer\Run: [rshmigl.exe] C:\WINDOWS\system\rshmigl.exe
O4 - HKCU\..\Policies\Explorer\Run: [jgbcsh.exe] C:\WINDOWS\system\jgbcsh.exe
O4 - HKCU\..\Policies\Explorer\Run: [nktvivm.exe] C:\WINDOWS\system\nktvivm.exe
O4 - HKCU\..\Policies\Explorer\Run: [douscc.exe] C:\WINDOWS\system\douscc.exe
O4 - HKCU\..\Policies\Explorer\Run: [birrnct.exe] C:\WINDOWS\system\birrnct.exe
O4 - HKCU\..\Policies\Explorer\Run: [ictrloku.exe] C:\WINDOWS\system\ictrloku.exe
O4 - HKCU\..\Policies\Explorer\Run: [dvfvvitlv.exe] C:\WINDOWS\system\dvfvvitlv.exe
O4 - HKCU\..\Policies\Explorer\Run: [hjjvrsb.exe] C:\WINDOWS\system\hjjvrsb.exe
O4 - HKCU\..\Policies\Explorer\Run: [vnkcu.exe] C:\WINDOWS\system\vnkcu.exe
O4 - HKCU\..\Policies\Explorer\Run: [mhsplfbvbt.exe] C:\WINDOWS\system\mhsplfbvbt.exe
O4 - HKCU\..\Policies\Explorer\Run: [orgq.exe] C:\WINDOWS\system\orgq.exe
O4 - HKCU\..\Policies\Explorer\Run: [sqqxtxlet.exe] C:\WINDOWS\system\sqqxtxlet.exe
O4 - HKCU\..\Policies\Explorer\Run: [rkpep.exe] C:\WINDOWS\system\rkpep.exe
O4 - HKCU\..\Policies\Explorer\Run: [mpxejw.exe] C:\WINDOWS\system\mpxejw.exe
O4 - HKCU\..\Policies\Explorer\Run: [pvvs.exe] C:\WINDOWS\system\pvvs.exe
O4 - HKCU\..\Policies\Explorer\Run: [wqdumu.exe] C:\WINDOWS\system\wqdumu.exe
O4 - HKCU\..\Policies\Explorer\Run: [ckdcge.exe] C:\WINDOWS\system\ckdcge.exe
O4 - HKCU\..\Policies\Explorer\Run: [wjravp.exe] C:\WINDOWS\system\wjravp.exe
O4 - HKCU\..\Policies\Explorer\Run: [nefjmdvp.exe] C:\WINDOWS\system\nefjmdvp.exe
O4 - HKCU\..\Policies\Explorer\Run: [sefxfj.exe] C:\WINDOWS\system\sefxfj.exe
O4 - HKCU\..\Policies\Explorer\Run: [qhtpd.exe] C:\WINDOWS\system\qhtpd.exe
O4 - HKCU\..\Policies\Explorer\Run: [ovnnk.exe] C:\WINDOWS\system\ovnnk.exe
O4 - HKCU\..\Policies\Explorer\Run: [ewnka.exe] C:\WINDOWS\system\ewnka.exe
O4 - HKCU\..\Policies\Explorer\Run: [akkf.exe] C:\WINDOWS\system\akkf.exe
O4 - HKCU\..\Policies\Explorer\Run: [qkjvcpbdn.exe] C:\WINDOWS\system\qkjvcpbdn.exe
O4 - HKCU\..\Policies\Explorer\Run: [lwdgxhlv.exe] C:\WINDOWS\system\lwdgxhlv.exe
O4 - HKCU\..\Policies\Explorer\Run: [caeqfdouig.exe] C:\WINDOWS\system\caeqfdouig.exe
O4 - HKCU\..\Policies\Explorer\Run: [jmxfxlnxf.exe] C:\WINDOWS\system\jmxfxlnxf.exe
O4 - HKCU\..\Policies\Explorer\Run: [hojnbkaow.exe] C:\WINDOWS\system\hojnbkaow.exe
O4 - HKCU\..\Policies\Explorer\Run: [exjmbpk.exe] C:\WINDOWS\system\exjmbpk.exe
O4 - HKCU\..\Policies\Explorer\Run: [qkeav.exe] C:\WINDOWS\system\qkeav.exe
O4 - HKCU\..\Policies\Explorer\Run: [rnkhllffih.exe] C:\WINDOWS\system\rnkhllffih.exe
O4 - HKCU\..\Policies\Explorer\Run: [qhkp.exe] C:\WINDOWS\system\qhkp.exe
O4 - HKCU\..\Policies\Explorer\Run: [snsqe.exe] C:\WINDOWS\system\snsqe.exe
O4 - HKCU\..\Policies\Explorer\Run: [mmkun.exe] C:\WINDOWS\system\mmkun.exe
O4 - HKCU\..\Policies\Explorer\Run: [griiwflbi.exe] C:\WINDOWS\system\griiwflbi.exe
O4 - HKCU\..\Policies\Explorer\Run: [bqblfmxum.exe] C:\WINDOWS\system\bqblfmxum.exe
O4 - HKCU\..\Policies\Explorer\Run: [vsop.exe] C:\WINDOWS\system\vsop.exe
O4 - HKCU\..\Policies\Explorer\Run: [bbrhp.exe] C:\WINDOWS\system\bbrhp.exe
O4 - HKCU\..\Policies\Explorer\Run: [ajtxsu.exe] C:\WINDOWS\system\ajtxsu.exe
O4 - HKCU\..\Policies\Explorer\Run: [eduu.exe] C:\WINDOWS\system\eduu.exe
O4 - HKCU\..\Policies\Explorer\Run: [cksc.exe] C:\WINDOWS\system\cksc.exe
O4 - HKCU\..\Policies\Explorer\Run: [ddwn.exe] C:\WINDOWS\system\ddwn.exe
O4 - HKCU\..\Policies\Explorer\Run: [lhxtkfbv.exe] C:\WINDOWS\system\lhxtkfbv.exe
O4 - HKCU\..\Policies\Explorer\Run: [nplsfcvf.exe] C:\WINDOWS\system\nplsfcvf.exe
O4 - HKCU\..\Policies\Explorer\Run: [uburqbo.exe] C:\WINDOWS\system\uburqbo.exe
O4 - HKCU\..\Policies\Explorer\Run: [simx.exe] C:\WINDOWS\system\simx.exe
O4 - HKCU\..\Policies\Explorer\Run: [xeairvsh.exe] C:\WINDOWS\system\xeairvsh.exe
O4 - HKCU\..\Policies\Explorer\Run: [jvmqbhjbm.exe] C:\WINDOWS\system\jvmqbhjbm.exe
O4 - HKCU\..\Policies\Explorer\Run: [oddnnehtav.exe] C:\WINDOWS\system\oddnnehtav.exe
O4 - HKCU\..\Policies\Explorer\Run: [acvxjp.exe] C:\WINDOWS\system\acvxjp.exe
O4 - HKCU\..\Policies\Explorer\Run: [jwwtwqgpxq.exe] C:\WINDOWS\system\jwwtwqgpxq.exe
O4 - HKCU\..\Policies\Explorer\Run: [reascdpjnk.exe] C:\WINDOWS\system\reascdpjnk.exe
O4 - HKCU\..\Policies\Explorer\Run: [bifmi.exe] C:\WINDOWS\system\bifmi.exe
O4 - HKCU\..\Policies\Explorer\Run: [aulmxobgd.exe] C:\WINDOWS\system\aulmxobgd.exe
O4 - HKCU\..\Policies\Explorer\Run: [htkhtk.exe] C:\WINDOWS\system\htkhtk.exe
O4 - HKCU\..\Policies\Explorer\Run: [pwincg.exe] C:\WINDOWS\system\pwincg.exe
O4 - HKCU\..\Policies\Explorer\Run: [tommdha.exe] C:\WINDOWS\system\tommdha.exe
O4 - HKCU\..\Policies\Explorer\Run: [nhjck.exe] C:\WINDOWS\system\nhjck.exe
O4 - HKCU\..\Policies\Explorer\Run: [nghe.exe] C:\WINDOWS\system\nghe.exe
O4 - HKCU\..\Policies\Explorer\Run: [nnkga.exe] C:\WINDOWS\system\nnkga.exe
O4 - HKCU\..\Policies\Explorer\Run: [takwmiig.exe] C:\WINDOWS\system\takwmiig.exe
O4 - HKCU\..\Policies\Explorer\Run: [aashtx.exe] C:\WINDOWS\system\aashtx.exe
O4 - HKCU\..\Policies\Explorer\Run: [uncisd.exe] C:\WINDOWS\system\uncisd.exe
O4 - HKCU\..\Policies\Explorer\Run: [sadhegxr.exe] C:\WINDOWS\system\sadhegxr.exe
O4 - HKCU\..\Policies\Explorer\Run: [ocibj.exe] C:\WINDOWS\system\ocibj.exe
O4 - HKCU\..\Policies\Explorer\Run: [djnl.exe] C:\WINDOWS\system\djnl.exe
O4 - HKCU\..\Policies\Explorer\Run: [dddgv.exe] C:\WINDOWS\system\dddgv.exe
O4 - HKCU\..\Policies\Explorer\Run: [vwkbjrj.exe] C:\WINDOWS\system\vwkbjrj.exe
O4 - HKCU\..\Policies\Explorer\Run: [epsxhqpnk.exe] C:\WINDOWS\system\epsxhqpnk.exe
O4 - HKCU\..\Policies\Explorer\Run: [qpsfuphqi.exe] C:\WINDOWS\system\qpsfuphqi.exe
O4 - HKCU\..\Policies\Explorer\Run: [mkhs.exe] C:\WINDOWS\system\mkhs.exe
O4 - HKCU\..\Policies\Explorer\Run: [tgxmoi.exe] C:\WINDOWS\system\tgxmoi.exe
O4 - HKCU\..\Policies\Explorer\Run: [lqfuawnec.exe] C:\WINDOWS\system\lqfuawnec.exe
O4 - HKCU\..\Policies\Explorer\Run: [fdhpitthw.exe] C:\WINDOWS\system\fdhpitthw.exe
O4 - Startup: IMStart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = C:\Program Files\3M\PDNotes\PDNotes.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/ ... mvadvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8861804828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8861710421
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.1_05) - http://kronos.pomona.edu/WFC/plugins/j2 ... s-i586.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: nnnnllk - C:\WINDOWS\system32\nnnnllk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tpctdoln.exe /service
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jgrqhpfraearl - Unknown owner - C:\WINDOWS\system32\aearl\jgrqhpfr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


--
End of file - 16924 bytes

-- HijackThis Fixed Entries (C:\Documents and Settings\Owner\Desktop\Crap I don't use\backups\) --------------------------------------------------------------------------------

backup-20071014-152819-537 O4 - HKLM\..\Run: [NI.UWAS7_0001_N99M3108] "C:\DOCUME~1\Owner\LOCALS~1\Temp\WinAntiSpyware 2007 FreeInstall.exe" -nag
backup-20071014-152902-164 O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
backup-20071014-152902-260 O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
backup-20071014-152902-865 O15 - Trusted Zone: http://click.getmirar.com (HKLM)
backup-20071014-152902-897 O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
backup-20071014-232756-590 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
backup-20071014-232905-674 O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
backup-20071014-232905-883 O4 - HKCU\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exe
backup-20071014-232905-894 O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
backup-20071015-124957-110 O2 - BHO: (no name) - {05241C24-1C2C-45AA-B5C6-160D0E39F8B6} - C:\WINDOWS\system32\awvtt.dll
backup-20071015-124957-213 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kpdhxxqh.dll
backup-20071015-124957-342 O2 - BHO: (no name) - {16D27D6F-94A3-9321-A63C-EE2B5D90DF92} - C:\WINDOWS\system32\ejya.dll
backup-20071015-124957-827 O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kpdhxxqh.dll
backup-20071015-124957-872 O2 - BHO: (no name) - {9c2f5834-34b2-49ed-bff2-19282e3f3933} - C:\WINDOWS\system32\iwrkvqe.dll
backup-20071015-125113-241 O4 - HKLM\..\Run: [cphkgm] C:\WINDOWS\system32\cyqikml.exe r
backup-20071015-125113-295 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
backup-20071015-125113-300 O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
backup-20071015-125113-307 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kpdhxxqh.dll
backup-20071015-125113-700 O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kpdhxxqh.dll
backup-20071015-125113-875 O2 - BHO: (no name) - {05241C24-1C2C-45AA-B5C6-160D0E39F8B6} - C:\WINDOWS\system32\awvtt.dll
backup-20071015-125113-978 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20071015-125113-997 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071015-130044-534 O2 - BHO: (no name) - {05241C24-1C2C-45AA-B5C6-160D0E39F8B6} - C:\WINDOWS\system32\awvtt.dll
backup-20071015-193018-807 O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 STEC3 - c:\windows\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S2 MKEMUSB (Panasonic Digital Palmcorder) - c:\windows\system32\drivers\mkemusb.sys <Not Verified; Matsushita Kotobuki Electronics Industries, Ltd.; Panasonic Digital Palmcorder>
S3 DCamUSBMke (USB Video Camera for Panasonic Digital Palmcorder) - c:\windows\system32\drivers\mkeusbi.sys <Not Verified; Matsushita Kotobuki Electronics Industries,Ltd.; Panasonic Digital Palmcorder>
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
S3 iveawaw - c:\windows\system32\aearl\iveawaw (file missing)
S3 npkcrypt - c:\program files\softnyx\gunbound\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 npriyjf - c:\windows\system32\xqmbon\npriyjf (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S2 DomainService - c:\windows\system32\tpctdoln.exe /service (file missing)
S4 jgrqhpfraearl - c:\windows\system32\aearl\jgrqhpfr.exe (file missing)
S4 npkcsvc - c:\windows\system32\npkcsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-18 07:36:04 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-10-13 13:32:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-09-18 and 2007-10-18 -----------------------------

2007-10-18 08:26:40 0 d-------- C:\VundoFix Backups
2007-10-18 03:32:25 78400 --a------ C:\WINDOWS\system32\guepmwgf.dll
2007-10-18 03:26:25 0 --a------ C:\WINDOWS\system32\raustklm.exe
2007-10-18 00:24:44 3730 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-18 00:23:52 0 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-18 00:23:52 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-18 00:23:52 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-18 00:23:52 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-10-18 00:23:52 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-17 03:26:56 78400 --a------ C:\WINDOWS\system32\kimjwssi.dll
2007-10-17 03:26:32 0 --a------ C:\WINDOWS\system32\bbichodc.exe
2007-10-17 03:26:22 389184 --a------ C:\WINDOWS\system32\npaxnpkt.exe
2007-10-16 03:29:26 77888 --a------ C:\WINDOWS\system32\xfxyodlv.dll
2007-10-16 03:27:08 339968 --a------ C:\WINDOWS\system32\mjvxrhiv.dll
2007-10-16 03:26:35 389184 --a------ C:\WINDOWS\system32\pkfcrcto.exe
2007-10-16 03:24:35 436408 ---hs---- C:\WINDOWS\system32\ttvwa.bak2
2007-10-15 19:42:52 444272 ---hs---- C:\WINDOWS\system32\ttvwa.ini2
2007-10-15 03:36:05 79424 --a------ C:\WINDOWS\system32\fgmwjtvk.dll
2007-10-15 03:24:47 339968 --a------ C:\WINDOWS\system32\kpdhxxqh.dll
2007-10-15 03:24:47 339968 --a------ C:\Program Files\Hammer.dll
2007-10-15 03:24:18 389184 --a------ C:\WINDOWS\system32\fjamrotw.exe
2007-10-14 15:24:23 2 --a------ C:\WINDOWS\system32\wapiit.exe
2007-10-14 15:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\??sembly
2007-10-14 15:24:04 60928 --a------ C:\WINDOWS\system32\ejya.dll
2007-10-14 15:23:58 439735 ---hs---- C:\WINDOWS\system32\ttvwa.bak1
2007-10-14 15:23:45 0 d-------- C:\Program Files\??mbols
2007-10-14 15:23:19 0 d-------- C:\WINDOWS\system32\oTt08e
2007-10-14 15:23:01 0 --a------ C:\WINDOWS\winshow.exe
2007-10-14 15:20:59 308832 --a------ C:\WINDOWS\system32\awvtt.dll
2007-10-14 15:16:54 44922 --a------ C:\WINDOWS\system32\IKatzuUninstall.exe
2007-10-14 15:16:51 118784 --a------ C:\WINDOWS\system32\artchker.exe
2007-10-14 15:16:49 45056 --a------ C:\WINDOWS\system32\katzppd.exe <Not Verified; Upads.Biz; IKatzu App>
2007-10-14 15:16:49 0 d--hs---- C:\WINDOWS\IA
2007-10-14 15:16:47 45056 --a------ C:\WINDOWS\system32\katzpczci.exe <Not Verified; Upads.Biz; IKatzu App>
2007-10-14 15:16:26 171520 --a------ C:\WINDOWS\system32\iwrkvqe.dll
2007-10-14 15:16:25 421888 --a------ C:\WINDOWS\system32\bkinsmqc.dll <Not Verified; ; IKatzu Search Ads>
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\que1
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\kat1
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\ipd2
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\comms2
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\a8
2007-10-14 15:15:48 0 d-------- C:\WINDOWS\system32\vMW02a


-- Find3M Report ---------------------------------------------------------------

2007-10-15 19:25:12 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-15 17:20:21 0 d-------- C:\Program Files\??mbols
2007-10-15 12:44:13 0 d-------- C:\Program Files\Common Files
2007-10-15 12:44:03 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2007-10-14 15:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\??sembly
2007-10-11 02:44:50 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2007-09-30 21:47:02 0 d-------- C:\Program Files\Java
2007-09-19 23:04:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 14:37:41 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-09-13 14:37:40 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-09-03 16:02:07 0 d-------- C:\Program Files\Lavasoft
2007-09-03 16:02:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-09-03 16:00:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-14 12:09:32 112 --a------ C:\WINDOWS\HOSTK100.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{015CDAF3-CC87-4F25-B935-3C98A32141E8}]
C:\Program Files\WindowsUpdate\meso43855.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDC59F8E-F118-41B9-BC83-990D2FF00694}]
10/14/2007 03:21 PM 308832 --a------ C:\WINDOWS\system32\awvtt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5159DF-E413-4878-8AE2-D921D41BB942}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FD44536-9DF0-4034-939F-5BD4D98E3187}"= C:\Program Files\TBONAS\TBONlchr.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{4EF67630-DD6C-4e66-B175-60BCCD1CA89B}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe" [05/09/2006 02:01 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 04:04 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 03:38 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 03:23 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 07:02 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/13/2004 08:43 PM]
"VTTimer"="VTTimer.exe" [10/22/2004 11:53 AM C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"jlxmvhd"="c:\windows\system32\absysao.exe" []
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 04:05 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/30/2005 03:30 AM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 02:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 03:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 01:34 AM]
"RecordNow!"="" []
"Aim6"="" []
"WebBuying"="C:\Program Files\Web Buying\v1.8.5\webbuying.exe" []
"Notn"="C:\PROGRA~1\MBOLS~1\wuaclt.exe" []
"Kwwszg"="C:\Documents and Settings\Owner\Application Data\??sembly\u?erinit.exe" [10/03/2007 07:07 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"lvvna.exe"=C:\WINDOWS\system\lvvna.exe
"jsuvojncu.exe"=C:\WINDOWS\system\jsuvojncu.exe
"llvlrun.exe"=C:\WINDOWS\system\llvlrun.exe
"mnmignvusr.exe"=C:\WINDOWS\system\mnmignvusr.exe
"jirq.exe"=C:\WINDOWS\system\jirq.exe
"iadtu.exe"=C:\WINDOWS\system\iadtu.exe
"pnjlgiq.exe"=C:\WINDOWS\system\pnjlgiq.exe
"ffri.exe"=C:\WINDOWS\system\ffri.exe
"ihokslrcu.exe"=C:\WINDOWS\system\ihokslrcu.exe
"rshmigl.exe"=C:\WINDOWS\system\rshmigl.exe
"jgbcsh.exe"=C:\WINDOWS\system\jgbcsh.exe
"nktvivm.exe"=C:\WINDOWS\system\nktvivm.exe
"douscc.exe"=C:\WINDOWS\system\douscc.exe
"birrnct.exe"=C:\WINDOWS\system\birrnct.exe
"ictrloku.exe"=C:\WINDOWS\system\ictrloku.exe
"dvfvvitlv.exe"=C:\WINDOWS\system\dvfvvitlv.exe
"hjjvrsb.exe"=C:\WINDOWS\system\hjjvrsb.exe
"vnkcu.exe"=C:\WINDOWS\system\vnkcu.exe
"mhsplfbvbt.exe"=C:\WINDOWS\system\mhsplfbvbt.exe
"orgq.exe"=C:\WINDOWS\system\orgq.exe
"sqqxtxlet.exe"=C:\WINDOWS\system\sqqxtxlet.exe
"rkpep.exe"=C:\WINDOWS\system\rkpep.exe
"mpxejw.exe"=C:\WINDOWS\system\mpxejw.exe
"pvvs.exe"=C:\WINDOWS\system\pvvs.exe
"wqdumu.exe"=C:\WINDOWS\system\wqdumu.exe
"ckdcge.exe"=C:\WINDOWS\system\ckdcge.exe
"wjravp.exe"=C:\WINDOWS\system\wjravp.exe
"nefjmdvp.exe"=C:\WINDOWS\system\nefjmdvp.exe
"sefxfj.exe"=C:\WINDOWS\system\sefxfj.exe
"qhtpd.exe"=C:\WINDOWS\system\qhtpd.exe
"ovnnk.exe"=C:\WINDOWS\system\ovnnk.exe
"ewnka.exe"=C:\WINDOWS\system\ewnka.exe
"akkf.exe"=C:\WINDOWS\system\akkf.exe
"qkjvcpbdn.exe"=C:\WINDOWS\system\qkjvcpbdn.exe
"lwdgxhlv.exe"=C:\WINDOWS\system\lwdgxhlv.exe
"caeqfdouig.exe"=C:\WINDOWS\system\caeqfdouig.exe
"jmxfxlnxf.exe"=C:\WINDOWS\system\jmxfxlnxf.exe
"hojnbkaow.exe"=C:\WINDOWS\system\hojnbkaow.exe
"exjmbpk.exe"=C:\WINDOWS\system\exjmbpk.exe
"qkeav.exe"=C:\WINDOWS\system\qkeav.exe
"rnkhllffih.exe"=C:\WINDOWS\system\rnkhllffih.exe
"qhkp.exe"=C:\WINDOWS\system\qhkp.exe
"snsqe.exe"=C:\WINDOWS\system\snsqe.exe
"mmkun.exe"=C:\WINDOWS\system\mmkun.exe
"griiwflbi.exe"=C:\WINDOWS\system\griiwflbi.exe
"bqblfmxum.exe"=C:\WINDOWS\system\bqblfmxum.exe
"vsop.exe"=C:\WINDOWS\system\vsop.exe
"bbrhp.exe"=C:\WINDOWS\system\bbrhp.exe
"ajtxsu.exe"=C:\WINDOWS\system\ajtxsu.exe
"eduu.exe"=C:\WINDOWS\system\eduu.exe
"cksc.exe"=C:\WINDOWS\system\cksc.exe
"ddwn.exe"=C:\WINDOWS\system\ddwn.exe
"lhxtkfbv.exe"=C:\WINDOWS\system\lhxtkfbv.exe
"nplsfcvf.exe"=C:\WINDOWS\system\nplsfcvf.exe
"uburqbo.exe"=C:\WINDOWS\system\uburqbo.exe
"simx.exe"=C:\WINDOWS\system\simx.exe
"xeairvsh.exe"=C:\WINDOWS\system\xeairvsh.exe
"jvmqbhjbm.exe"=C:\WINDOWS\system\jvmqbhjbm.exe
"oddnnehtav.exe"=C:\WINDOWS\system\oddnnehtav.exe
"acvxjp.exe"=C:\WINDOWS\system\acvxjp.exe
"jwwtwqgpxq.exe"=C:\WINDOWS\system\jwwtwqgpxq.exe
"reascdpjnk.exe"=C:\WINDOWS\system\reascdpjnk.exe
"bifmi.exe"=C:\WINDOWS\system\bifmi.exe
"aulmxobgd.exe"=C:\WINDOWS\system\aulmxobgd.exe
"htkhtk.exe"=C:\WINDOWS\system\htkhtk.exe
"pwincg.exe"=C:\WINDOWS\system\pwincg.exe
"tommdha.exe"=C:\WINDOWS\system\tommdha.exe
"nhjck.exe"=C:\WINDOWS\system\nhjck.exe
"nghe.exe"=C:\WINDOWS\system\nghe.exe
"nnkga.exe"=C:\WINDOWS\system\nnkga.exe
"takwmiig.exe"=C:\WINDOWS\system\takwmiig.exe
"aashtx.exe"=C:\WINDOWS\system\aashtx.exe
"uncisd.exe"=C:\WINDOWS\system\uncisd.exe
"sadhegxr.exe"=C:\WINDOWS\system\sadhegxr.exe
"ocibj.exe"=C:\WINDOWS\system\ocibj.exe
"djnl.exe"=C:\WINDOWS\system\djnl.exe
"dddgv.exe"=C:\WINDOWS\system\dddgv.exe
"vwkbjrj.exe"=C:\WINDOWS\system\vwkbjrj.exe
"epsxhqpnk.exe"=C:\WINDOWS\system\epsxhqpnk.exe
"qpsfuphqi.exe"=C:\WINDOWS\system\qpsfuphqi.exe
"mkhs.exe"=C:\WINDOWS\system\mkhs.exe
"tgxmoi.exe"=C:\WINDOWS\system\tgxmoi.exe
"lqfuawnec.exe"=C:\WINDOWS\system\lqfuawnec.exe
"fdhpitthw.exe"=C:\WINDOWS\system\fdhpitthw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnllk]
nnnnllk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll 12/20/2001 10:34 PM 24576 C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a1e9630-f0ca-11d8-8319-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2007-10-18 09:03:33 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 3200+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 447.48 MiB / 162.94 MiB
Pagefile Memory (total/avail): 1055.38 MiB / 690.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.27 MiB

C: is Fixed (NTFS) - 144.25 GiB total, 2.36 GiB free.
D: is Fixed (FAT32) - 4.79 GiB total, 0.72 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.79 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.25 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: McAfee VirusScan v (McAfee) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares Lite Edition\\AresLite.exe"="C:\\Program Files\\Ares Lite Edition\\AresLite.exe:*:Enabled:Ares Lite Edition"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\i2hubV2\\i2hub.exe"="C:\\Program Files\\i2hubV2\\i2hub.exe:*:Enabled:i2hub Client App"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\xlhvxngb.exe"="C:\\WINDOWS\\system32\\xlh"
"C:\\WINDOWS\\system32\\tpctdoln.exe"="C:\\WINDOWS\\system32\\tpc"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DANSHIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DANSHIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DANSHIN
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
family (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\System32\ossproxy.exe -bootremove -uninst:RelevantKnowledge
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
BitTornado 0.3.15 --> C:\Program Files\BitTornado\uninst.exe
Blackhawk Striker from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DefilerPak 1.19 (Remove Only) --> "C:\Program Files\DefilerPak\UnDefile.exe"
DirectShow subtitle filter colleciton (remove only) --> "C:\WINDOWS\System32\SubtitDSuninst.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Five Card Frenzy from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
HijackThis 1.99.0 --> C:\Documents and Settings\Owner\Desktop\HijackThis.exe /uninstall
HOTLLAMA Media Player --> C:\Program Files\HOTLLAMA MEDIA\Player\UNWISE.EXE
HOTLLAMA Media Player - Update --> C:\PROGRA~1\HOTLLA~1\Player\UNWISE.EXE C:\PROGRA~1\HOTLLA~1\Player\INSTALL.LOG
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
IKatzu --> C:\WINDOWS\system32\IKatzuUninstall.exe
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InternetOffers --> C:\WINDOWS\io2uns.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod Video Converter 3 --> C:\Program Files\Xilisoft\iPod Video Converter 3\Uninstall.exe
iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2}
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.1_05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78D082B3-ACEE-11D7-9D64-00010240CE95}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_12 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142120}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LimeWire 4.9.37 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logger Pro 3.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1BDDC0-D9B4-4409-9C81-FFADABFB0E1E}\setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
nProtect KeyCrypt --> C:\WINDOWS\System32\npkuninst.exe
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
Palmcorder USB Device Driver 2.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F68794FD-9BBA-44FB-976C-4FCE2B447476}\setup.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Pocket RAR documentation --> C:\Program Files\PocketRAR\uninstall.exe
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Post-it® Digital Notes --> MsiExec.exe /I{AA2DC6BC-F088-46DD-994B-07F6C5A32EC1}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
RelevantKnowledge --> C:\WINDOWS\System32\ossproxy.exe -bootremove -uninst:RelevantKnowledge
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Media Manager 2.0 --> MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
TContext --> "C:\Program Files\Internet Optimizer\optimize.exe" /u 8
Tokimeki Check in! --> C:\WINDOWS\unvise32.exe C:\Program Files\Tokimeki Check in!\uninstal.log
Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe
Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VBPlayerMoz --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{33BC5F69-0E51-4121-A04A-0868D65CF050} u
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Vodei Multimedia Processor 2.00 --> C:\Program Files\Vodei\uninst.exe
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\INSTALL.LOG
Windows AFA Internet Enhancement --> "C:\WINDOWS\system\QBUninstaller.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Word Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3123 / Warning
Event Submitted/Written: 10/18/2007 08:58:48 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from DANSHIN IP 134.173.93.1 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type3122 / Warning
Event Submitted/Written: 10/18/2007 08:58:47 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from DANSHIN IP 134.173.93.1 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type3121 / Warning
Event Submitted/Written: 10/18/2007 08:58:44 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from DANSHIN IP 134.173.93.1 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type3120 / Error
Event Submitted/Written: 10/18/2007 08:58:22 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The file C:\WINDOWS\winshow.exe is infected with the New Malware.j Trojan. No cleaner available, quarantined successfully . Detected using Scan engine version 5200 DAT version 5143.(from DANSHIN IP 134.173.93.1 user DANSHIN\Owner running VirusScan Enter 8.0 OAS)

Event Record #/Type3119 / Error
Event Submitted/Written: 10/18/2007 08:58:21 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The file C:\WINDOWS\system32\WS2Fix.exe is infected with the New Malware.j Trojan. No cleaner available, quarantined successfully . Detected using Scan engine version 5200 DAT version 5143.(from DANSHIN IP 134.173.93.1 user DANSHIN\Owner running VirusScan Enter 8.0 OAS)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13176 / Error
Event Submitted/Written: 10/18/2007 08:49:56 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type13155 / Error
Event Submitted/Written: 10/18/2007 08:43:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type13154 / Error
Event Submitted/Written: 10/18/2007 08:43:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Panasonic Digital Palmcorder service failed to start due to the following error:
%%1058

Event Record #/Type13152 / Warning
Event Submitted/Written: 10/18/2007 08:42:46 AM / 10/18/2007 08:43:05 AM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom2 during a paging operation.

Event Record #/Type13148 / Error
Event Submitted/Written: 10/18/2007 08:41:56 AM
Event ID/Source: 15 / Cdrom
Event Description:
The device, \Device\CdRom2, is not ready for access yet.



-- End of Deckard's System Scanner: finished at 2007-10-18 09:03:33 ------------
Imanaznguy
Active Member
 
Posts: 3
Joined: October 18th, 2007, 4:53 am

Unread postby SNOWHITE » October 18th, 2007, 1:00 pm

Imanaznguy,

Please follow the steps below exactly in the order they are written:

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply also run new scan with HijackThis and include the new report.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby Imanaznguy » October 18th, 2007, 2:13 pm

I'm getting several messages saying that REG.EXE will not run and windows has encountered an error. When it finishes running it says I need administrative privileges to run this program and I get no log report at the end. Here is the new hijack this log:

Logfile of HijackThis v1.99.0
Scan saved at 11:11:51 AM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Owner\Desktop\Crap I don't use\HijackThis-1.99.0.exe

O2 - BHO: (no name) - {015CDAF3-CC87-4F25-B935-3C98A32141E8} - C:\Program Files\WindowsUpdate\meso43855.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {CDC59F8E-F118-41B9-BC83-990D2FF00694} - C:\WINDOWS\system32\awvtt.dll
O2 - BHO: (no name) - {EA5159DF-E413-4878-8AE2-D921D41BB942} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [jlxmvhd] c:\windows\system32\absysao.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\kxercqfe.dll",sitypnow
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.5\webbuying.exe
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\MBOLS~1\wuaclt.exe" -vt ndrv
O4 - HKCU\..\Run: [Kwwszg] "C:\Documents and Settings\Owner\Application Data\??sembly\u?erinit.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8861804828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8861710421
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) - http://kronos.pomona.edu/WFC/plugins/j2 ... s-i586.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown - C:\WINDOWS\system32\tpctdoln.exe (file missing)
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Imanaznguy
Active Member
 
Posts: 3
Joined: October 18th, 2007, 4:53 am

Unread postby SNOWHITE » October 18th, 2007, 3:25 pm

Hi Imanaznguy,

You are using very outdated version of HijackThis --> Logfile of HijackThis v1.99.0 , please remove it, from now on use the version that was downloaded with dss Trend Micro HijackThis v2.0.2.

Then remove the version of combofix you have, and download it again but from this link -> Link2

Follow the same instructions for running scan with combofix from my previous post and reply back here with combofix report and new HijackThis report made by Trend Micro HijackThis v2.0.2.

Let me know how the things will go.

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby Gary R » October 29th, 2007, 4:43 pm

Due to lack of response this topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21779
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Wreck17 and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware