Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Desktop

Unread postby wolfenstien » March 19th, 2008, 4:05 am

Just curious if I have anything....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:01 AM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\878RMTMon.exe
C:\WINDOWS\system32\TrayIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\878RMT.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Serp\Desktop\HJT\remove.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride

= *.local
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor]

C:\WINDOWS\878RMTMon.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\system32\TrayIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat

8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest

update\Engine\Setup.exe

/PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOTOR

O~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKCU\..\Run: [Yahoo! Pager]

"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash

/minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"

-lang 1033
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsupda ... site.cab?1

168487038093
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE

Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program

Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6675 bytes
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm
Advertisement
Register to Remove

Re: My Desktop

Unread postby ktreffin » March 23rd, 2008, 10:47 am

Hi wolfenstien, Welcome to Malware Removal!Image

I am sorry for the delay.

My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. Please note that I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:

Please make an Uninstall List using HiJackThis.


To access the Uninstall Manager you would do the following:
    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.

Lastly, please keep these points in mind:
  • If you have questions, please DON'T hesitate to ask!
  • The instructions I give are specific to your current problem and should not be used on other systems.
  • Please post your replies only to this topic, and please DO NOT start a new thread.
  • Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

I am reviewing your log now, and will be back with you shortly. Thank you for your patience.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby wolfenstien » March 23rd, 2008, 11:31 am

My uninstall log from HJT:

µTorrent
1Click DVD Copy Pro 3.1.3.6
AC3Filter (remove only)
Adobe Acrobat 8.1.1 Professional
Adobe Audition 3.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Alive YouTube Video Converter (version 1.2.6.9)
AnyDVD
Apple Software Update
AT Screen Thief 3.9
Avanquest update
Batch File Renamer 2.51
Better File Rename 5.2
BlackBerry Desktop Software 4.2.1
BlackBerry Desktop Software 4.2.1
BlackBerry v4.2.1 for the 8800 Series Wireless Handheld
CoreAVC Professional Edition (remove only)
Creative Audio Console
Creative Jukebox Driver
Creative MediaSource
Fallout
Fallout2
FlashFXP v3.17 (Build 1060) Scene Edition
Haali Media Splitter
HighGrow Freeware Version 4.20
HijackThis 2.0.2
honestech TVR
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
IBP & ARELIS 9.6
J2SE Runtime Environment 5.0 Update 11
Jasc Paint Shop Pro 9
Java(TM) 6 Update 3
Logitech Gaming Software
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
MKVtoolnix 2.1.0
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.12)
Nero 7 Ultra Edition
NVIDIA Drivers
Opera 9.10
Pagan Daybook 3
PokerStars
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Skype™ 3.2
SoulSeek Client 156c
TurboTax Deluxe 2007
TurboTax Home & Business 2007
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VNC Enterprise Edition E4.2.7
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 4.0.1
WinRAR archiver
Xilisoft Video Converter 3
Yahoo! Messenger
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby ktreffin » March 23rd, 2008, 1:27 pm

Hi wolfenstien,

Your Hijack This log doesn't show much. We do need to tackle a couple of things though. Please read the following:

You aren't running Anti Virus Software. Please download and install one of them first!!!

Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here are some Anti Virus products which are free for personal use and most used:
AntiVir
Avast
BitDefender

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

As soon as you have finished with this we can begin with the fix.

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LiveShare P2P
µTorrent


Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would recommend that you uninstall LiveShare P2P, µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 5.
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
  • Note: If you don't want the Google toolbar, make sure you uncheck the option included in the installer!

Too take a closer look at your system, let's do this:

Download and Run DSS
Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby wolfenstien » March 23rd, 2008, 7:05 pm

Ok, I do not run anti virus, anti anything, firewalls or anything software based because it consumes my system resources, and also fouls up the system on occasion when the program thinks it is allowed to take control of everything else, also, many of the anti virus programs majorly limit my ability to control it.... and end up classifying and deleting files that are not viruses and that I need... kind of like the microsoft mentality when it comes to linux - - linux is a hacker tool... LOL

Anyway...

I use utorrent for torrents for work and I cannot stop using it... there is not a chance of me getting anything infected throught it tho so not to worry....
Soulseek..... that I will not use until we are finished.
As far as LiveShare P2P is concerned.... I do not have this installed.... When i go to uninstall it is not listed, and I have not heard of it... so if it is installed, it is not installed by my doing....

So from here, I will DL and install an AV that you listed....
Update java...
And then do the Dss.....

Will post back later.
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby wolfenstien » March 23rd, 2008, 8:28 pm

MAIN:

Deckard's System Scanner v20071014.68
Run by Serp on 2008-03-23 20:22:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-03-24 00:22:36 UTC - RP464 - Deckard's System Scanner Restore Point
25: 2008-03-24 00:17:35 UTC - RP463 - Installed Java(TM) 6 Update 5
24: 2008-03-24 00:14:50 UTC - RP462 - Removed Java(TM) 6 Update 3
23: 2008-03-24 00:12:59 UTC - RP461 - Removed J2SE Runtime Environment 5.0 Update 11
22: 2008-03-23 23:09:10 UTC - RP460 - Installed BitDefender Antivirus 2008


-- First Restore Point --
1: 2008-03-20 03:49:31 UTC - RP439 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Serp.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:29 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\878RMTMon.exe
C:\WINDOWS\system32\TrayIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\878RMT.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\878RMT.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
E:\WAREZ\UPLOAD FOLDER\Deckards System Scanner\dss.exe
C:\DOCUME~1\Serp\Desktop\HJT\Serp.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39BDBC4F-3B30-4031-8B9C-78EBE1B4D951} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85A611CA-CA0F-469B-8220-B70221A545BB} - C:\WINDOWS\system32\cbxuvwv.dll
O2 - BHO: {71162ea6-afe6-6608-d404-bae7a0e0ce59} - {95ec0e0a-7eab-404d-8066-6efa6ae26117} - C:\WINDOWS\system32\xqfdlmcr.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\system32\TrayIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOTORO~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [041decaf] rundll32.exe "C:\WINDOWS\system32\yjhdahwe.dll",b
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8487038093
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbxuvwv - C:\WINDOWS\SYSTEM32\cbxuvwv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8415 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 878TVCard (Bt878 TV Card - Video Capture) - c:\windows\system32\drivers\bt878.sys <Not Verified; Conexant Systems, Inc.; Bt878 TV Card>
R2 878TVTuner (Bt878 TV Card - TV Tuner) - c:\windows\system32\drivers\bttuner.sys <Not Verified; Conexant Systems, Inc.; Bt878 TV Card>
R2 878Xbar (Bt878 TV Card - Crossbar) - c:\windows\system32\drivers\btxbar.sys <Not Verified; Conexant Systems, Inc.; Bt878 TV Card>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0084&SUBSYS_1C09147B&REV_A1\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0084&SUBSYS_1C09147B&REV_A1\3&13C0B0C5&0&09
Service:


-- Files created between 2008-02-23 and 2008-03-23 -----------------------------

2008-03-23 20:17:40 0 d-------- C:\Program Files\Common Files\Java
2008-03-23 19:12:04 0 d-------- C:\Documents and Settings\Serp\Application Data\BitDefender
2008-03-23 19:10:09 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-23 19:10:08 0 d-------- C:\Program Files\BitDefender
2008-03-23 19:07:40 0 d-------- C:\Program Files\Common Files\BitDefender
2008-03-23 11:58:19 90176 --a------ C:\WINDOWS\system32\yjhdahwe.dll
2008-03-23 11:55:26 92736 --a------ C:\WINDOWS\system32\xqfdlmcr.dll
2008-03-23 11:55:19 90176 --a------ C:\WINDOWS\system32\pigwjxjf.dll
2008-03-22 11:55:26 93248 --a------ C:\WINDOWS\system32\lojogklt.dll
2008-03-22 11:55:18 92224 --a------ C:\WINDOWS\system32\gjreeykn.dll
2008-03-21 11:52:47 94784 --a------ C:\WINDOWS\system32\ihuassjm.dll
2008-03-21 11:52:39 91712 --a------ C:\WINDOWS\system32\ieqoeucr.dll
2008-03-20 11:55:19 91712 --a------ C:\WINDOWS\system32\narcrtqv.dll
2008-03-20 11:52:19 89664 --a------ C:\WINDOWS\system32\vasocojr.dll
2008-03-19 23:49:18 304186 --ahs---- C:\WINDOWS\system32\ijkmp.ini2
2008-03-19 23:49:09 305728 --a------ C:\WINDOWS\system32\pmkji.dll
2008-03-19 23:44:27 0 d-------- C:\Program Files\Xilisoft
2008-03-19 23:44:03 39424 --a------ C:\WINDOWS\system32\cbxuvwv.dll
2008-03-13 22:57:23 0 d-------- C:\Program Files\Fallout2
2008-03-11 08:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-10 12:46:10 52736 --a------ C:\WINDOWS\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95>
2008-03-10 12:43:25 0 d-------- C:\Program Files\Fallout
2008-03-05 00:26:55 0 d-------- C:\Program Files\Better File Rename
2008-03-05 00:01:10 0 d-------- C:\Program Files\Batch File Renamer 2.51
2008-03-02 15:22:47 0 d-------- C:\Program Files\Avanquest update
2008-03-02 15:22:46 0 d-------- C:\Documents and Settings\Serp\Application Data\InstallShield
2008-02-28 12:15:27 0 d-------- C:\Documents and Settings\Serp\Application Data\Intuit
2008-02-28 12:12:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-28 12:12:36 0 d-------- C:\Program Files\Common Files\Intuit
2008-02-28 12:11:30 0 d-------- C:\Program Files\TurboTax


-- Find3M Report ---------------------------------------------------------------

2008-03-23 20:19:16 0 d-------- C:\Program Files\Java
2008-03-23 20:17:40 0 d-------- C:\Program Files\Common Files
2008-03-23 20:04:17 0 d-------- C:\Documents and Settings\Serp\Application Data\Skype
2008-03-23 19:59:40 0 d-------- C:\Documents and Settings\Serp\Application Data\uTorrent
2008-03-19 23:43:10 0 d-------- C:\Program Files\AAC Audio Converter
2008-03-11 08:14:12 0 d-------- C:\Program Files\1Click DVD Copy Pro
2008-03-04 14:25:01 0 d-------- C:\Documents and Settings\Serp\Application Data\Vso
2008-03-04 14:25:01 34 --a------ C:\Documents and Settings\Serp\Application Data\pcouffin.log
2008-03-04 14:24:58 47360 --a------ C:\Documents and Settings\Serp\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-04 14:24:58 1144 --a------ C:\Documents and Settings\Serp\Application Data\pcouffin.inf
2008-03-04 14:24:58 7887 --a------ C:\Documents and Settings\Serp\Application Data\pcouffin.cat
2008-03-04 14:10:23 0 d-------- C:\Program Files\Soulseek
2008-03-03 22:46:00 0 d-------- C:\Documents and Settings\Serp\Application Data\Adobe
2008-03-03 22:25:47 1366 --a------ C:\WINDOWS\mozver.dat
2008-03-02 15:27:44 0 d-------- C:\Program Files\Motorola Phone Tools
2008-03-02 15:22:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-02 14:39:14 0 d-------- C:\Program Files\Visual Business Cards
2008-03-02 14:38:32 0 d-------- C:\Program Files\Xvid
2008-03-02 14:38:12 0 d-------- C:\Program Files\Yahoo!
2008-03-02 14:37:01 0 d-------- C:\Program Files\RM Converter 3
2008-03-02 14:35:51 0 d-------- C:\Program Files\Street Atlas USA 2004
2008-03-02 14:34:31 0 d-------- C:\Documents and Settings\Serp\Application Data\SUPERAntiSpyware.com
2008-03-02 14:34:28 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-02 14:34:06 0 d-------- C:\Program Files\Smart MP3 Renamer
2008-03-02 14:32:41 0 d-------- C:\Program Files\Project64 1.6
2008-03-02 14:32:02 0 d-------- C:\Program Files\Musicmatch
2008-03-02 14:30:52 0 d-------- C:\Program Files\MP3TagEditor
2008-03-02 14:30:23 0 d-------- C:\Program Files\InterActual
2008-03-02 14:28:15 0 d-------- C:\Program Files\GIMP-2.0
2008-03-02 14:27:51 0 d-------- C:\Program Files\DVD2one V2
2008-03-02 14:27:32 0 d-------- C:\Program Files\VSO
2008-03-02 14:22:43 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-02 14:02:16 0 d-------- C:\Program Files\Opera
2008-02-26 13:06:48 0 d-------- C:\Program Files\PokerStars
2008-02-22 14:17:54 668 --a------ C:\Documents and Settings\Serp\Application Data\vso_ts_preview.xml
2008-02-21 13:51:34 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-21 13:11:10 0 d-------- C:\Program Files\Lotto007
2008-02-21 12:36:02 0 d-------- C:\Program Files\MKVtoolnix
2008-02-12 12:25:02 0 d-------- C:\Documents and Settings\Serp\Application Data\Apple Computer
2008-02-04 23:01:28 0 d-------- C:\Documents and Settings\Serp\Application Data\Move Networks
2008-01-27 18:02:14 0 d-------- C:\Program Files\AC3Filter
2008-01-27 18:01:35 0 d-------- C:\Program Files\CoreCodec
2008-01-27 17:56:38 0 d-------- C:\Program Files\Haali
2008-01-11 18:39:20 40 ---hs---- C:\Documents and Settings\Serp\Application Data\.zreglib


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39BDBC4F-3B30-4031-8B9C-78EBE1B4D951}]
03/19/2008 11:49 PM 305728 --a------ C:\WINDOWS\system32\pmkji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85A611CA-CA0F-469B-8220-B70221A545BB}]
03/19/2008 11:44 PM 39424 --a------ C:\WINDOWS\system32\cbxuvwv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95ec0e0a-7eab-404d-8066-6efa6ae26117}]
03/23/2008 11:55 AM 92736 --a------ C:\WINDOWS\system32\xqfdlmcr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\878RMTMon.exe" [07/14/2005 01:00 PM]
"DisplayTrayIcon"="C:\WINDOWS\system32\TrayIcon.exe" [10/17/2001 10:27 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 11:46 PM]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]
"BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" []
"041decaf"="C:\WINDOWS\system32\yjhdahwe.dll" [03/23/2008 11:58 AM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/16/2008 05:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06/08/2007 03:18 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 06:29 PM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [02/29/2008 03:55 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{85A611CA-CA0F-469B-8220-B70221A545BB}"= C:\WINDOWS\system32\cbxuvwv.dll [03/19/2008 11:44 PM 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvwv]
cbxuvwv.dll 03/19/2008 11:44 PM 39424 C:\WINDOWS\system32\cbxuvwv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
"C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

*Newly Created Service* - BDFSFLTR
*Newly Created Service* - BDFTDIF



-- End of Deckard's System Scanner: finished at 2008-03-23 20:26:23 ------------

++++++++++++++++
++++++++++++++++
++++++++++++++++


EXTRA:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 3200+
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 511.48 MiB / 207.7 MiB
Pagefile Memory (total/avail): 1248.29 MiB / 820.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.1 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 21.73 GiB free.
D: is Fixed (NTFS) - 114.49 GiB total, 16.33 GiB free.
E: is Fixed (NTFS) - 114.49 GiB total, 4 GiB free.
F: is Fixed (NTFS) - 54.99 GiB total, 21.1 GiB free.
G: is Fixed (NTFS) - 19.53 GiB total, 9.06 GiB free.
H: is CDROM (CDFS)
I: is CDROM (No Media)
J: is CDROM (CDFS)
N: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 4R120L0 - 114.49 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 114.49 GiB - D:

\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE2 - WDC WD800BB-00CAA1 - 74.53 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 74.52 GiB - F: - G:

\\.\PHYSICALDRIVE3 - Maxtor 4 R120L0 SCSI Disk Device - 114.49 GiB - 1 partition
\PARTITION0 - Installable File System - 114.5 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: Bitdefender Antivirus v8.0 (BitDefender)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\\Program Files\\IBP 9\\IBP.exe"="C:\\Program Files\\IBP 9\\IBP.exe:*:Enabled:Internet Business Promoter (IBP)"
"C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"="C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe:*:Enabled:SDL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Serp\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DA_PIT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Serp
LOGONSERVER=\\DA_PIT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\MKVtoolnix
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Serp\LOCALS~1\Temp
TMP=C:\DOCUME~1\Serp\LOCALS~1\Temp
USERDOMAIN=DA_PIT
USERNAME=Serp
USERPROFILE=C:\Documents and Settings\Serp
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Serp (admin)
Admin (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
1Click DVD Copy Pro 3.1.3.6 --> "C:\Program Files\1Click DVD Copy Pro\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 8.1.1 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Alive YouTube Video Converter (version 1.2.6.9) --> "C:\Program Files\AliveMedia\YouTube Video Converter\unins000.exe"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT Screen Thief 3.9 --> "C:\Program Files\AT Screen Thief 3.9\unins000.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Batch File Renamer 2.51 --> "C:\Program Files\Batch File Renamer 2.51\uninstall.exe"
Better File Rename 5.2 --> "C:\Program Files\Better File Rename\unins000.exe"
BitDefender Antivirus 2008 --> MsiExec.exe /I{4A56DAB1-2680-4B8A-AD84-77EECFB94D7B}
BlackBerry Desktop Software 4.2.1 --> MsiExec.exe /i{F804AE2A-92AD-4189-B8B1-7D4207F7AB13}
BlackBerry Desktop Software 4.2.1 --> MsiExec.exe /I{F804AE2A-92AD-4189-B8B1-7D4207F7AB13}
BlackBerry v4.2.1 for the 8800 Series Wireless Handheld --> MsiExec.exe /X{596F2287-ACD9-4E5F-978C-43A00A7A98B8}
CoreAVC Professional Edition (remove only) --> "C:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox Driver\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Fallout --> C:\WINDOWS\ipuninst.exe -fC:\Program Files\Fallout\uninst.log
Fallout2 --> C:\WINDOWS\ipuninst.exe -fC:\Program Files\Fallout2\uninst.log
FlashFXP v3.17 (Build 1060) Scene Edition --> C:\WINDOWS\unvise32.exe C:\Program Files\FlashFXP\uninstal.log
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HighGrow Freeware Version 4.20 --> C:\PROGRA~1\HighGrow\UNWISE.EXE C:\PROGRA~1\HighGrow\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Documents and Settings\Serp\Desktop\HJT\HijackThis.exe" /uninstall
honestech TVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE27845A-6438-4DCF-AE3D-44EC96CB31CA}\setup.exe" -l0x9
IBP & ARELIS 9.6 --> "C:\Program Files\IBP 9\unins000.exe"
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MKVtoolnix 2.1.0 --> C:\Program Files\MKVtoolnix\uninst.exe
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.10 --> MsiExec.exe /X{750B9AD1-4C63-4143-94C5-6FB304199BAD}
Pagan Daybook 3 --> C:\WINDOWS\ALCHUNIN.EXE C:\Program Files\Alchemy Mindworks\Pagan Daybook 3\INSTALLD.TXT
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Home & Business 2007 --> C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
VNC Enterprise Edition E4.2.7 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinPcap 4.0.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xilisoft Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type13679 / Success
Event Submitted/Written: 03/23/2008 08:05:05 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13511 / Success
Event Submitted/Written: 03/19/2008 06:33:24 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13498 / Success
Event Submitted/Written: 03/19/2008 03:47:37 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13343 / Error
Event Submitted/Written: 03/16/2008 00:24:56 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application highgrow.exe, version 3.0.0.0, faulting module highgrow.exe, version 3.0.0.0, fault address 0x0000b8c0.
Processing media-specific event for [highgrow.exe!ws!]

Event Record #/Type13274 / Success
Event Submitted/Written: 03/11/2008 11:03:48 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11532 / Warning
Event Submitted/Written: 03/22/2008 07:31:51 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11531 / Warning
Event Submitted/Written: 03/21/2008 03:38:21 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11530 / Warning
Event Submitted/Written: 03/21/2008 11:43:41 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11529 / Warning
Event Submitted/Written: 03/21/2008 09:54:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11528 / Warning
Event Submitted/Written: 03/20/2008 10:36:48 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-03-23 20:26:23 ------------
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby ktreffin » March 24th, 2008, 11:00 pm

Hi Wolfenstien,

Just wanted to let you know I haven't forgotten about you. I am having my next post reviewed by the expert I am working with, and will be able to hopefully post it some time tomorrow. Thanks for your patience.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby ktreffin » March 25th, 2008, 8:20 am

Hi Wolfenstien,

Step #1: Download and Run ComboFix
Before you download the newest version of ComboFix please make sure there's no older version of ComboFix on your desktop! If there is one, please delete it.

Download Combofix from any of the links below, and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

For information regarding this download, please visit this webpage:
http://www.bleepingcomputer.com/combofi ... e-combofix

Note: It is important that it is saved directly to your desktop!

Now close any open browsers. Also close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts. Do not mouseclick combofix's window while it's running. That may cause it to stall.

When finished, it will produce a report for you. This report will also be saved in C:\ComboFix.txt

*===============================================*

STEP #2 Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the Combofix Log

One other thing. When posting the new Hijack This log, please make sure you turn off word-wrap in notepad:

You have Word Wrap turned on, this is making your logs difficult to read.

  • Open Notepad.
  • Go to Format and untick Word Wrap.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby wolfenstien » March 25th, 2008, 9:35 am

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:00 AM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\878RMTMon.exe
C:\WINDOWS\system32\TrayIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\878RMT.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Serp\Desktop\HJT\remove.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\system32\TrayIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOTORO~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8487038093
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbxuvwv - cbxuvwv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8135 bytes



+++++++++++++++++++++
+++++++++++++++++++++
+++++++++++++++++++++


ComboFix Log:

ComboFix 08-03-24.2 - Serp 2008-03-25 9:15:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.241 [GMT -4:00]
Running from: C:\Documents and Settings\Serp\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM072edf33.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbxuvwv.dll
C:\WINDOWS\system32\gjreeykn.dll
C:\WINDOWS\system32\idvetwen.dll
C:\WINDOWS\system32\ieqoeucr.dll
C:\WINDOWS\system32\ihuassjm.dll
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\lojogklt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\narcrtqv.dll
C:\WINDOWS\system32\newtevdi.ini
C:\WINDOWS\system32\pigwjxjf.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\uioouasb.dll
C:\WINDOWS\system32\vasocojr.dll
C:\WINDOWS\system32\xqfdlmcr.dll
C:\WINDOWS\system32\xxvmprps.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-23 20:22 . 2008-03-23 20:22 <DIR> d-------- C:\Deckard
2008-03-23 20:19 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-23 20:17 . 2008-03-23 20:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-23 19:59 . 2008-03-25 09:22 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-23 19:12 . 2008-03-23 19:12 <DIR> d-------- C:\Documents and Settings\Serp\Application Data\BitDefender
2008-03-23 19:10 . 2008-03-23 19:10 <DIR> d-------- C:\Program Files\BitDefender
2008-03-23 19:10 . 2008-03-23 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-23 19:07 . 2008-03-23 19:10 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-23 11:58 . 2008-03-24 11:58 1,552,711 ---hs---- C:\WINDOWS\system32\ewhadhjy.ini
2008-03-22 11:58 . 2008-03-22 11:58 1,543,279 ---hs---- C:\WINDOWS\system32\clfcqeav.ini
2008-03-21 11:55 . 2008-03-22 11:55 1,543,219 ---hs---- C:\WINDOWS\system32\etdvnqly.ini
2008-03-20 11:52 . 2008-03-21 11:52 1,539,164 ---hs---- C:\WINDOWS\system32\pucyqcty.ini
2008-03-19 23:44 . 2008-03-19 23:44 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-13 22:57 . 2008-03-13 22:58 <DIR> d-------- C:\Program Files\Fallout2
2008-03-11 08:05 . 2008-03-11 08:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-10 12:46 . 2008-03-13 23:02 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-03-10 12:43 . 2008-03-10 12:49 <DIR> d-------- C:\Program Files\Fallout
2008-03-05 00:26 . 2008-03-05 00:26 <DIR> d-------- C:\Program Files\Better File Rename
2008-03-05 00:01 . 2008-03-05 00:01 <DIR> d-------- C:\Program Files\Batch File Renamer 2.51
2008-03-02 15:22 . 2008-03-02 15:22 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-02 15:22 . 2008-03-02 15:22 <DIR> d-------- C:\Documents and Settings\Serp\Application Data\InstallShield
2008-03-02 14:35 . 2008-03-02 14:35 11 --a------ C:\WINDOWS\SA2004.ini
2008-03-02 14:27 . 2008-03-04 14:24 87,608 --a------ C:\Documents and Settings\Serp\Application Data\inst.exe
2008-02-28 12:15 . 2008-03-17 10:11 <DIR> d-------- C:\Documents and Settings\Serp\Application Data\Intuit
2008-02-28 12:12 . 2008-02-28 12:12 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-02-28 12:12 . 2008-02-28 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-28 12:12 . 2007-10-22 19:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-02-28 12:11 . 2008-02-28 16:28 <DIR> d-------- C:\Program Files\TurboTax
2008-02-26 15:09 . 2008-02-26 15:09 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 13:22 --------- d-----w C:\Documents and Settings\Serp\Application Data\uTorrent
2008-03-25 13:03 --------- d-----w C:\Documents and Settings\Serp\Application Data\Skype
2008-03-24 00:19 --------- d-----w C:\Program Files\Java
2008-03-20 03:43 --------- d-----w C:\Program Files\AAC Audio Converter
2008-03-11 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-03-11 12:14 --------- d-----w C:\Program Files\1Click DVD Copy Pro
2008-03-04 18:25 --------- d-----w C:\Documents and Settings\Serp\Application Data\Vso
2008-03-04 18:24 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-04 18:24 47,360 ----a-w C:\Documents and Settings\Serp\Application Data\pcouffin.sys
2008-03-04 18:10 --------- d-----w C:\Program Files\Soulseek
2008-03-02 19:48 87,608 ----a-w C:\Documents and Settings\Serp\Application Data\ezpinst.exe
2008-03-02 19:27 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-03-02 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 18:39 --------- d-----w C:\Program Files\Visual Business Cards
2008-03-02 18:38 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 18:38 --------- d-----w C:\Program Files\Xvid
2008-03-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-03-02 18:37 --------- d-----w C:\Program Files\RM Converter 3
2008-03-02 18:35 --------- d-----w C:\Program Files\Street Atlas USA 2004
2008-03-02 18:34 --------- d-----w C:\Program Files\Smart MP3 Renamer
2008-03-02 18:34 --------- d-----w C:\Documents and Settings\Serp\Application Data\SUPERAntiSpyware.com
2008-03-02 18:32 --------- d-----w C:\Program Files\Project64 1.6
2008-03-02 18:32 --------- d-----w C:\Program Files\Musicmatch
2008-03-02 18:30 --------- d-----w C:\Program Files\MP3TagEditor
2008-03-02 18:30 --------- d-----w C:\Program Files\InterActual
2008-03-02 18:28 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-02 18:27 --------- d-----w C:\Program Files\VSO
2008-03-02 18:27 --------- d-----w C:\Program Files\DVD2one V2
2008-03-02 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 18:02 --------- d-----w C:\Program Files\Opera
2008-02-26 17:06 --------- d-----w C:\Program Files\PokerStars
2008-02-21 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-21 17:51 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-21 17:11 --------- d-----w C:\Program Files\Lotto007
2008-02-21 16:36 --------- d-----w C:\Program Files\MKVtoolnix
2008-02-12 16:25 --------- d-----w C:\Documents and Settings\Serp\Application Data\Apple Computer
2008-02-05 03:01 --------- d-----w C:\Documents and Settings\Serp\Application Data\Move Networks
2008-02-05 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\1.0.0.0
2008-01-27 22:02 --------- d-----w C:\Program Files\AC3Filter
2008-01-27 22:01 --------- d-----w C:\Program Files\CoreCodec
2008-01-27 21:56 --------- d-----w C:\Program Files\Haali
2007-01-25 18:55 92,064 ----a-w C:\Documents and Settings\Serp\mqdmmdm.sys
2007-01-25 18:55 9,232 ----a-w C:\Documents and Settings\Serp\mqdmmdfl.sys
2007-01-25 18:55 79,328 ----a-w C:\Documents and Settings\Serp\mqdmserd.sys
2007-01-25 18:55 66,656 ----a-w C:\Documents and Settings\Serp\mqdmbus.sys
2007-01-25 18:55 6,208 ----a-w C:\Documents and Settings\Serp\mqdmcmnt.sys
2007-01-25 18:55 5,936 ----a-w C:\Documents and Settings\Serp\mqdmwhnt.sys
2007-01-25 18:55 4,048 ----a-w C:\Documents and Settings\Serp\mqdmcr.sys
2007-01-25 18:55 25,600 ----a-w C:\Documents and Settings\Serp\usbsermptxp.sys
2007-01-25 18:55 22,768 ----a-w C:\Documents and Settings\Serp\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18 23233576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29 165784]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-02-29 15:55 1686464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\878RMTMon.exe" [2005-07-14 13:00 352256]
"DisplayTrayIcon"="C:\WINDOWS\system32\TrayIcon.exe" [2001-10-17 22:27 147456]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" [ ]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvwv]
cbxuvwv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2005-04-18 12:16 73728 C:\Program Files\Logitech\Profiler\lwemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\IBP 9\\IBP.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62535:TCP"= 62535:TCP:torrent
"62535:UDP"= 62535:UDP:torrent
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 878TVCard;Bt878 TV Card - Video Capture;C:\WINDOWS\system32\drivers\Bt878.sys [2005-09-05 13:00]
R2 878TVTuner;Bt878 TV Card - TV Tuner;C:\WINDOWS\system32\drivers\BtTuner.sys [2005-09-05 13:00]
R2 878Xbar;Bt878 TV Card - Crossbar;C:\WINDOWS\system32\drivers\BtXbar.sys [2005-09-05 13:00]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]
S3 Oasis;Oasis;C:\WINDOWS\system32\DRIVERS\Oasisusb.sys [2001-08-16 01:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 09:25:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\878RMTMon.exe?????w??????????T?a?`B2?x??????? x??????????????x???????????x?2?????????????????????????????????x?2?????hB2?????????T?a?x?2?m?a?x??????????????|4B2??w???????????????w???????????????????????????????????w??h????????????w??(????w????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\878RMT.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-25 9:30:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 13:30:13
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby ktreffin » March 25th, 2008, 11:11 pm

Hi wolfenstien,

Before we continue, we need to install the Recovery Console.

Step 1: Install Recovery Console
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post that log.

Very important: Please do not reboot your machine until we have reviewed the log.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby wolfenstien » March 26th, 2008, 1:47 am

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby ktreffin » March 26th, 2008, 11:07 am

Hi wolfenstien,

Looks like the recovery console went well. Please do the following:

Step 1: Run CFScript
Close any open browsers and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
C:\WINDOWS\system32\ewhadhjy.ini
C:\WINDOWS\system32\clfcqeav.ini
C:\WINDOWS\system32\etdvnqly.ini
C:\WINDOWS\system32\pucyqcty.in

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvwv]


Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Step 2: Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 3: Run Kaspersky Online Scan

With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Image
  • Copy and paste the report in your next post.
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Step 4: Things to put in your next reply

Please post the following in your next reply:
  • Contents of the Combofix Logfile from the above fix
  • Contents of the Malwarebytes' Anti-Malware scan log
  • Contents of the Kaspersky Online Scan Log
Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby wolfenstien » March 26th, 2008, 7:56 pm

I got rid of BitDefender because of the way it was making my computer act.... I installed AVAST and started a thorough scan last night and it is still running.... found a trojan on my C drive and did not list it, but sat still until this afternoon when i was able to tell it to delete it.... it is still scanning at this moment... when it is complete, I will do the steps you posted.
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby ktreffin » March 29th, 2008, 9:03 am

Hello wolfenstien,

THREE DAY BUMP!

It has been three days since the last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Please let me know if there are any problems. Thanks!

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby wolfenstien » March 29th, 2008, 2:47 pm

Yes, I do still need help with it. Believe it or not, avast is still running its scan.... it is on the second to last hard drive and one more to go. Took forever to go through the video files.
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware