Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pesky Vundo/Crypt.XPACK.Gen/privacySet.a problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pesky Vundo/Crypt.XPACK.Gen/privacySet.a problems

Unread postby callmecowboy » May 15th, 2008, 6:47 pm

Yeah been having lots and lots of problems.
Here are my Combo logs and Hijack logs. running my DSS log right now.
Been trying to get rid of it with Avira antivir but hasn;t been helping much just lots of pop ups that do well nothing.
Help would be greatly appreciated.


Combo log
--------------------------------
ComboFix 08-05-12.1 - Branden 2008-05-15 16:55:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.390 [GMT -4:00]
Running from: C:\Documents and Settings\Branden\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Branden\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\QsBKnUvw.ini
C:\WINDOWS\system32\QsBKnUvw.ini2
C:\WINDOWS\system32\vbcnrhiv.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-15 16:54 . 2008-05-15 16:54 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-15 16:28 . 2008-05-15 16:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avira
2008-05-15 14:06 . 2008-05-15 14:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\WinPatrol
2008-05-15 13:58 . 2008-05-15 13:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-15 13:58 . 2008-05-15 16:54 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-14 17:08 . 2008-05-14 17:08 <DIR> d-------- C:\Documents and Settings\Branden\Application Data\WinPatrol
2008-05-14 17:07 . 2008-05-14 17:07 <DIR> d-------- C:\Program Files\BillP Studios
2008-05-14 14:09 . 2008-05-14 14:14 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-14 14:05 . 2008-05-14 14:11 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-14 14:03 . 2008-05-14 14:18 <DIR> d-------- C:\Documents and Settings\Branden\.housecall6.6
2008-05-14 04:41 . 2008-05-14 18:12 <DIR> d-------- C:\VundoFix Backups
2008-05-14 03:46 . 2008-05-14 03:46 <DIR> d-------- C:\Program Files\Avira
2008-05-14 03:46 . 2008-05-14 03:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-14 02:31 . 2008-05-14 13:45 109,854 --a------ C:\WINDOWS\BMa727574e.xml
2008-05-13 22:04 . 2008-05-14 03:27 <DIR> d-------- C:\VTPFiles
2008-05-13 18:25 . 2008-05-15 16:09 45 --a------ C:\TEST.XML
2008-05-13 18:19 . 2008-05-13 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-13 14:26 . 2008-05-13 14:26 371,200 --a------ C:\WINDOWS\system32\wvUnKBsQ.dll
2008-05-13 14:20 . 2008-05-13 14:20 57,344 --a------ C:\WINDOWS\system32\urqRKBtu.VIR
2008-05-13 13:42 . 2008-05-13 13:42 <DIR> d-------- C:\Program Files\real
2008-05-12 18:41 . 1998-06-23 18:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-12 18:41 . 1998-06-17 18:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-12 18:41 . 2000-03-17 03:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-05-12 18:41 . 2000-03-17 03:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-05-12 18:41 . 2002-04-24 06:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-05-12 18:41 . 2002-04-09 11:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-05-12 18:41 . 2002-10-17 04:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-05-12 18:41 . 2002-01-07 11:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-12 18:34 . 2008-05-12 18:41 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-12 01:12 . 2008-05-12 01:12 <DIR> d-------- C:\Program Files\Half Life 2
2008-05-10 22:26 . 2008-05-10 22:33 <DIR> d-------- C:\Program Files\GCFScape
2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\Program Files\MSBuild
2008-04-28 16:56 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-04-28 14:47 . 2008-04-28 14:47 244 --ah----- C:\sqmnoopt17.sqm
2008-04-28 14:47 . 2008-04-28 14:47 232 --ah----- C:\sqmdata17.sqm
2008-04-25 17:34 . 2000-07-17 23:42 76,800 --a------ C:\WINDOWS\system32\gwhotkey.cpl
2008-04-25 17:34 . 2000-07-18 22:31 70,656 --a------ C:\WINDOWS\GWHotKey.exe
2008-04-25 17:34 . 1998-07-31 15:00 47,104 --a------ C:\WINDOWS\_ISREG32.DLL
2008-04-25 17:34 . 2008-04-25 17:41 147 --a------ C:\WINDOWS\_DEISREG.ISR
2008-04-25 17:33 . 2008-04-25 17:36 <DIR> d-------- C:\cabs
2008-04-22 12:24 . 2008-04-21 16:42 197,153 --a------ C:\WINDOWS\1208807005873.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 18:01 --------- d-----w C:\Program Files\Ideazon
2008-05-15 17:35 --------- d-----w C:\Documents and Settings\Branden\Application Data\uTorrent
2008-05-14 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-14 09:08 --------- d-----w C:\Program Files\PowerISO
2008-05-14 07:27 --------- d-----w C:\Program Files\Zune
2008-05-13 18:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 04:53 --------- d-----w C:\Program Files\StepMania
2008-05-12 07:42 --------- d-----w C:\Program Files\VstPlugins
2008-05-12 07:42 --------- d-----w C:\Program Files\Image-Line
2008-05-10 23:41 --------- d-----w C:\Program Files\FrostWire
2008-04-30 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 02:20 --------- d-----w C:\Documents and Settings\Branden\Application Data\FrostWire
2008-04-14 21:42 --------- d-----w C:\Program Files\AIM6
2008-04-14 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-14 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-12 00:31 --------- d-----w C:\Program Files\Guitar Pro 5
2008-03-20 07:01 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 04:45 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-19 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-19 04:34 --------- d-----w C:\Program Files\Common Files\Research in Motion
2008-03-19 04:31 --------- d-----w C:\Documents and Settings\Branden\Application Data\Roxio
2008-03-19 04:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-19 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-19 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-19 04:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 03:47 503,808 ----a-w C:\WINDOWS\msvcp71.dll
2008-03-16 23:00 --------- d-----w C:\Program Files\Microsoft Works
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}]
C:\WINDOWS\system32\urqRKBtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE5A9E33-43DF-49C2-B509-480A3386E78F}]
2008-05-13 14:26 371200 --a------ C:\WINDOWS\system32\wvUnKBsQ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31 1372160]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 06:27 219520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"Multi-function Keyboard"="GWHotKey.exe" [2000-07-18 22:31 70656 C:\WINDOWS\GWHotKey.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 13:31 333120]

C:\Documents and Settings\Branden\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-03 21:00:10 3581680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\WINDOWS\system32\urqRKBtu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRKBtu]
urqRKBtu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-14 13:33]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-09 15:57]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-07 10:06]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 08:19]
R3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 08:19]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 08:19]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 18:39:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 17:08:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-15 17:14:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 21:14:36

Pre-Run: 26,026,024,960 bytes free
Post-Run: 26,008,854,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

196 --- E O F --- 2008-04-29 07:01:59

end of log.
----------------------------------


here is my hijack this log.

------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:13:59 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\progra~1\mozill~1\firefox.exe
c:\program files\avira\antivir personaledition premium\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avscan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5603310750
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77059F38-C6D0-4466-8EEF-DF230616F3B3}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
-------------------------------------------------

DSS log.

Main.txt
Deckard's System Scanner v20071014.68
Run by Branden on 2008-05-15 18:48:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
113: 2008-05-15 22:48:36 UTC - RP218 - Deckard's System Scanner Restore Point
112: 2008-05-15 21:45:28 UTC - RP217 - Last known good configuration
111: 2008-05-15 21:45:21 UTC - RP216 - Last known good configuration
110: 2008-05-15 21:45:21 UTC - RP215 - ComboFix created restore point
109: 2008-05-15 21:45:20 UTC - RP214 - i work


-- First Restore Point --
1: 2008-05-15 21:45:09 UTC - RP106 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Branden.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-15 18:49:53
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Branden\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\urqRKBtu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {02e435cd-6b6c-fe6a-fb64-f1fb42ca6928} - {8296ac24-bf1f-46bf-a6ef-c6b6dc534e20} - C:\WINDOWS\system32\tblqebua.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94D4664D-4C3A-4C26-8221-CB32B79395E4} - C:\WINDOWS\system32\wvUnKBsQ.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5603310750
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/fl ... rashim.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{77059F38-C6D0-4466-8EEF-DF230616F3B3}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: urqRKBtu - C:\WINDOWS\system32\urqRKBtu.dll (file missing)
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


--
End of file - 7152 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080515-132643-954 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
backup-20080515-132712-332 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20080515-132834-566 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080515-132834-771 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
backup-20080515-140358-896 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
backup-20080515-140358-979 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080515-174637-966 O4 - HKLM\..\Run: [BMa727574e] Rundll32.exe "C:\WINDOWS\system32\nnkjvekm.dll",s
backup-20080515-174646-697 O4 - HKLM\..\Run: [BMa727574e] Rundll32.exe "C:\WINDOWS\system32\nnkjvekm.dll",s
backup-20080515-184017-295 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
backup-20080515-184017-519 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20080515-184017-602 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20080515-184017-610 O11 - Options group: [INTERNATIONAL] International*
backup-20080515-184017-724 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
backup-20080515-184017-829 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
backup-20080515-184253-471 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)
S3 RimUsb (BlackBerry Smartphone) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 RT73 (RT73 USB Wireless LAN Card Driver) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirMailService (Avira AntiVir Premium MailGuard) - "c:\program files\avira\antivir personaledition premium\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AntiVirScheduler (Avira AntiVir Premium Scheduler) - "c:\program files\avira\antivir personaledition premium\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 antivirwebservice (Avira AntiVir Premium WebGuard) - "c:\program files\avira\antivir personaledition premium\avwebgrd.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AVEService (Avira AntiVir Premium MailGuard helper service) - "c:\program files\avira\antivir personaledition premium\avesvc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-08 14:39:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-15 17:38:38 12410 --ahs---- C:\WINDOWS\system32\QsBKnUvw.ini2
2008-05-15 16:55:08 0 d-------- C:\cmdcons
2008-05-15 16:51:20 68096 --a------ C:\WINDOWS\zip.exe
2008-05-15 16:51:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-15 16:51:20 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-15 16:51:20 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-15 16:51:20 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-15 16:51:20 98816 --a------ C:\WINDOWS\sed.exe
2008-05-15 16:51:20 80412 --a------ C:\WINDOWS\grep.exe
2008-05-15 16:51:20 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-15 16:28:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Avira
2008-05-15 14:06:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinPatrol
2008-05-15 13:58:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-15 13:58:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-15 13:58:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-15 13:58:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-15 13:58:28 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-15 13:58:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-15 13:58:28 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-15 13:58:28 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-15 13:58:28 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-15 13:58:28 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-15 13:58:28 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-15 13:58:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-15 13:58:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-15 13:58:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-14 17:08:16 0 d-------- C:\Documents and Settings\Branden\Application Data\WinPatrol
2008-05-14 17:07:56 0 d-------- C:\Program Files\BillP Studios
2008-05-14 14:54:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-14 14:09:20 0 d-------- C:\Program Files\RegCleaner
2008-05-14 14:03:55 0 d-------- C:\Documents and Settings\Branden\.housecall6.6
2008-05-14 03:46:57 0 d-------- C:\Program Files\Avira
2008-05-14 03:46:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-14 03:30:40 5242880 --a------ C:\Documents and Settings\Branden\ntuser.dat
2008-05-13 22:04:23 0 d-------- C:\VTPFiles
2008-05-13 18:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-13 14:26:05 371200 --a------ C:\WINDOWS\system32\wvUnKBsQ.dll
2008-05-13 14:20:33 57344 --a------ C:\WINDOWS\system32\urqRKBtu.VIR
2008-05-13 13:42:54 0 d-------- C:\Program Files\real
2008-05-12 18:41:02 69632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-05-12 18:41:02 36864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-05-12 18:41:02 24576 --a------ C:\WINDOWS\system32\msxml3a.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-05-12 18:34:10 0 d-------- C:\Program Files\Ubisoft
2008-05-12 01:12:47 0 d-------- C:\Program Files\Half Life 2
2008-05-10 22:26:00 0 d-------- C:\Program Files\GCFScape
2008-04-28 16:57:24 0 d-------- C:\Program Files\MSBuild
2008-04-28 16:57:18 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-28 16:57:10 0 d-------- C:\Program Files\Reference Assemblies
2008-04-25 17:34:48 70656 --a------ C:\WINDOWS\GWHotKey.exe <Not Verified; BillP Studios; Gateway Multi-function Keyboard Utility>
2008-04-25 17:34:48 47104 --a------ C:\WINDOWS\_ISREG32.DLL <Not Verified; Stirling; Stirling _isreg32>
2008-04-25 17:33:12 0 d-------- C:\cabs


-- Find3M Report ---------------------------------------------------------------

2008-05-15 14:01:07 0 d-------- C:\Program Files\Ideazon
2008-05-15 13:35:14 0 d-------- C:\Documents and Settings\Branden\Application Data\uTorrent
2008-05-14 05:08:38 0 d-------- C:\Program Files\PowerISO
2008-05-14 03:27:23 0 d-------- C:\Program Files\Zune
2008-05-13 14:02:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 00:53:42 0 d-------- C:\Program Files\StepMania
2008-05-12 03:42:40 0 d-------- C:\Program Files\VstPlugins
2008-05-12 03:42:40 0 d-------- C:\Program Files\Image-Line
2008-05-10 19:41:07 0 d-------- C:\Program Files\FrostWire
2008-04-30 22:00:03 0 d-------- C:\Documents and Settings\Branden\Application Data\Adobe
2008-04-21 22:20:31 0 d-------- C:\Documents and Settings\Branden\Application Data\FrostWire
2008-04-14 17:42:32 0 d-------- C:\Program Files\AIM6
2008-04-11 20:31:19 0 d-------- C:\Program Files\Guitar Pro 5
2008-03-20 03:01:31 0 d-------- C:\Program Files\MSXML 6.0
2008-03-19 00:45:54 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-19 00:45:42 0 d-------- C:\Program Files\Common Files
2008-03-19 00:34:28 0 d-------- C:\Program Files\Common Files\Research in Motion
2008-03-19 00:31:09 0 d-------- C:\Documents and Settings\Branden\Application Data\Roxio
2008-03-19 00:22:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-18 23:48:39 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-18 23:47:08 503808 --a------ C:\WINDOWS\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio.NET>
2008-03-16 19:00:16 0 d-------- C:\Program Files\Microsoft Works


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}]
C:\WINDOWS\system32\urqRKBtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8296ac24-bf1f-46bf-a6ef-c6b6dc534e20}]
C:\WINDOWS\system32\tblqebua.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94D4664D-4C3A-4C26-8221-CB32B79395E4}]
05/13/2008 02:26 PM 371200 --a------ C:\WINDOWS\system32\wvUnKBsQ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"Multi-function Keyboard"="GWHotKey.exe" [07/18/2000 10:31 PM C:\WINDOWS\GWHotKey.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [02/12/2008 10:06 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/25/2008 01:31 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 02:31 PM]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]

C:\Documents and Settings\Branden\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [3/3/2008 9:00:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\WINDOWS\system32\urqRKBtu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRKBtu]
urqRKBtu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUnKBsQ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-15 18:51:06 ------------

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 1500+
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 767.48 MiB / 466.85 MiB
Pagefile Memory (total/avail): 1877.78 MiB / 1539.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 83.82 GiB total, 24.27 GiB free.
D: is Fixed (FAT32) - 30.66 GiB total, 7.1 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - Maxtor 6Y120P0 - 98.5 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 83.82 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 30.67 GiB - D:

\\.\PHYSICALDRIVE1 - Apple iPod USB Device - 27.95 GiB - 1 partition
\PARTITION0 - Unknown - 27.91 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.
FirewallOverride is set.

AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe"="C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe:*:Enabled:XLink Kai Evolution 7 Launcher"
"C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe"="C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe:*:Enabled:XLink Kai Evolution 7 Engine"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Branden\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRANDENSCOM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Branden
LOGONSERVER=\\BRANDENSCOM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Branden\LOCALS~1\Temp
TMP=C:\DOCUME~1\Branden\LOCALS~1\Temp
USERDOMAIN=BRANDENSCOM
USERNAME=Branden
USERPROFILE=C:\Documents and Settings\Branden
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Branden (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM MusicLink 2.0.0.4 --> C:\PROGRA~1\AIMMUS~1\UNWISE.EXE C:\PROGRA~1\AIMMUS~1\INSTALL.LOG
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArtRage 2 --> MsiExec.exe /I{78E232B0-C337-4695-BBF0-C1033156CE7B}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Premium --> C:\Program Files\Avira\AntiVir PersonalEdition Premium\SETUP.EXE /REMOVE
CamStudio Lossless Codec --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\DRIVERS\camcodec.inf
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DScaler 5 Mpeg Decoders --> "C:\Program Files\DScaler5\unins000.exe"
Gateway Multi-function Keyboard --> C:\WINDOWS\gwhotkey.exe -U
GCFScape 1.6.7 --> "C:\Program Files\GCFScape\unins000.exe"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.7 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
PCI GW-US54Mini2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PLAYSTATION(R)Network Downloader --> MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prince of Persia The Sands of Time --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C453F13-6877-4D34-8816-009ABDE306DB}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealMedia (remove only) --> "C:\Program Files\RealMedia\uninstall.exe"
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
VZAccess Manager for RIM --> MsiExec.exe /X{41E993EE-14C3-413D-A922-4A941AB2BCC1}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol 2008 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XLink Kai Evolution 7 --> MsiExec.exe /X{F90592EC-5E58-4EE6-A333-EC05ED57ACF4}
XML Paper Specification Shared Components Pack 1.0 -->
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"
Zune --> MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3675 / Warning
Event Submitted/Written: 05/15/2008 05:44:27 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll

Event Record #/Type3674 / Warning
Event Submitted/Written: 05/15/2008 05:44:27 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll

Event Record #/Type3669 / Warning
Event Submitted/Written: 05/15/2008 05:42:39 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll

Event Record #/Type3668 / Warning
Event Submitted/Written: 05/15/2008 05:42:38 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll

Event Record #/Type3667 / Warning
Event Submitted/Written: 05/15/2008 05:42:11 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type90493 / Error
Event Submitted/Written: 05/15/2008 06:02:59 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{77059F38-C6D0-4466-8EEF-DF230616F3B3}.
The backup browser is stopping.

Event Record #/Type90492 / Warning
Event Submitted/Written: 05/15/2008 06:00:41 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\YOUR-E5CNNE9VNU on the network \Device\NetBT_Tcpip_{77059F38-C6D0-4466-8EEF-DF230616F3B3}.
The data is the error code.

Event Record #/Type90473 / Error
Event Submitted/Written: 05/15/2008 05:59:09 PM / 05/15/2008 05:59:40 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type90470 / Error
Event Submitted/Written: 05/15/2008 05:54:53 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type90469 / Error
Event Submitted/Written: 05/15/2008 05:54:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-05-15 18:51:06 ------------
callmecowboy
Active Member
 
Posts: 1
Joined: May 15th, 2008, 6:11 pm
Advertisement
Register to Remove

Re: Pesky Vundo/Crypt.XPACK.Gen/privacySet.a problems

Unread postby dan12 » May 16th, 2008, 7:52 am

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Pesky Vundo/Crypt.XPACK.Gen/privacySet.a problems

Unread postby dan12 » May 16th, 2008, 7:57 am

Ok, your first HJT log that version is out of date.
[
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

* Doubleclick HJTInstall.exe to install it.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

please post new HJT log
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Pesky Vundo/Crypt.XPACK.Gen/privacySet.a problems

Unread postby Gary R » May 16th, 2008, 12:07 pm

You are currently being helped with this problem.

http://www.atribune.org/forums/index.ph ... entry21487

You have also posted at Spyware Warrior asking for help on the same subject.

http://spywarewarrior.com/viewtopic.php ... highlight=

As you're already receiving help, this thread is now closed. I will also be closing your thread at SWW.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware