Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Problem!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Problem!

Unread postby Velpa » October 13th, 2007, 7:45 am

This time i even dont know how to describe the problems so pls look at Hijacthis log and help me out !
Thanks in advance!


Logfile of HijackThis v1.99.1
Scan saved at 13:39:19, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servle ... PMCons_60D
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zuunfhif.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
Velpa
Active Member
 
Posts: 13
Joined: September 24th, 2007, 3:16 pm
Top
Advertisement
Register to Remove

Unread postby random/random » October 13th, 2007, 1:27 pm

First of all, you are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Velpa » October 13th, 2007, 2:29 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:21, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servle ... PMCons_60D
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\aqkuqzdc.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\rcjxfpxa.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8097 bytes
Velpa
Active Member
 
Posts: 13
Joined: September 24th, 2007, 3:16 pm
Top

Unread postby random/random » October 13th, 2007, 2:31 pm

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Velpa » October 13th, 2007, 2:44 pm

I am getting error- Freeware implementation of REG.EXE has encountered a problem and needs to close. We are sorry for the inconvenience.

And then Not admin! You need Administrative privilegs to run this tool!
Velpa
Active Member
 
Posts: 13
Joined: September 24th, 2007, 3:16 pm
Top

Unread postby random/random » October 13th, 2007, 2:49 pm

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Velpa » October 13th, 2007, 3:01 pm

Deckard's System Scanner v20070905.67
Run by Leander on 2007-10-13 20:54:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-10-13 18:54:16 UTC - RP31 - Deckard's System Scanner Restore Point
2: 2007-10-13 12:52:57 UTC - RP30 - Uniblue RegistryBooster
1: 2007-10-13 10:21:43 UTC - RP29 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.9 GiB (less than 15%) free.


-- HijackThis (run as Leander.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:23, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Leander.PC113802530822\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Leander.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servle ... PMCons_60D
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7EA70927-FE82-42ED-8480-A6AA73169F0A} - C:\WINDOWS\system32\pmnlm.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\xxyyyvv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\gpkipymg.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aqkuqzdc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\aqkuqzdc.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\fsqeuoks.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: aqkuqzdc - C:\WINDOWS\SYSTEM32\aqkuqzdc.dll
O20 - Winlogon Notify: xxyyyvv - C:\WINDOWS\SYSTEM32\xxyyyvv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8546 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-23 23:00:32 274 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-09-23 23:00:31 396 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-09-13 and 2007-10-13 -----------------------------

2007-10-13 20:26:08 84544 --a------ C:\WINDOWS\system32\fsqeuoks.dll
2007-10-13 20:21:33 339968 --a------ C:\WINDOWS\system32\aqkuqzdc.dll
2007-10-13 20:21:07 389184 --a------ C:\WINDOWS\system32\lnoimxxx.exe
2007-10-13 18:54:14 84544 -----n--- C:\WINDOWS\system32\rcjxfpxa.dll
2007-10-13 18:50:07 339968 --a------ C:\WINDOWS\system32\qdisnqpt.dll
2007-10-13 18:49:40 389184 --a------ C:\WINDOWS\system32\fcqlhaha.exe
2007-10-13 18:15:24 84544 --a------ C:\WINDOWS\system32\vnvjvpbe.dll
2007-10-13 18:12:56 339968 --a------ C:\WINDOWS\system32\qtxmmxjd.dll
2007-10-13 18:12:29 389184 --a------ C:\WINDOWS\system32\duxdsxio.exe
2007-10-13 18:02:17 0 d-------- C:\Program Files\ewido anti-malware
2007-10-13 17:51:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-13 17:42:45 84544 --a------ C:\WINDOWS\system32\dulchthv.dll
2007-10-13 17:37:27 339968 --a------ C:\WINDOWS\system32\ciansuyz.dll
2007-10-13 17:37:02 389184 --a------ C:\WINDOWS\system32\qdvqqhtu.exe
2007-10-13 16:49:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-10-13 16:49:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-13 16:49:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-13 16:49:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-13 16:49:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-13 16:49:27 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-13 16:28:12 3502 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-13 15:42:30 84544 --a------ C:\WINDOWS\system32\jlhmpide.dll
2007-10-13 15:35:06 339968 --a------ C:\WINDOWS\system32\jeriblbu.dll
2007-10-13 15:34:37 389184 --a------ C:\WINDOWS\system32\tpdjxgxw.exe
2007-10-13 15:06:45 84544 --a------ C:\WINDOWS\system32\aunufkax.dll
2007-10-13 15:04:09 339968 --a------ C:\WINDOWS\system32\gdlslaeo.dll
2007-10-13 15:03:42 389184 --a------ C:\WINDOWS\system32\tqbrxeun.exe
2007-10-13 14:36:20 0 d-------- C:\Program Files\Trend Micro
2007-10-13 14:07:40 84544 --a------ C:\WINDOWS\system32\yrblgpyn.dll
2007-10-13 14:04:58 339968 --a------ C:\WINDOWS\system32\whpxevbv.dll
2007-10-13 14:04:34 389184 --a------ C:\WINDOWS\system32\wkbipcyp.exe
2007-10-13 12:44:25 169788 ---hs---- C:\WINDOWS\system32\mlnmp.ini2
2007-10-13 11:36:46 389184 --a------ C:\WINDOWS\system32\fdbskwxr.exe
2007-10-13 11:21:39 84544 --a------ C:\WINDOWS\system32\vtfyvdwn.dll
2007-10-13 11:21:25 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\WinPatrol
2007-10-13 11:19:03 339968 --a------ C:\Program Files\Hammer.dll
2007-10-13 11:18:38 389184 --a------ C:\WINDOWS\system32\clccfjdq.exe
2007-10-09 14:54:04 0 d-------- C:\Program Files\ProtectDisc Driver Installer
2007-10-09 14:53:27 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\MAGIX
2007-10-09 14:42:15 24576 --a------ C:\WINDOWS\system32\TTIC32.dll <Not Verified; PoINT Software & Systems GmbH; TTIC32>
2007-10-09 14:42:15 24576 --a------ C:\WINDOWS\system32\TTI32.dll <Not Verified; PoINT Software & Systems GmbH; TTI32>
2007-10-09 14:42:15 32768 --a------ C:\WINDOWS\system32\STRING32.dll <Not Verified; PoINT Software & Systems GmbH; STRING32>
2007-10-09 14:42:15 430080 --a------ C:\WINDOWS\system32\MXRestore.exe <Not Verified; MAGIX AG; MAGIX Restore>
2007-10-09 14:42:15 53248 --a------ C:\WINDOWS\system32\mgxasio2.dll
2007-10-09 14:42:15 57344 --a------ C:\WINDOWS\system32\DLLTPO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLTPO32>
2007-10-09 14:42:15 188416 --a------ C:\WINDOWS\system32\DLLRES32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRES32>
2007-10-09 14:42:15 40960 --a------ C:\WINDOWS\system32\DLLRD32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRD32>
2007-10-09 14:42:15 65536 --a------ C:\WINDOWS\system32\DLLPTL32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPTL32>
2007-10-09 14:42:15 53248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRJ32>
2007-10-09 14:42:14 49152 --a------ C:\WINDOWS\system32\DLLPRF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRF32>
2007-10-09 14:42:14 36864 --a------ C:\WINDOWS\system32\DLLPNT32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPNT32>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLMSC32.dll <Not Verified; PoINT Software & Systems GmbH; DLLMSC32>
2007-10-09 14:42:14 24576 --a------ C:\WINDOWS\system32\DLLIX.dll <Not Verified; PoINT Software & Systems GmbH; DLLIX>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLISO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLISO32>
2007-10-09 14:42:14 53248 --a------ C:\WINDOWS\system32\DLLIO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIO32>
2007-10-09 14:42:14 45056 --a------ C:\WINDOWS\system32\DLLIMG32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIMG32>
2007-10-09 14:42:14 151552 --a------ C:\WINDOWS\system32\DLLDRV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDRV32>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLDIR32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDIR32>
2007-10-09 14:42:14 163840 --a------ C:\WINDOWS\system32\DLLDEV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDEV32>
2007-10-09 14:42:14 94208 --a------ C:\WINDOWS\system32\DLLCPY32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCPY32>
2007-10-09 14:42:14 61440 --a------ C:\WINDOWS\system32\DLLCDF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCDF32>
2007-10-09 14:42:14 114688 --a------ C:\WINDOWS\system32\DLLCDA32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CDarchive for Windows>
2007-10-09 14:42:14 487424 --a------ C:\WINDOWS\system32\DLLAV32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CD/DVD Audio/Video SDK for Windows>
2007-10-09 14:15:32 0 d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2007-10-09 14:14:54 120200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2007-10-09 14:14:54 0 d-------- C:\Program Files\MAGIX
2007-10-09 14:14:11 0 d-------- C:\WINDOWS\system32\MAGIX
2007-10-08 20:41:29 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Google
2007-10-08 19:23:19 166725 ---hs---- C:\WINDOWS\system32\mlnmp.bak2
2007-10-06 23:31:55 85056 --a------ C:\WINDOWS\system32\gufqpivd.dll
2007-10-06 23:31:54 77376 --a------ C:\WINDOWS\system32\gpkipymg.dll
2007-10-06 11:53:08 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Ahead
2007-10-06 11:45:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-06 11:38:03 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\WinRAR
2007-10-06 11:26:30 173389 ---hs---- C:\WINDOWS\system32\mlnmp.bak1
2007-10-06 11:25:50 325728 --a------ C:\WINDOWS\system32\pmnlm.dll
2007-10-06 11:20:39 44054 --a------ C:\WINDOWS\system32\xxyyyvv.dll
2007-10-06 08:58:49 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Symantec
2007-10-05 21:28:15 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-05 21:28:14 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-05 21:28:14 0 d-------- C:\Program Files\Xvid
2007-10-05 21:14:40 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-04 21:22:13 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Uniblue
2007-10-04 13:40:38 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\AdobeUM
2007-10-04 13:38:53 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Adobe
2007-10-03 22:18:41 0 d-------- C:\Program Files\Symantec
2007-10-03 21:29:16 0 d--hs---- C:\Documents and Settings\Leander.PC113802530822\UserData
2007-10-03 20:57:15 0 d-------- C:\WINDOWS\system32\PreInstall
2007-10-03 20:57:02 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Macromedia
2007-10-03 20:55:45 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-03 20:49:18 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-03 20:45:50 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Personal
2007-10-03 20:43:30 0 dr------- C:\Documents and Settings\Leander.PC113802530822\Favorites
2007-10-03 20:43:30 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Desktop
2007-10-03 20:43:30 0 d--hs---- C:\Documents and Settings\Leander.PC113802530822\Cookies
2007-10-03 20:43:30 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\Application Data
2007-10-03 20:43:30 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Identities
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\Templates
2007-10-03 20:43:29 0 dr------- C:\Documents and Settings\Leander.PC113802530822\Start Menu
2007-10-03 20:43:29 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\SendTo
2007-10-03 20:43:29 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\Recent
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\PrintHood
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\NetHood
2007-10-03 20:43:29 0 dr------- C:\Documents and Settings\Leander.PC113802530822\My Documents
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\Local Settings
2007-10-03 20:43:28 2359296 --ah----- C:\Documents and Settings\Leander.PC113802530822\NTUSER.DAT
2007-10-03 20:41:37 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\cbt
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\Application Data\Netscape
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\Application Data\Mozilla
2007-10-02 21:27:47 0 dr-h----- C:\Documents and Settings\Leander\Recent
2007-10-02 20:53:40 0 d-------- C:\WINDOWS\pss
2007-09-30 00:59:09 0 d-------- C:\Documents and Settings\Leander\Application Data\WinPatrol
2007-09-30 00:58:54 0 d-------- C:\Program Files\BillP Studios
2007-09-30 00:56:55 0 d-------- C:\Program Files\SpywareBlaster
2007-09-28 22:42:37 0 d-------- C:\Program Files\CCleaner
2007-09-28 20:49:21 0 d-------- C:\Program Files\MSBuild
2007-09-28 20:44:54 0 d-------- C:\Program Files\Reference Assemblies
2007-09-28 19:49:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-28 19:48:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-25 19:53:54 0 d-------- C:\Program Files\Lavalys
2007-09-24 23:28:27 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-09-23 21:37:06 0 d-------- C:\Program Files\Uniblue
2007-09-23 21:29:25 0 d-------- C:\Documents and Settings\Leander\Application Data\Uniblue
2007-09-23 20:58:18 0 d-------- C:\Program Files\MSXML 6.0
2007-09-19 20:22:56 0 d-------- C:\Program Files\Lavasoft
2007-09-18 21:52:41 47360 --a------ C:\Documents and Settings\Leander\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-09-18 21:52:40 0 d-------- C:\Documents and Settings\Leander\Application Data\Vso
2007-09-18 21:52:36 0 d-------- C:\Program Files\VSO
2007-09-18 20:37:38 0 d-------- C:\Documents and Settings\Leander\Application Data\Media Player Classic
2007-09-18 20:35:40 0 d-------- C:\Program Files\Combined Community Codec Pack


-- Find3M Report ---------------------------------------------------------------

2007-10-13 20:55:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-09 16:08:58 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2007-10-08 20:41:15 0 d-------- C:\Program Files\Google
2007-10-08 19:20:43 0 d-------- C:\Program Files\Norton 360
2007-10-06 11:48:42 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-05 19:06:50 0 d-------- C:\Program Files\Common Files
2007-10-04 21:42:19 0 d-------- C:\Program Files\Online Services
2007-10-04 05:12:41 0 d-------- C:\Program Files\Windows NT
2007-10-04 05:11:05 0 d-------- C:\Program Files\Movie Maker
2007-10-04 05:11:03 0 d-------- C:\Program Files\Microsoft Works
2007-10-04 05:10:17 0 d-------- C:\Program Files\Messenger
2007-10-04 05:10:01 0 d-------- C:\Program Files\Java
2007-10-04 05:08:38 0 d-------- C:\Program Files\Easy Internet signup
2007-10-04 05:08:09 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-04 05:08:08 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-04 05:07:49 0 d-------- C:\Program Files\Common Files\LightScribe
2007-10-03 20:37:37 0 d-------- C:\Program Files\HPQ
2007-10-03 19:51:02 0 d-------- C:\Program Files\PowerArchiver
2007-10-03 19:33:38 0 d-------- C:\Program Files\Packard Bell Data Secure
2007-09-30 00:54:39 0 d-------- C:\Program Files\Logitech
2007-09-23 23:05:11 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-23 23:05:11 0 d-------- C:\Program Files\TPTEST5
2007-09-23 23:05:11 0 d-------- C:\Program Files\Readiris Pro 8
2007-09-23 23:05:10 0 d-------- C:\Program Files\DivX
2007-09-23 23:05:10 0 d-------- C:\Program Files\Benders
2007-09-23 23:05:06 0 d-------- C:\Program Files\The Guild 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EA70927-FE82-42ED-8480-A6AA73169F0A}]
06/10/2007 11:25 325728 --a------ C:\WINDOWS\system32\pmnlm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
06/10/2007 11:20 44054 --a------ C:\WINDOWS\system32\xxyyyvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
06/10/2007 23:31 77376 --a------ C:\WINDOWS\system32\gpkipymg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
13/10/2007 20:21 339968 --a------ C:\WINDOWS\system32\aqkuqzdc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\aqkuqzdc.dll [13/10/2007 20:21 339968]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/11/2005 21:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [10/11/2005 13:03]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [19/06/2005 22:50]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 11:39]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [22/12/2005 08:57]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [01/08/2005 14:26]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 10:23]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [09/02/2006 09:52]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [13/12/2005 16:45]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 23:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 10:22]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [23/09/2007 19:30]
"SearchIndexer"="C:\WINDOWS\system32\fsqeuoks.dll" [13/10/2007 20:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [27/07/2007 20:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [00:00:00]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [24/09/2005 01:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]
Personal.lnk - C:\Program Files\Personal\bin\Personal.exe [14/04/2007 23:11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"= C:\WINDOWS\system32\xxyyyvv.dll [06/10/2007 11:20 44054]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aqkuqzdc]
aqkuqzdc.dll 13/10/2007 20:21 339968 C:\WINDOWS\system32\aqkuqzdc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyyvv]
xxyyyvv.dll 06/10/2007 11:20 44054 C:\WINDOWS\system32\xxyyyvv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlm.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{305d6007-71df-11dc-93ab-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-10-13 20:58:08 ------------


Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 Mobile Technology ML-37
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.17 MiB / 1480.54 MiB
Pagefile Memory (total/avail): 3938.68 MiB / 3449.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.09 MiB

C: is Fixed (NTFS) - 66.33 GiB total, 4.9 GiB free.
D: is Fixed (FAT32) - 7.17 GiB total, 1.3 GiB free.
E: is CDROM (CDFS)
F: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST980829A - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 66.33 GiB - C:
\PARTITION1 - Unknown - 7.19 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB

\\.\PHYSICALDRIVE1 - USB 2.0 Flash Disk USB Device - 988.37 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 996 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dcyoyrhr.exe"="C:\\WINDOWS\\system32\\dcy"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Leander.PC113802530822\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BASTARD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Leander.PC113802530822
LOGONSERVER=\\BASTARD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LEANDE~1.PC1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LEANDE~1.PC1\LOCALS~1\Temp
USERDOMAIN=BASTARD
USERNAME=Leander
USERPROFILE=C:\Documents and Settings\Leander.PC113802530822
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Leander.PC113802530822 (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Firebird SQL Server - MAGIX Edition --> C:\Program Files\MAGIX\Common\Database\instslct.exe /p
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP User Guides 0025 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MAGIX Music Maker 14 13.0.1.1 (UK) --> C:\Program Files\MAGIX\MusicMaker14\instslct.exe
MAGIX PC Visit --> C:\Program Files\MAGIX\PCVisit\instslct.exe
MAGIX Photo Manager 2007 4.2.1.262 (UK) --> C:\Program Files\MAGIX\Photo_Manager_2007\instslct.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91930425-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mufin MusicFinder Base 1.0.1.240 (UK) --> C:\Program Files\MAGIX\Mufin MusicFinder\instslct.exe
Nero 7 --> MsiExec.exe /I{9FB8CAC0-CCF6-47C9-8EDE-3AC69FD61033}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
ProtectDisc Helper Driver 10 --> C:\Program Files\ProtectDisc Driver Installer\uninstall_v10.exe
Quick Launch Buttons 5.20 G1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1336 / Error
Event Submitted/Written: 10/13/2007 08:49:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application swreg.cfexe, version 2.0.1.8, faulting module swreg.cfexe, version 2.0.1.8, fault address 0x00003eca.
Processing media-specific event for [swreg.cfexe!ws!]

Event Record #/Type1335 / Error
Event Submitted/Written: 10/13/2007 08:49:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application swreg.cfexe, version 2.0.1.8, faulting module swreg.cfexe, version 2.0.1.8, fault address 0x00003eca.
Processing media-specific event for [swreg.cfexe!ws!]

Event Record #/Type1334 / Error
Event Submitted/Written: 10/13/2007 08:49:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application swreg.cfexe, version 2.0.1.8, faulting module swreg.cfexe, version 2.0.1.8, fault address 0x00003eca.
Processing media-specific event for [swreg.cfexe!ws!]

Event Record #/Type1333 / Error
Event Submitted/Written: 10/13/2007 08:49:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application swreg.cfexe, version 2.0.1.8, faulting module swreg.cfexe, version 2.0.1.8, fault address 0x00003eca.
Processing media-specific event for [swreg.cfexe!ws!]

Event Record #/Type1332 / Error
Event Submitted/Written: 10/13/2007 08:49:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application swreg.cfexe, version 2.0.1.8, faulting module swreg.cfexe, version 2.0.1.8, fault address 0x00003eca.
Processing media-specific event for [swreg.cfexe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2839 / Error
Event Submitted/Written: 10/13/2007 06:46:09 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type2838 / Error
Event Submitted/Written: 10/13/2007 06:45:46 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type2837 / Error
Event Submitted/Written: 10/13/2007 06:45:30 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type2836 / Error
Event Submitted/Written: 10/13/2007 06:37:54 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AmdK8
eabfiltr
eeCtrl
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SPBBCDrv
SRTSPX
SYMTDI
Tcpip

Event Record #/Type2835 / Error
Event Submitted/Written: 10/13/2007 06:37:54 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2007-10-13 20:58:08 ------------
Velpa
Active Member
 
Posts: 13
Joined: September 24th, 2007, 3:16 pm
Top

Unread postby random/random » October 13th, 2007, 6:10 pm

  • Go to Start > My Computer
  • Go to Tools > Folder Options
  • Click on the View tab
  • Untick the following:
    • Hide extensions for known file types
    • Hide protected operating system files (Recommended)
  • You will get a message warning you about showing protected operating system files, click Yes
  • Make sure this option is selected:
    • Show hidden files and folders
  • Click Apply and then click OK

Please upload these files:

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn.log

to this website: http://www.bleepingcomputer.com/submit- ... ?channel=4

Kindly include a link to this topic in the message.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Copy the contents of the following codebox to a notepad window

Code: Select all
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7EA70927-FE82-42ED-8480-A6AA73169F0A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[-HKEY_CLASSES_ROOT\CLSID\{7EA70927-FE82-42ED-8480-A6AA73169F0A}]

[-HKEY_CLASSES_ROOT\CLSID\{89AD4D75-2429-462e-BD4E-443F233F6033}]

[-HKEY_CLASSES_ROOT\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchIndexer"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"=-

[-HKEY_CLASSES_ROOT\CLSID\{837B45D6-BF85-457D-AABF-6D2E7815F791}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aqkuqzdc]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyyvv]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Save it to the desktop as fix.reg, making sure save as type is set to all files

  • Download UnDLL by ESET from here
  • Unzip/extact it to a folder on the desktop
  • Double click on UNDLL.EXE to start UnDLL
  • Click on Select infected DLL
  • Locate and select this file:
    C:\WINDOWS\system32\pmnlm.dll
  • Click Open
  • UnDLL will now attempt to delete the DLL file
  • If asked to restart your PC, click No
  • Repeat the above steps for the following files:
    Code: Select all
    C:\WINDOWS\system32\xxyyyvv.dll
C:\WINDOWS\system32\gpkipymg.dll
C:\WINDOWS\system32\aqkuqzdc.dll
C:\WINDOWS\system32\fsqeuoks.dll
  • Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt
  • Once you have used UnDLL on all the files, restart your PC manually


Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\aqkuqzdc.dll
C:\WINDOWS\system32\aunufkax.dll
C:\WINDOWS\system32\clccfjdq.exe
C:\WINDOWS\system32\duxdsxio.exe
C:\WINDOWS\system32\fcqlhaha.exe
C:\WINDOWS\system32\fdbskwxr.exe
C:\WINDOWS\system32\fsqeuoks.dll
C:\WINDOWS\system32\gdlslaeo.dll
C:\WINDOWS\system32\gpkipymg.dll
C:\WINDOWS\system32\gufqpivd.dll
C:\WINDOWS\system32\jeriblbu.dll
C:\WINDOWS\system32\jlhmpide.dll
C:\WINDOWS\system32\lnoimxxx.exe
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\qdisnqpt.dll
C:\WINDOWS\system32\qtxmmxjd.dll
C:\WINDOWS\system32\rcjxfpxa.dll
C:\WINDOWS\system32\tpdjxgxw.exe
C:\WINDOWS\system32\tqbrxeun.exe
C:\WINDOWS\system32\vnvjvpbe.dll
C:\WINDOWS\system32\vtfyvdwn.dll
C:\WINDOWS\system32\whpxevbv.dll
C:\WINDOWS\system32\wkbipcyp.exe
C:\WINDOWS\system32\xxyyyvv.dll
C:\WINDOWS\system32\yrblgpyn.dll

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Then run Deckard's system scanner (dss.exe) again and post the log it produces
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Velpa » October 14th, 2007, 6:26 am

I am unable to locate file C:\WINDOWS\system32\fsqeuoks.dll
?
and am not sure did i succeed upload files to website ???
Velpa
Active Member
 
Posts: 13
Joined: September 24th, 2007, 3:16 pm
Top

Unread postby random/random » October 14th, 2007, 6:35 am

You successfully upload C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Please attempt to upload the other one again, C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn.log

It doesn't matter if you can't find some of the files, just carry on with the rest of the instructions
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Velpa » October 14th, 2007, 7:02 am

I still can`t upload file!

There was a problem with your submission. Please Contact Us and let us know the name of the file, the size of the file, and the error code given below.

Unknown error.
Error number



Deckard's System Scanner v20070905.67
Run by Leander on 2007-10-14 12:59:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 4.81 GiB (less than 15%) free.


-- HijackThis (run as Leander.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:26, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Personal\bin\Personal.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Leander.PC113802530822\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Leander.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servle ... PMCons_60D
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mnmiysiw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mnmiysiw.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: mnmiysiw - C:\WINDOWS\SYSTEM32\mnmiysiw.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8241 bytes

-- Files created between 2007-09-14 and 2007-10-14 -----------------------------

2007-10-14 12:06:43 339968 --a------ C:\WINDOWS\system32\mnmiysiw.dll
2007-10-14 12:06:03 389184 --a------ C:\WINDOWS\system32\lxvtxbcx.exe
2007-10-14 10:38:35 85056 --a------ C:\WINDOWS\system32\dmesktve.dll
2007-10-14 10:33:29 389184 --a------ C:\WINDOWS\system32\iucbsxje.exe
2007-10-13 18:50:07 339968 --a------ C:\WINDOWS\system32\qdisnqpt.dll
2007-10-13 18:02:17 0 d-------- C:\Program Files\ewido anti-malware
2007-10-13 17:51:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-13 17:42:45 84544 --a------ C:\WINDOWS\system32\dulchthv.dll
2007-10-13 17:37:27 339968 --a------ C:\WINDOWS\system32\ciansuyz.dll
2007-10-13 17:37:02 389184 --a------ C:\WINDOWS\system32\qdvqqhtu.exe
2007-10-13 16:49:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-10-13 16:49:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-13 16:49:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-13 16:49:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-13 16:49:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-13 16:49:27 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-13 16:28:12 3502 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-13 14:36:20 0 d-------- C:\Program Files\Trend Micro
2007-10-13 12:44:25 166311 ---hs---- C:\WINDOWS\system32\mlnmp.ini2
2007-10-13 11:36:46 389184 --a------ C:\WINDOWS\system32\fdbskwxr.exe
2007-10-13 11:21:25 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\WinPatrol
2007-10-13 11:19:03 339968 --a------ C:\Program Files\Hammer.dll
2007-10-13 11:18:38 389184 --a------ C:\WINDOWS\system32\clccfjdq.exe
2007-10-09 14:54:04 0 d-------- C:\Program Files\ProtectDisc Driver Installer
2007-10-09 14:53:27 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\MAGIX
2007-10-09 14:42:15 24576 --a------ C:\WINDOWS\system32\TTIC32.dll <Not Verified; PoINT Software & Systems GmbH; TTIC32>
2007-10-09 14:42:15 24576 --a------ C:\WINDOWS\system32\TTI32.dll <Not Verified; PoINT Software & Systems GmbH; TTI32>
2007-10-09 14:42:15 32768 --a------ C:\WINDOWS\system32\STRING32.dll <Not Verified; PoINT Software & Systems GmbH; STRING32>
2007-10-09 14:42:15 430080 --a------ C:\WINDOWS\system32\MXRestore.exe <Not Verified; MAGIX AG; MAGIX Restore>
2007-10-09 14:42:15 53248 --a------ C:\WINDOWS\system32\mgxasio2.dll
2007-10-09 14:42:15 57344 --a------ C:\WINDOWS\system32\DLLTPO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLTPO32>
2007-10-09 14:42:15 188416 --a------ C:\WINDOWS\system32\DLLRES32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRES32>
2007-10-09 14:42:15 40960 --a------ C:\WINDOWS\system32\DLLRD32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRD32>
2007-10-09 14:42:15 65536 --a------ C:\WINDOWS\system32\DLLPTL32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPTL32>
2007-10-09 14:42:15 53248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRJ32>
2007-10-09 14:42:14 49152 --a------ C:\WINDOWS\system32\DLLPRF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRF32>
2007-10-09 14:42:14 36864 --a------ C:\WINDOWS\system32\DLLPNT32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPNT32>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLMSC32.dll <Not Verified; PoINT Software & Systems GmbH; DLLMSC32>
2007-10-09 14:42:14 24576 --a------ C:\WINDOWS\system32\DLLIX.dll <Not Verified; PoINT Software & Systems GmbH; DLLIX>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLISO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLISO32>
2007-10-09 14:42:14 53248 --a------ C:\WINDOWS\system32\DLLIO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIO32>
2007-10-09 14:42:14 45056 --a------ C:\WINDOWS\system32\DLLIMG32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIMG32>
2007-10-09 14:42:14 151552 --a------ C:\WINDOWS\system32\DLLDRV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDRV32>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLDIR32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDIR32>
2007-10-09 14:42:14 163840 --a------ C:\WINDOWS\system32\DLLDEV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDEV32>
2007-10-09 14:42:14 94208 --a------ C:\WINDOWS\system32\DLLCPY32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCPY32>
2007-10-09 14:42:14 61440 --a------ C:\WINDOWS\system32\DLLCDF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCDF32>
2007-10-09 14:42:14 114688 --a------ C:\WINDOWS\system32\DLLCDA32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CDarchive for Windows>
2007-10-09 14:42:14 487424 --a------ C:\WINDOWS\system32\DLLAV32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CD/DVD Audio/Video SDK for Windows>
2007-10-09 14:15:32 0 d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2007-10-09 14:14:54 120200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2007-10-09 14:14:54 0 d-------- C:\Program Files\MAGIX
2007-10-09 14:14:11 0 d-------- C:\WINDOWS\system32\MAGIX
2007-10-08 20:41:29 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Google
2007-10-08 19:23:19 166725 ---hs---- C:\WINDOWS\system32\mlnmp.bak2
2007-10-06 11:53:08 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Ahead
2007-10-06 11:45:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-06 11:38:03 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\WinRAR
2007-10-06 11:26:30 173389 ---hs---- C:\WINDOWS\system32\mlnmp.bak1
2007-10-06 08:58:49 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Symantec
2007-10-05 21:28:15 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-05 21:28:14 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-05 21:28:14 0 d-------- C:\Program Files\Xvid
2007-10-05 21:14:40 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-04 21:22:13 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Uniblue
2007-10-04 13:40:38 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\AdobeUM
2007-10-04 13:38:53 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Adobe
2007-10-03 22:18:41 0 d-------- C:\Program Files\Symantec
2007-10-03 21:29:16 0 d--hs---- C:\Documents and Settings\Leander.PC113802530822\UserData
2007-10-03 20:57:15 0 d-------- C:\WINDOWS\system32\PreInstall
2007-10-03 20:57:02 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Macromedia
2007-10-03 20:55:45 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-03 20:49:18 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-03 20:45:50 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Personal
2007-10-03 20:43:30 0 dr------- C:\Documents and Settings\Leander.PC113802530822\Favorites
2007-10-03 20:43:30 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Desktop
2007-10-03 20:43:30 0 d--hs---- C:\Documents and Settings\Leander.PC113802530822\Cookies
2007-10-03 20:43:30 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\Application Data
2007-10-03 20:43:30 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Identities
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\Templates
2007-10-03 20:43:29 0 dr------- C:\Documents and Settings\Leander.PC113802530822\Start Menu
2007-10-03 20:43:29 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\SendTo
2007-10-03 20:43:29 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\Recent
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\PrintHood
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\NetHood
2007-10-03 20:43:29 0 dr------- C:\Documents and Settings\Leander.PC113802530822\My Documents
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\Local Settings
2007-10-03 20:43:28 2359296 --ah----- C:\Documents and Settings\Leander.PC113802530822\NTUSER.DAT
2007-10-03 20:41:37 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\cbt
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\Application Data\Netscape
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\Application Data\Mozilla
2007-10-02 21:27:47 0 dr-h----- C:\Documents and Settings\Leander\Recent
2007-10-02 20:53:40 0 d-------- C:\WINDOWS\pss
2007-09-30 00:59:09 0 d-------- C:\Documents and Settings\Leander\Application Data\WinPatrol
2007-09-30 00:58:54 0 d-------- C:\Program Files\BillP Studios
2007-09-30 00:56:55 0 d-------- C:\Program Files\SpywareBlaster
2007-09-28 22:42:37 0 d-------- C:\Program Files\CCleaner
2007-09-28 20:49:21 0 d-------- C:\Program Files\MSBuild
2007-09-28 20:44:54 0 d-------- C:\Program Files\Reference Assemblies
2007-09-28 19:49:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-28 19:48:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-25 19:53:54 0 d-------- C:\Program Files\Lavalys
2007-09-24 23:28:27 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-09-23 21:37:06 0 d-------- C:\Program Files\Uniblue
2007-09-23 21:29:25 0 d-------- C:\Documents and Settings\Leander\Application Data\Uniblue
2007-09-23 20:58:18 0 d-------- C:\Program Files\MSXML 6.0
2007-09-19 20:22:56 0 d-------- C:\Program Files\Lavasoft
2007-09-18 21:52:41 47360 --a------ C:\Documents and Settings\Leander\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-09-18 21:52:40 0 d-------- C:\Documents and Settings\Leander\Application Data\Vso
2007-09-18 21:52:36 0 d-------- C:\Program Files\VSO
2007-09-18 20:37:38 0 d-------- C:\Documents and Settings\Leander\Application Data\Media Player Classic
2007-09-18 20:35:40 0 d-------- C:\Program Files\Combined Community Codec Pack


-- Find3M Report ---------------------------------------------------------------

2007-10-13 20:55:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-09 16:08:58 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2007-10-08 20:41:15 0 d-------- C:\Program Files\Google
2007-10-08 19:20:43 0 d-------- C:\Program Files\Norton 360
2007-10-06 11:48:42 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-05 19:06:50 0 d-------- C:\Program Files\Common Files
2007-10-04 21:42:19 0 d-------- C:\Program Files\Online Services
2007-10-04 05:12:41 0 d-------- C:\Program Files\Windows NT
2007-10-04 05:11:05 0 d-------- C:\Program Files\Movie Maker
2007-10-04 05:11:03 0 d-------- C:\Program Files\Microsoft Works
2007-10-04 05:10:17 0 d-------- C:\Program Files\Messenger
2007-10-04 05:10:01 0 d-------- C:\Program Files\Java
2007-10-04 05:08:38 0 d-------- C:\Program Files\Easy Internet signup
2007-10-04 05:08:09 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-04 05:08:08 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-04 05:07:49 0 d-------- C:\Program Files\Common Files\LightScribe
2007-10-03 20:37:37 0 d-------- C:\Program Files\HPQ
2007-10-03 19:51:02 0 d-------- C:\Program Files\PowerArchiver
2007-10-03 19:33:38 0 d-------- C:\Program Files\Packard Bell Data Secure
2007-09-30 00:54:39 0 d-------- C:\Program Files\Logitech
2007-09-23 23:05:11 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-23 23:05:11 0 d-------- C:\Program Files\TPTEST5
2007-09-23 23:05:11 0 d-------- C:\Program Files\Readiris Pro 8
2007-09-23 23:05:10 0 d-------- C:\Program Files\DivX
2007-09-23 23:05:10 0 d-------- C:\Program Files\Benders
2007-09-23 23:05:06 0 d-------- C:\Program Files\The Guild 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
14/10/2007 12:06 339968 --a------ C:\WINDOWS\system32\mnmiysiw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mnmiysiw.dll [14/10/2007 12:06 339968]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/11/2005 21:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [10/11/2005 13:03]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [19/06/2005 22:50]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 11:39]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [22/12/2005 08:57]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [01/08/2005 14:26]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 10:23]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [09/02/2006 09:52]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [13/12/2005 16:45]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 23:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 10:22]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [23/09/2007 19:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [27/07/2007 20:40]

C:\Documents and Settings\Leander.PC113802530822\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [24/09/2005 01:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]
Personal.lnk - C:\Program Files\Personal\bin\Personal.exe [14/04/2007 23:11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mnmiysiw]
mnmiysiw.dll 14/10/2007 12:06 339968 C:\WINDOWS\system32\mnmiysiw.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{305d6007-71df-11dc-93ab-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-10-14 13:00:09 ------------
Velpa
Active Member
 
Posts: 13
Joined: September 24th, 2007, 3:16 pm
Top

Unread postby random/random » October 14th, 2007, 9:58 am

Copy the contents of the following codebox to a notepad window

Code: Select all
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] 

[-HKEY_CLASSES_ROOT\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mnmiysiw]


Save it to the desktop as fix2.reg, making sure save as type is set to all files

  • Double click on UNDLL.EXE to start UnDLL
  • Click on Select infected DLL
  • Locate and select this file:
    C:\WINDOWS\system32\mnmiysiw.dll
  • Click Open
  • UnDLL will now attempt to delete the DLL file
  • If asked to restart your PC, click No
  • Locate Fix2.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt
  • Restart your PC manually


Locate Fix2.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\ciansuyz.dll
C:\WINDOWS\system32\clccfjdq.exe
C:\WINDOWS\system32\dmesktve.dll
C:\WINDOWS\system32\dulchthv.dll
C:\WINDOWS\system32\fdbskwxr.exe
C:\WINDOWS\system32\iucbsxje.exe
C:\WINDOWS\system32\lxvtxbcx.exe
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mnmiysiw.dll
C:\WINDOWS\system32\qdisnqpt.dll
C:\WINDOWS\system32\qdvqqhtu.exe

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Then run Deckard's system scanner (dss.exe) again and post the log it produces
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Velpa » October 14th, 2007, 10:27 am

Deckard's System Scanner v20070905.67
Run by Leander on 2007-10-14 16:26:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 4.81 GiB (less than 15%) free.


-- HijackThis (run as Leander.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:37, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Personal\bin\Personal.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Leander.PC113802530822\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Leander.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servle ... PMCons_60D
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7968 bytes

-- Files created between 2007-09-14 and 2007-10-14 -----------------------------

2007-10-13 18:02:17 0 d-------- C:\Program Files\ewido anti-malware
2007-10-13 17:51:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-13 16:49:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-10-13 16:49:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-13 16:49:29 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-10-13 16:49:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-13 16:49:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-10-13 16:49:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-13 16:49:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-13 16:49:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-13 16:49:27 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-13 16:28:12 3502 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-13 14:36:20 0 d-------- C:\Program Files\Trend Micro
2007-10-13 12:44:25 166311 ---hs---- C:\WINDOWS\system32\mlnmp.ini2
2007-10-13 11:21:25 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\WinPatrol
2007-10-13 11:19:03 339968 --a------ C:\Program Files\Hammer.dll
2007-10-09 14:54:04 0 d-------- C:\Program Files\ProtectDisc Driver Installer
2007-10-09 14:53:27 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\MAGIX
2007-10-09 14:42:15 24576 --a------ C:\WINDOWS\system32\TTIC32.dll <Not Verified; PoINT Software & Systems GmbH; TTIC32>
2007-10-09 14:42:15 24576 --a------ C:\WINDOWS\system32\TTI32.dll <Not Verified; PoINT Software & Systems GmbH; TTI32>
2007-10-09 14:42:15 32768 --a------ C:\WINDOWS\system32\STRING32.dll <Not Verified; PoINT Software & Systems GmbH; STRING32>
2007-10-09 14:42:15 430080 --a------ C:\WINDOWS\system32\MXRestore.exe <Not Verified; MAGIX AG; MAGIX Restore>
2007-10-09 14:42:15 53248 --a------ C:\WINDOWS\system32\mgxasio2.dll
2007-10-09 14:42:15 57344 --a------ C:\WINDOWS\system32\DLLTPO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLTPO32>
2007-10-09 14:42:15 188416 --a------ C:\WINDOWS\system32\DLLRES32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRES32>
2007-10-09 14:42:15 40960 --a------ C:\WINDOWS\system32\DLLRD32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRD32>
2007-10-09 14:42:15 65536 --a------ C:\WINDOWS\system32\DLLPTL32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPTL32>
2007-10-09 14:42:15 53248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRJ32>
2007-10-09 14:42:14 49152 --a------ C:\WINDOWS\system32\DLLPRF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRF32>
2007-10-09 14:42:14 36864 --a------ C:\WINDOWS\system32\DLLPNT32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPNT32>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLMSC32.dll <Not Verified; PoINT Software & Systems GmbH; DLLMSC32>
2007-10-09 14:42:14 24576 --a------ C:\WINDOWS\system32\DLLIX.dll <Not Verified; PoINT Software & Systems GmbH; DLLIX>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLISO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLISO32>
2007-10-09 14:42:14 53248 --a------ C:\WINDOWS\system32\DLLIO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIO32>
2007-10-09 14:42:14 45056 --a------ C:\WINDOWS\system32\DLLIMG32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIMG32>
2007-10-09 14:42:14 151552 --a------ C:\WINDOWS\system32\DLLDRV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDRV32>
2007-10-09 14:42:14 32768 --a------ C:\WINDOWS\system32\DLLDIR32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDIR32>
2007-10-09 14:42:14 163840 --a------ C:\WINDOWS\system32\DLLDEV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDEV32>
2007-10-09 14:42:14 94208 --a------ C:\WINDOWS\system32\DLLCPY32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCPY32>
2007-10-09 14:42:14 61440 --a------ C:\WINDOWS\system32\DLLCDF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCDF32>
2007-10-09 14:42:14 114688 --a------ C:\WINDOWS\system32\DLLCDA32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CDarchive for Windows>
2007-10-09 14:42:14 487424 --a------ C:\WINDOWS\system32\DLLAV32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CD/DVD Audio/Video SDK for Windows>
2007-10-09 14:15:32 0 d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2007-10-09 14:14:54 120200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2007-10-09 14:14:54 0 d-------- C:\Program Files\MAGIX
2007-10-09 14:14:11 0 d-------- C:\WINDOWS\system32\MAGIX
2007-10-08 20:41:29 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Google
2007-10-08 19:23:19 166725 ---hs---- C:\WINDOWS\system32\mlnmp.bak2
2007-10-06 11:53:08 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Ahead
2007-10-06 11:45:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-06 11:38:03 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\WinRAR
2007-10-06 11:26:30 173389 ---hs---- C:\WINDOWS\system32\mlnmp.bak1
2007-10-06 08:58:49 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Symantec
2007-10-05 21:28:15 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-05 21:28:14 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-05 21:28:14 0 d-------- C:\Program Files\Xvid
2007-10-05 21:14:40 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-04 21:22:13 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Uniblue
2007-10-04 13:40:38 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\AdobeUM
2007-10-04 13:38:53 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Adobe
2007-10-03 22:18:41 0 d-------- C:\Program Files\Symantec
2007-10-03 21:29:16 0 d--hs---- C:\Documents and Settings\Leander.PC113802530822\UserData
2007-10-03 20:57:15 0 d-------- C:\WINDOWS\system32\PreInstall
2007-10-03 20:57:02 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Macromedia
2007-10-03 20:55:45 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-03 20:49:18 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-03 20:45:50 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Personal
2007-10-03 20:43:30 0 dr------- C:\Documents and Settings\Leander.PC113802530822\Favorites
2007-10-03 20:43:30 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Desktop
2007-10-03 20:43:30 0 d--hs---- C:\Documents and Settings\Leander.PC113802530822\Cookies
2007-10-03 20:43:30 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\Application Data
2007-10-03 20:43:30 0 d-------- C:\Documents and Settings\Leander.PC113802530822\Application Data\Identities
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\Templates
2007-10-03 20:43:29 0 dr------- C:\Documents and Settings\Leander.PC113802530822\Start Menu
2007-10-03 20:43:29 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\SendTo
2007-10-03 20:43:29 0 dr-h----- C:\Documents and Settings\Leander.PC113802530822\Recent
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\PrintHood
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\NetHood
2007-10-03 20:43:29 0 dr------- C:\Documents and Settings\Leander.PC113802530822\My Documents
2007-10-03 20:43:29 0 d--h----- C:\Documents and Settings\Leander.PC113802530822\Local Settings
2007-10-03 20:43:28 2359296 --ah----- C:\Documents and Settings\Leander.PC113802530822\NTUSER.DAT
2007-10-03 20:41:37 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\cbt
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\Application Data\Netscape
2007-10-03 19:12:53 0 d-------- C:\Documents and Settings\Kersti\Application Data\Mozilla
2007-10-02 21:27:47 0 dr-h----- C:\Documents and Settings\Leander\Recent
2007-10-02 20:53:40 0 d-------- C:\WINDOWS\pss
2007-09-30 00:59:09 0 d-------- C:\Documents and Settings\Leander\Application Data\WinPatrol
2007-09-30 00:58:54 0 d-------- C:\Program Files\BillP Studios
2007-09-30 00:56:55 0 d-------- C:\Program Files\SpywareBlaster
2007-09-28 22:42:37 0 d-------- C:\Program Files\CCleaner
2007-09-28 20:49:21 0 d-------- C:\Program Files\MSBuild
2007-09-28 20:44:54 0 d-------- C:\Program Files\Reference Assemblies
2007-09-28 19:49:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-28 19:48:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-25 19:53:54 0 d-------- C:\Program Files\Lavalys
2007-09-24 23:28:27 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-09-23 21:37:06 0 d-------- C:\Program Files\Uniblue
2007-09-23 21:29:25 0 d-------- C:\Documents and Settings\Leander\Application Data\Uniblue
2007-09-23 20:58:18 0 d-------- C:\Program Files\MSXML 6.0
2007-09-19 20:22:56 0 d-------- C:\Program Files\Lavasoft
2007-09-18 21:52:41 47360 --a------ C:\Documents and Settings\Leander\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-09-18 21:52:40 0 d-------- C:\Documents and Settings\Leander\Application Data\Vso
2007-09-18 21:52:36 0 d-------- C:\Program Files\VSO
2007-09-18 20:37:38 0 d-------- C:\Documents and Settings\Leander\Application Data\Media Player Classic
2007-09-18 20:35:40 0 d-------- C:\Program Files\Combined Community Codec Pack


-- Find3M Report ---------------------------------------------------------------

2007-10-13 20:55:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-09 16:08:58 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2007-10-08 20:41:15 0 d-------- C:\Program Files\Google
2007-10-08 19:20:43 0 d-------- C:\Program Files\Norton 360
2007-10-06 11:48:42 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-05 19:06:50 0 d-------- C:\Program Files\Common Files
2007-10-04 21:42:19 0 d-------- C:\Program Files\Online Services
2007-10-04 05:12:41 0 d-------- C:\Program Files\Windows NT
2007-10-04 05:11:05 0 d-------- C:\Program Files\Movie Maker
2007-10-04 05:11:03 0 d-------- C:\Program Files\Microsoft Works
2007-10-04 05:10:17 0 d-------- C:\Program Files\Messenger
2007-10-04 05:10:01 0 d-------- C:\Program Files\Java
2007-10-04 05:08:38 0 d-------- C:\Program Files\Easy Internet signup
2007-10-04 05:08:09 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-04 05:08:08 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-04 05:07:49 0 d-------- C:\Program Files\Common Files\LightScribe
2007-10-03 20:37:37 0 d-------- C:\Program Files\HPQ
2007-10-03 19:51:02 0 d-------- C:\Program Files\PowerArchiver
2007-10-03 19:33:38 0 d-------- C:\Program Files\Packard Bell Data Secure
2007-09-30 00:54:39 0 d-------- C:\Program Files\Logitech
2007-09-23 23:05:11 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-23 23:05:11 0 d-------- C:\Program Files\TPTEST5
2007-09-23 23:05:11 0 d-------- C:\Program Files\Readiris Pro 8
2007-09-23 23:05:10 0 d-------- C:\Program Files\DivX
2007-09-23 23:05:10 0 d-------- C:\Program Files\Benders
2007-09-23 23:05:06 0 d-------- C:\Program Files\The Guild 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/11/2005 21:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [10/11/2005 13:03]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [19/06/2005 22:50]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 11:39]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [22/12/2005 08:57]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [01/08/2005 14:26]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 10:23]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [09/02/2006 09:52]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [13/12/2005 16:45]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 23:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 10:22]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [23/09/2007 19:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [27/07/2007 20:40]

C:\Documents and Settings\Leander.PC113802530822\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [24/09/2005 01:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]
Personal.lnk - C:\Program Files\Personal\bin\Personal.exe [14/04/2007 23:11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"=0 (0x0)

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-10-14 16:27:10 ------------
Velpa
Active Member
 
Posts: 13
Joined: September 24th, 2007, 3:16 pm
Top

Unread postby random/random » October 14th, 2007, 10:30 am

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.bak1

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Velpa » October 14th, 2007, 12:57 pm

It`s seems to be ok now!
I still cant locate those 3 files:
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.bak1

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2591 (20071014)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=c18dfeada2f6e945ae6a5957b52cd61b
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-10-14 04:48:17
# local_time=2007-10-14 06:48:17 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=443082
# found=4
# scan_time=6392
C:\Deckard\System Scanner\20071014125918\backup\DOCUME~1\LEANDE~1.PC1\LOCALS~1\Temp\uygrjwji.exe Win32/Agent.BCK trojan A1810782F9FC5842E69136A22F145E7B
C:\Deckard\System Scanner\20071014125918\backup\DOCUME~1\LEANDE~1.PC1\LOCALS~1\Temp\yyersgje.exe Win32/Agent.BCK trojan 83022676CDF5F0915A7C12121C6DFE19
C:\Documents and Settings\Leander.PC113802530822\Local Settings\Temp\odmtkeha.exe Win32/Agent.BCK trojan A34B6B576F990122A41C65802F248216
C:\Documents and Settings\Leander.PC113802530822\Local Settings\Temp\olpdsnrs.exe Win32/Agent.BCK trojan DCE855662E557ED173FE0FDC2827B62B


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:28, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Personal\bin\Personal.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servle ... PMCons_60D
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7991 bytes
Velpa
Active Member
 
Posts: 13
Joined: September 24th, 2007, 3:16 pm
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 150 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index