Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Trojan Issue
-
17-03-2008 11:09amRight, I've the same problem as this person: http://www.bleepingcomputer.com/forums/lofiversion/index.php/t134283.html, thank you WhiteWashMan.
live.messenger.com in C:\Windows is hidden using a rootkit or similar and I'm having a bitch of a time removing it. I've used MSNCleaner on it (after killing the process, safe mode etc) reports it deleted but it reappears on reboot and starts trying to contact c.milan-fans.com again and trying to download more crap onto this machine (it's some remote IRC thing and I've had to remove stuff from Vundo to DirectX viruses). I got a firewall working (PCTools) and it doesn't seem to be causing the same issue as Comodo was with permissions (well, it hasn't reappeared, hopefully this will stay the case) so as is the file can't talk to daddy so no new malware is popping up but I'd prefer to be rid of it. Just having it blocked from talking to the outside world is more of a band-aid than a solution.
Anyone feeling like helping me get rid of this thing? I'm not a techie, and I think I'm out of my depth.0
Comments
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\live.messenger.com
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
F:\iTunes\iTunesHelper.exe
F:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,\userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04153C3A-0DC2-4489-A02B-CD3FF45518EF} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2547F1B6-45DB-4ADE-83C7-614D51F85E57} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {53B138C6-F680-44AE-80F4-901EAE59F3E8} - (no file)
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0B8A2E4-0C24-4DC0-A60A-C5B3DC374B27} - (no file)
O2 - BHO: (no name) - {E0BB14A3-0790-4661-9DE8-963CE28DBAE9} - (no file)
O2 - BHO: (no name) - {E4069669-7977-49CB-B77E-1EA528FC66F5} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: (no name) - {FF181F9F-1853-487C-A0BB-1FD18C30C5B7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
O4 - HKLM\..\Run: [BMb31536dd] Rundll32.exe "C:\WINDOWS\system32\lkglvyek.dll",s
O4 - HKLM\..\RunServices: [MSN Messenger] live.messenger.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ibb_cust - file://E:\AIB\ibb_cust.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147392805406
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: tuvvtst - tuvvtst.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11160 bytes0 -
Is there any other scans I need to run for you guys?0
-
Is there any other scans I need to run for you guys?
Remove the following files:
C:\WINDOWS\live.messenger.com
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe - not sure about this one. Never had that line on ANY of my computers.
O4 - HKLM\..\Run: [BMb31536dd] Rundll32.exe "C:\WINDOWS\system32\lkglvyek.dll",s - The file is likely to be a dynamic file. It might have another file name or multiple files dropped in this directory.
Also, I recommend removing all active AV's except for one. Multiple AV's tend to have a nice fight sometimes on scanned files in real time or scanned by another AV. If anything, try nod32 or kaspersky's 30day trial and run a custom scan with all of either programs features max'd out. Norton doesn't get much, same with Avast in my experience.
In addition, start - run - msconfig - go to startup, uncheck all the checkboxes for now. It might give you a minor lead over the virii. Nod32, if you use that [what I use] it will most likely request to rescan on restart to rid of additional unwanted junk.
Lastly, as a side note, you have quite a bit of additional objects showing via the HiJackThis log. Which can slow down your browser.
As a side note, if you have the original virus / exe whatever the file is, could you possibly email it to me [bctrainers at gmail com]? I can sand box it to help diagnose your issue further in depth. As removing files may not fully rid of this virus. The virus that you have, like you stated is indeed an IRC backdoor trojan which can DDoS, port scan, download, tack on more viruses and so forth. The list goes on on what it can most likely do.0 -
Not to be rude bctrainers, but you should be more careful giving advice if you don't know what you are doing
Disabling those MSConfig items or fixing those lines isn't going to stop the infections
Do this nesf
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
0 -
That seems to have done the trick ActorSeeksJob:
SDFix report:
SDFix: Version 1.158
Run by Padraig O'Sullivan on 17/03/2008 at 22:08
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Program Files\Setup.exe - Deleted
C:\WINDOWS\admintxt.txt - Deleted
C:\WINDOWS\live.messenger.com - Deleted
C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted
C:\WINDOWS\system32\msnmgnr.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 22:17:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG04.00.00.01SERVER"="6C184874F18C802E4E5B70B5DC37ED8C5BD0F070E529296EB3BA1B6237D31ECBAE4A48CABB6E32BE94E005D6E7A6C40E752DD8D99096B012FC8294545219EF62E91C3A4B03DBBDD58996E776C058D6D643496131018542003DE89FC83A6A2B0C85FD73121A7B4B9DD0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3DA9C6AECB7A5D14078458F25ACE3DEE904E9F71B5E52650252AE133319D293C27EF640FD93283A8A39A4BD21F36BD3978C1385D16EF98F994DC8085B40386F1C4556E53ADEEB60515EC1309575FAC23BB742B7B214170C798CA0C3B183341CB44B42E8880C4698532853823FBFB91B9570A27DE3FB8AB5BEE557C8956DCF29D454F8329FDCB6F529AA024028B33961A0E5E40EADF2BF0E89A932E7C6EA05751AB1836075693BDAAB4ADA3D886200BF8657CEC5A75DF8638E4D06272651351E49FB4EDC33F1D6EDF2952EBB17352E11DA8A70B3A779459A5560BBB9D433E63E80D0337D770DFBED9E46691695CCCB2626454D6ED5F77F7A24074C306121DB703251186102744119199778F304E86B6366CACF4A9ABAD9731B474670562231CEA5A24AE0B242A6B95BB45440CD9694D1E560FED78614F0F6B8A25F54AC7347FEFE6B16A3C2B617809054472D317D57B30FB8BAB3704E6DB7DDD54A4D8D9A977F1C4E5566C843204A1F19CBF351D1FE4187B677E9821751C268D060B06B4CE3EE7B5A074387ED48128442CB6B10C8AD695371E99A045EF14BB3CEFA6FE77E72F593EF5AA8CE97707FD0182C59D0454BF7B55DB93AA83BC2D25D1FB57BF46A64BE3A42CC03099BD4D1371E4BFA1AA2B31AF4002E865F2B8F05F78C9601D47B6B8B9F6406439673CB26E234ADBBAA933E3AFA5A57850AEB491F9A02BEB3D27343F1F045F2993AF7D3A29E560B2B82F02B189F69206C154F2609AFBA6069B172F4C6E60EF81FE537F09F35088C3C16D2399E0EB44B8E407AC587703F61E05C8AD7014E308C7103734E70FBA55704D18163F6D7E6D1CB5EC0E93DE700B0A9EF3A8E012AB723B2EC281C652C29001A96A4C68F86B721F08B1B652AF4384805D558DF57C1830FB15644236A648379DF5A22F8064B66D157F03B9F6DEBEBBA00D2CBB2DFC4B740ED30B426C8A72F756A801979622A4AB361694200CF36939674C3B0AA6D1AEA5DCCEACC64390A9399D09CAD5DDB9C02F9E9B9CE6BC8C8F3CBA0D4B4128CB6F60353EC003B85F1A92C8B4CBAC2D47592D4BB0D4FBD7D7BEB66318271E9BCEFAF348ADC423EEB0B6D0929C4FD2FDF77F0F214AFCC5D19B4C500E069FD00BD60964ABFC39432BD2B274998429F3709109F2E733579AC3AD4EE24A4686FE29EE0FE8585F237657A888B16086AC2EC869"
"OODEFRAG10.00.00.01WORKSTATION"="A3FD6A755FC8036BC6284DD86AF3DE7D66FC9AD8670529F29215B82292F0FD92470C162BE54636A6035235EE5186EF8C9F889647C10654480A6EE94A79E7B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67948EDD5E5BE2F6E6675D575E7D6A3B980845037647EE16C96BE3EB2E80FBC3CA2E2BC84E04A95D320955CAA6B5562C733CD40B213DE4FDC0DAEBBBAD3A1E7E82EA5EA4C349A2E15ACDA4FA6F5A70DABC0139F86E516E6298267557E3FE16D488E376050F6025559D0E9F4022BB5A88B6A81CEE1877CD1EE42B8056AA5FD125DFA470164D1963BA12A45DFB3C0432FDA8F9CB231A592A5BC0BC36E321209D2017ACEB97DC727769D3DC15A37E9378585F2F3B5E37520D9C48A3DF40283C304B3AF1ABDDDF265D0A827725406CFE13042C757E0273F2E4B51F19EDBC66609E825CDA18513F1E759E42AB0DEF4E8CCBC762EFD07D180084D069CC7143466EE3F01543BE6EA4F682F63AA073E22FB74FBADBB30E583272A3E85162A3CCF5FAE11AFEFCCC458005AFBB167320DEE131304774CABAAC9376D94F856FDD69E7515A52374A987A85CE08E58536003D78DBE1AE8DB4FA28D0EB27AAB5009F3D516DF44562E319C6A98E7B46BCECA36B4B4F40040C61998E43E86E7099920B7D2D823D6FA5F5E87429B25F7EF211C0E9F6D506AF573884B488B47570681BE7F7B87422A32C204A65835D6B85630F304FDA70D6EC5D134D8581CBE54A6200A089F6DC7706A4F59F8D7BE43C264DC8ED439C52B74B8D3FA87FD2DF4FF1C69C44A7AD897590C180717518D5D300F5139B84A36310AEDD7FF2B365542431DCBE855867FCB5133BBB6BB8A46C9384A4B7FDE31BBEAFCFC509284AE6423AA4EDAA3C37F0EBB82E49175D88309B45FAA371FE45F4334739C2076BFB49F4CABC4718E1F2DE3F62D62D77BAA80E8B96FD4473A9A3E3C56C4C54960318C0EE763FBB31954F0616785727B39CF0D51595FCD862AF0DE02C973B804B5600C6E33F439F149B2400C0284E0098BDCE61C6B83AB956E6A02854A68D5028752B18BC8AB7CC5459DBAB447FAC80657FC051E4D6CC43DC4615395B5BA04E2A11223615245B21F9DAF6AA5CF23778CFE35D87E3AD9ED3F7EC32D796DA238DBE0185E63D3843FEFDCE87E37459893A7E14CA2BEEDC70CF9A9A578D8C2F1920C5BC8532BADA594A5286B401AE6D129D0DDBC6296569D21EAF34F32678C45A21186469E446025A6E577B3AEF615010FA0DAB212FD8B9ADAB93C18EB04BEC13ABFEB78B914B09D5D8E5C6676414041AB281153E30101D3A6697F1BF82275E42E0379ED88DEAAC31F9C728205287701B2762D295E305428A4300153534E3B03CE5F322D5707A1125C83D02DA75A961CF3E9C3F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"D:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"="D:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"D:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="D:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Poker\\Paddy Power Poker\\casino.exe"="C:\\Poker\\Paddy Power Poker\\casino.exe:*:Enabled:Paddy Power Poker"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Padraig O'Sullivan\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Padraig O'Sullivan\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"D:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="D:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"="C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"F:\\iTunes\\iTunes.exe"="F:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\LeechGet 2006\\LeechGet.exe"="C:\\Program Files\\LeechGet 2006\\LeechGet.exe:*:Enabled:LeechGet Download Manager"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"F:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"="F:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III"
"C:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe"="C:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe:*:Enabled:Sacred"
"C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"D:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="D:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\EVEMon\\EVEMon.exe"="C:\\Program Files\\EVEMon\\EVEMon.exe:*:Enabled:EVEMon"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 8 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe"
Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\uinstrsc.dll"
Sat 8 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 16 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 26 Jan 2007 51,200 A..H. --- "C:\Documents and Settings\Padraig O'Sullivan\My Documents\USB Key Backup\~WRL0863.tmp"
Fri 26 Jan 2007 50,688 A..H. --- "C:\Documents and Settings\Padraig O'Sullivan\My Documents\USB Key Backup\~WRL2905.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BITD.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BITE.tmp"
Mon 28 Jan 2008 8,833 A..HR --- "C:\Documents and Settings\Padraig O'Sullivan\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 5 Dec 2006 39,936 A..H. --- "C:\Documents and Settings\Padraig O'Sullivan\My Documents\College Essays\EC2107\~WRL2806.tmp"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Assets\My Asset Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Bank\My Bank Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Customer\My Customer Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Finance\My Finance Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Invoice\My Invoice Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Nominal\My Nominal Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\POP\My POP Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Products\My Products Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Project\My Project Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\SOP\My SOP Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\REPORTS\Supplier\My Supplier Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Assets\My Asset Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Bank\My Bank Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Customer\My Customer Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Finance\My Finance Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Invoice\My Invoice Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Nominal\My Nominal Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\POP\My POP Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Products\My Products Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Project\My Project Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\SOP\My SOP Reports\rpt.sys"
Fri 9 Aug 2002 0 A..H. --- "C:\Program Files\Sage\Instant Accounts\DemoData\REPORTS\Supplier\My Supplier Reports\rpt.sys"
Finished!0 -
Advertisement
-
Main.txt:
Deckard's System Scanner v20071014.68
Run by Padraig O'Sullivan on 2008-03-17 22:28:24
Computer is in Normal Mode.
-- System Restore
Failed to create restore point; System Restore is disabled (service is not running).
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Padraig O'Sullivan.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\iTunes\iTunesHelper.exe
F:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Padraig O'Sullivan\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Padraig O'Sullivan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,\userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04153C3A-0DC2-4489-A02B-CD3FF45518EF} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2547F1B6-45DB-4ADE-83C7-614D51F85E57} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {53B138C6-F680-44AE-80F4-901EAE59F3E8} - (no file)
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0B8A2E4-0C24-4DC0-A60A-C5B3DC374B27} - (no file)
O2 - BHO: (no name) - {E0BB14A3-0790-4661-9DE8-963CE28DBAE9} - (no file)
O2 - BHO: (no name) - {E4069669-7977-49CB-B77E-1EA528FC66F5} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: (no name) - {FF181F9F-1853-487C-A0BB-1FD18C30C5B7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [BMb31536dd] Rundll32.exe "C:\WINDOWS\system32\lkglvyek.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ibb_cust - file://E:\AIB\ibb_cust.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147392805406
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: tuvvtst - tuvvtst.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10855 bytes
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV79 - c:\windows\system32\drivers\sshdrv79.sys <Not Verified; ; ProtectCD>
R3 catchme - c:\docume~1\padrai~1\locals~1\temp\catchme.sys (file missing)
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 SFilter (PCTools Driver) - c:\windows\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
S1 AmdK8 (AMD Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys (file missing)
S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\windows\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 EPScanMemory - c:\program files\epox\eptp\scanmemory32.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 VPROEVENTMONITOR - c:\windows\system32\drivers\vproeventmonitor.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
-- Device Manager: Disabled
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF3705C9
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF3705C9
Service: RTLWUSB
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_293E&SUBSYS_82771043&REV_02\3&11583659&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_293E&SUBSYS_82771043&REV_02\3&11583659&0&D8
Service:
-- Scheduled Tasks
2008-03-16 22:40:24 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-08-12 18:39:18 368 --a
C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1147371198.job
-- Files created between 2008-02-17 and 2008-03-17
2008-03-17 22:01:39 0 d
C:\WINDOWS\ERUNT
2008-03-16 22:04:57 0 d
C:\MSNCleaner
2008-03-16 21:28:53 0 d
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-16 21:28:04 0 d
C:\Program Files\SUPERAntiSpyware
2008-03-16 21:28:04 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\SUPERAntiSpyware.com
2008-03-16 20:38:57 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\PCToolsFirewallPlus
2008-03-16 20:35:35 93440 --a
C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2008-03-16 20:35:33 0 d
C:\Program Files\Common Files\PC Tools
2008-03-16 20:35:32 0 d
C:\Program Files\PC Tools Firewall Plus
2008-03-16 19:58:05 0 d
C:\Program Files\ZoneAlarmSB
2008-03-16 19:55:45 0 d
C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-16 19:55:21 11264 --a
C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-03-16 19:54:46 0 d
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 19:54:40 0 d
C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 19:54:30 0 d
C:\WINDOWS\system32\ZoneLabs
2008-03-15 23:07:18 0 d
C:\Documents and Settings\Administrator\Application Data\Comodo
2008-03-15 23:03:39 0 d
C:\Program Files\Sage
2008-03-15 11:43:01 0 d
C:\Program Files\Trend Micro
2008-03-14 23:31:09 36352 --a
C:\WINDOWS\system32\tuvstsr.dll
2008-03-14 21:31:18 96832 --a
C:\WINDOWS\system32\lkglvyek.dll
2008-03-14 21:10:02 36352 --a
C:\WINDOWS\system32\tuvsqqr.dll
2008-03-14 13:31:16 39424 --a
C:\WINDOWS\system32\hgggdec.dll
2008-03-14 13:21:54 90688 --a
C:\WINDOWS\system32\uogfsjua.dll
2008-03-14 13:21:02 168301 --ahs---- C:\WINDOWS\system32\uttss.ini2
2008-03-14 12:40:05 36352 --a
C:\WINDOWS\system32\ljjigda.dll
2008-03-14 12:33:20 90688 --a
C:\WINDOWS\system32\dnyvahhv.dll
2008-03-14 12:33:18 36352 --a
C:\WINDOWS\system32\byxuuus.dll
2008-03-13 23:47:30 0 d
C:\WINDOWS\Prefetch
2008-03-13 23:14:41 0 d
C:\Documents and Settings\Default User\Application Data\DivX
2008-03-13 21:58:19 68096 --a
C:\WINDOWS\system32\zip.exe
2008-03-13 21:58:19 98816 --a
C:\WINDOWS\system32\sed.exe
2008-03-13 21:58:19 80412 --a
C:\WINDOWS\system32\grep.exe
2008-03-13 21:58:19 73728 --a
C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-13 21:58:16 53248 --a
C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-11 19:43:38 0 d
C:\VundoFix Backups
2008-02-29 23:40:12 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Ventrilo
2008-02-29 23:38:28 0 d
C:\Program Files\Ventrilo
2008-02-26 15:22:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 15:22:43 0 d
C:\Program Files\Windows Live
2008-02-26 15:22:31 0 d
C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-17 16:38:16 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Winamp
-- Find3M Report
2008-03-16 21:27:27 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 20:35:33 0 d
C:\Program Files\Common Files
2008-03-16 19:58:06 4212 ---h
C:\WINDOWS\system32\zllictbl.dat
2008-03-16 14:11:32 0 d
C:\Program Files\Semagic
2008-03-15 23:19:11 0 d
C:\Program Files\Comodo
2008-03-15 11:46:52 0 d
C:\Program Files\Opera
2008-03-14 13:25:01 0 d
C:\Program Files\Java
2008-03-14 12:02:06 409600 --a
C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-14 12:02:05 114688 --a
C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-03-13 23:42:09 0 d
C:\Program Files\Movie Maker
2008-03-13 23:42:04 0 d
C:\Program Files\Windows NT
2008-03-13 23:28:12 0 d--h
C:\Program Files\WindowsUpdate
2008-03-13 23:13:09 23348 --a
C:\WINDOWS\system32\emptyregdb.dat
2008-02-22 05:49:48 8974 --a
C:\WINDOWS\mozver.dat
2008-02-14 20:24:38 0 d
C:\Program Files\Stardock
2008-02-08 13:33:30 0 d
C:\Program Files\Common Files\Adobe
2008-01-29 04:35:31 121442 --a
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Cosmos Prefs
2008-01-28 22:40:40 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Bioshock
2008-01-28 19:00:53 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\uTorrent
2008-01-28 18:58:41 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Azureus
2008-01-24 15:44:49 0 d
C:\Program Files\Sony
2008-01-24 15:44:49 0 d--h
C:\Program Files\InstallShield Installation Information
2008-01-24 15:42:27 0 d
C:\Program Files\Common Files\Sony Shared
2008-01-24 15:42:27 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Sony Corporation
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04153C3A-0DC2-4489-A02B-CD3FF45518EF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2547F1B6-45DB-4ADE-83C7-614D51F85E57}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
04/10/2007 20:06 1135968 --a
C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B138C6-F680-44AE-80F4-901EAE59F3E8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0B8A2E4-0C24-4DC0-A60A-C5B3DC374B27}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0BB14A3-0790-4661-9DE8-963CE28DBAE9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4069669-7977-49CB-B77E-1EA528FC66F5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
16/03/2008 19:58 262144 --a
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF181F9F-1853-487C-A0BB-1FD18C30C5B7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 20:06 1135968]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [16/03/2008 19:58 262144]
[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 13:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"iTunesHelper"="F:\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
"WinampAgent"="F:\Program Files\Winamp\winampa.exe" [15/01/2008 22:54]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [11/05/2007 02:08]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\Ctxfihlp.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [25/02/2008 16:49]
"BMb31536dd"="C:\WINDOWS\system32\lkglvyek.dll" [14/03/2008 21:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
C:\Documents and Settings\Padraig O'Sullivan\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [21/07/2007 02:17:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
ddcdedc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtst]
tuvvtst.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CONNECTAUTrayApp.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CONNECTAUTrayApp.lnk
backup=C:\WINDOWS\pss\CONNECTAUTrayApp.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE
-- End of Deckard's System Scanner: finished at 2008-03-17 22:32:16
extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of Memory in Use: 15%
Physical Memory (total/avail): 3327.04 MiB / 2818.9 MiB
Pagefile Memory (total/avail): 7257.09 MiB / 6892.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.09 MiB
A: is Removable (Unformatted)
C: is Fixed (NTFS) - 97.65 GiB total, 15.93 GiB free.
is Fixed (NTFS) - 97.66 GiB total, 18.34 GiB free.
E: is CDROM (UDF)
F: is Fixed (NTFS) - 117.19 GiB total, 46.41 GiB free.
\\.\PHYSICALDRIVE0 - ST3160023A - 149.05 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 97.65 GiB - C:
\PARTITION1 - Extended Partition - 26.11 GiB
\\.\PHYSICALDRIVE1 - WDC WD3200KS-75PFB0 - 298.09 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 298.09 GiB - - F:
-- Security Center
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: PC Tools Firewall Plus v3.0.0 (PC Tools)
FW: COMODO Firewall Pro v3.0 (COMODO)
AV: avast! antivirus 4.7.1098 [VPS 080317-0] v4.7.1098 (ALWIL Software) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"D:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"="D:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"D:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="D:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Poker\\Paddy Power Poker\\casino.exe"="C:\\Poker\\Paddy Power Poker\\casino.exe:*:Enabled:Paddy Power Poker"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Padraig O'Sullivan\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Padraig O'Sullivan\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"D:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="D:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"="C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"F:\\iTunes\\iTunes.exe"="F:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\LeechGet 2006\\LeechGet.exe"="C:\\Program Files\\LeechGet 2006\\LeechGet.exe:*:Enabled:LeechGet Download Manager"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"F:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"="F:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III"
"C:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe"="C:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe:*:Enabled:Sacred"
"C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"D:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="D:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\EVEMon\\EVEMon.exe"="C:\\Program Files\\EVEMon\\EVEMon.exe:*:Enabled:EVEMon"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Padraig O'Sullivan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PADRAIGPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Padraig O'Sullivan
LOGONSERVER=\\PADRAIGPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\VDMSound;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PADRAI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PADRAI~1\LOCALS~1\Temp
USERDOMAIN=PADRAIGPC
USERNAME=Padraig O'Sullivan
USERPROFILE=C:\Documents and Settings\Padraig O'Sullivan
VDMSPath=C:\Program Files\VDMSound
windir=C:\WINDOWS
-- User Profiles
Padraig O'Sullivan (admin)
Síle Ní Mhurchu (admin)
Administrator (admin)
Guest (guest)
-- Add/Remove Programs
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> Dummy
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CF63063-BD94-4A8B-9966-B6FDC3F55B38}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acoustica MP3 To Wave Converter PLUS --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspell English Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe"
Auctioneer AddOns --> \World of Warcraft\Auctioneer Uninstaller.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Battle for Wesnoth 1.3.3 --> "D:\Program Files\Wesnoth\unins000.exe"
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Canon MP Navigator 2.2 --> "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP830 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}\DelDrv.exe" /U:{0D25F7CC-B99C-44ee-9945-B14532B2BB7B} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Capitalism II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF581945-BBE9-11D5-A7FE-50275FC10000}\setup.exe" -uninst
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Company of Heroes --> "D:\Program Files\THQ\Company of Heroes\\Uninstall_English.exe"
Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
CONNECT Auto Update --> C:\Program Files\Sony\CONNECTAutoUpdate\Uninstall.exe
CONNECT Player --> MsiExec.exe /X{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}
CONNECT Player Language Pack --> MsiExec.exe /X{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Dawn Of War --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Dawn of War - Dark Crusade --> C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault --> MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Empire Earth III --> C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Encyclopaedia Britannica 2005 Ultimate Reference Suite DVD --> "C:\Program Files\Britannica 2005\Ultimate Reference Suite DVD\UninstallerData\Uninstall Encyclopaedia Britannica 2005 Ultimate Reference Suite DVD.exe"
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
Eve Market Scanner --> MsiExec.exe /I{35D8F4EF-12F9-4217-AD18-709EFF635B47}
EVEMon --> C:\Program Files\EVEMon\uninstall.exe
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Galactic Civilizations II --> \PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE \PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameTime+ --> MsiExec.exe /I{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}
GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
gretl version 1.7.0 --> "C:\Program Files\gretl\unins000.exe"
Heroes of Might and Magic V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp psc 2100 series --> rundll32 hpzcon07.dll,VendorJettison hp psc 2100 series
Immortal Cities --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E05B1C38-AE31-4146-8D47-E5E71BEB8D9E} /l1033
iScrobbler --> C:\Program Files\iTunes\UninstalliScrobble.exe
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"
LeechGet 2006 Version 2.0 --> "C:\Program Files\LeechGet 2006\unins000.exe"
LeechGet 2007 Version 2.1 --> "C:\Program Files\LeechGet 2007\unins000.exe"
LeechGet Opera/Mozilla/Netscape Plug-In --> C:\WINDOWS\unins001.exe
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Americas --> C:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia --> C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades --> C:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic --> C:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Miranda IM --> C:\Program Files\Miranda IM\uninstall.exe
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mood Tracking Diary --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22643D33-9BEA-4E71-BEF3-7E60908E0DA8}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.2) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.2 (en)"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NavBot --> rundll32.exe dfshim.dll,ShArpMaintain NavBot.application, Culture=neutral, PublicKeyToken=145affb9fd4e8010, processorArchitecture=msil
Navini Diagnostics --> "C:\Program Files\NavDiag\Uninstall\Uninstall NavDiag.exe"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetworkAddonMod Beta Version 2005.09.30 --> C:\Documents and Settings\Padraig O'Sullivan\My Documents\SimCity 4\Plugins\NetworkAddonMod\uninst.exe
NVIDIA Drivers --> C:\WINDOWS\System32\nvuninst.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
Paddy Power Poker --> "C:\Poker\Paddy Power Poker\_SetupPoker.exe" /uninstall
PATRICIAN II --> "C:\Program Files\PATRICIAN II\unins000.exe"
Patrician III --> "C:\Program Files\Patrician III\unins000.exe"
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PC Tools Firewall Plus 3.0 --> "C:\Program Files\PC Tools Firewall Plus\unins000.exe"
PCMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
PDF Manual NW-A10003000 --> MsiExec.exe /X{BF2F7927-92AF-4F5D-8B93-658F63DF8727}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Poker Tracker Version 2.05.08 --> "C:\Program Files\Poker Tracker V2\unins000.exe"
PokerAce Hud (remove only) --> "C:\Program Files\PokerAce Hud\uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! PageManager 7.15.11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}\SETUP.EXE" -l0x9 anything
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 5.2 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Rise Of Legends --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
River Past Audio Converter --> C:\WINDOWS\Audio Converter Uninstaller.exe
Rome - Total War - Alexander --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C1804BC-094F-431A-BEA5-37A837958029}\setup.exe" -l0x9 -removeonly
Rome - Total War - Gold Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
Sacred --> "C:\Program Files\Ascaron Entertainment\Sacred\unins000.exe"
Sage Instant Accounts V11.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0ED61325-8B7A-4816-B5A5-E2FF59C75F4B}
Sage MIS 3.01 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Informer50\Uninst.isu"
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Semagic (remove only) --> "C:\Program Files\Semagic\uninstall.exe"
SimCity 4 Deluxe --> \Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Smart PC v. 3.0 --> "D:\Program Files\Smart PC\unins000.exe"
SmartUSB56 Voice Modem --> C:\WINDOWS\Modio\SLUSB2KV\Setup.exe /Remove
SOED --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F91D702D-3DB1-11D3-B3A9-0020185257C4}\setup.exe" -uninst
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Stainless Steel 3.2 Stand-Alone --> \Program Files\SEGA\Medieval II Total War\Uninstal.exe
Stardock Central --> \PROGRA~1\Stardock\TOTALG~1\GalCiv2\SDCENT~1\UNWISE.EXE \PROGRA~1\Stardock\TOTALG~1\GalCiv2\SDCENT~1\INSTALL.LOG
Stata 10 --> MsiExec.exe /X{6395D480-9F3B-4930-8204-B91C8882F967}
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SuperPower 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Supreme Commander - Forged Alliance --> C:\Program Files\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0009 -removeonly
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.70 --> "D:\Program Files\Codemasters\The Lord of the Rings Online\unins000.exe"
THE SETTLERS - Rise of an Empire --> "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Settlers II - 10th Anniversary --> "D:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\uninstall.exe"
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Witcher --> "C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
UFO Afterlight --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47AF4245-CD81-4353-BFC0-0A21A6EF483A}\setup.exe" -l0x9
VDMSound --> C:\Program Files\VDMSound\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "F:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Xiph QuickTime Components --> "C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
-- Application Event Log
Event Record #/Type30034 / Error
Event Submitted/Written: 03/16/2008 10:04:12 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type30026 / Success
Event Submitted/Written: 03/16/2008 08:43:58 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type30007 / Success
Event Submitted/Written: 03/16/2008 07:22:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type29993 / Success
Event Submitted/Written: 03/15/2008 11:47:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type29973 / Error
Event Submitted/Written: 03/15/2008 11:04:07 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application cmdagent.exe, version 2.4.0.19, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [cmdagent.exe!ws!]
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type73144 / Warning
Event Submitted/Written: 03/17/2008 10:32:10 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type73143 / Warning
Event Submitted/Written: 03/17/2008 10:31:59 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type73142 / Warning
Event Submitted/Written: 03/17/2008 10:31:58 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type73140 / Error
Event Submitted/Written: 03/17/2008 10:31:17 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.
Event Record #/Type73137 / Warning
Event Submitted/Written: 03/17/2008 10:29:44 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
-- End of Deckard's System Scanner: finished at 2008-03-17 22:32:16
0 -
bctrainers wrote: »Heya, while I am new to this community. Decided to help you out on this issue a bit. There are a few files that are sticking out like a sore thumb on that list.
Look, I know you're trying to be helpful and thanks for that but if the word rootkit doesn't stand out like a sore thumb enough for you not to suggest merely deleting the file then you shouldn't be trying to help people. No offence intended but if I was genuinely clueless about this and did as you said and thought the problem was fixed then identity theft etc etc are all on the cards.0 -
Hello
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O2 - BHO: (no name) - {04153C3A-0DC2-4489-A02B-CD3FF45518EF} - (no file)
O2 - BHO: (no name) - {2547F1B6-45DB-4ADE-83C7-614D51F85E57} - (no file)
O2 - BHO: (no name) - {53B138C6-F680-44AE-80F4-901EAE59F3E8} - (no file)
O2 - BHO: (no name) - {A0B8A2E4-0C24-4DC0-A60A-C5B3DC374B27} - (no file)
O2 - BHO: (no name) - {E0BB14A3-0790-4661-9DE8-963CE28DBAE9} - (no file)
O2 - BHO: (no name) - {E4069669-7977-49CB-B77E-1EA528FC66F5} - (no file)
O2 - BHO: (no name) - {FF181F9F-1853-487C-A0BB-1FD18C30C5B7} - (no file)
O4 - HKLM\..\Run: [BMb31536dd] Rundll32.exe "C:\WINDOWS\system32\lkglvyek.dll",s
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: tuvvtst - tuvvtst.dll (file missing)
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please download the OTMoveIt2 by OldTimer.- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\system32\tuvstsr.dll C:\WINDOWS\system32\lkglvyek.dll C:\WINDOWS\system32\tuvsqqr.dll C:\WINDOWS\system32\hgggdec.dll C:\WINDOWS\system32\uogfsjua.dll C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\ljjigda.dll C:\WINDOWS\system32\dnyvahhv.dll C:\WINDOWS\system32\byxuuus.dll C:\WINDOWS\system32\lkglvyek.dll
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
purity
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
You have two firewalls, so you need to disable Windows firewall
1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.
You also need to disable Comodo or PC Tools Firewall as well
Reboot and post a new DSS log0 -
OTMoveIt2 Log:
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvstsr.dll C:\WINDOWS\system32\tuvstsr.dll NOT unregistered. C:\WINDOWS\system32\tuvstsr.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\lkglvyek.dll C:\WINDOWS\system32\lkglvyek.dll NOT unregistered. C:\WINDOWS\system32\lkglvyek.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvsqqr.dll C:\WINDOWS\system32\tuvsqqr.dll NOT unregistered. C:\WINDOWS\system32\tuvsqqr.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgggdec.dll C:\WINDOWS\system32\hgggdec.dll NOT unregistered. C:\WINDOWS\system32\hgggdec.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\uogfsjua.dll C:\WINDOWS\system32\uogfsjua.dll NOT unregistered. C:\WINDOWS\system32\uogfsjua.dll moved successfully. C:\WINDOWS\system32\uttss.ini2 moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljjigda.dll C:\WINDOWS\system32\ljjigda.dll NOT unregistered. C:\WINDOWS\system32\ljjigda.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\dnyvahhv.dll C:\WINDOWS\system32\dnyvahhv.dll NOT unregistered. C:\WINDOWS\system32\dnyvahhv.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\byxuuus.dll C:\WINDOWS\system32\byxuuus.dll NOT unregistered. C:\WINDOWS\system32\byxuuus.dll moved successfully. File/Folder C:\WINDOWS\system32\lkglvyek.dll not found. [Custom Input] < purity > OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03182008_164949
DSS Log:Deckard's System Scanner v20071014.68 Run by Padraig O'Sullivan on 2008-03-18 16:53:57 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Padraig O'Sullivan.exe) ---------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:54, on 18/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe F:\iTunes\iTunesHelper.exe F:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\oodtray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Last.fm\LastFMHelper.exe C:\Documents and Settings\Padraig O'Sullivan\Desktop\dss.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\PADRAI~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,\userinit.exe, O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [BMb31536dd] Rundll32.exe "C:\WINDOWS\system32\lkglvyek.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ibb_cust - file://E:\AIB\ibb_cust.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147392805406 O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10177 bytes -- Files created between 2008-02-18 and 2008-03-18 ----------------------------- 2008-03-17 22:01:39 0 d-------- C:\WINDOWS\ERUNT 2008-03-16 22:04:57 0 d-------- C:\MSNCleaner 2008-03-16 21:28:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-16 21:28:04 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-16 21:28:04 0 d-------- C:\Documents and Settings\Padraig O'Sullivan\Application Data\SUPERAntiSpyware.com 2008-03-16 20:38:57 0 d-------- C:\Documents and Settings\Padraig O'Sullivan\Application Data\PCToolsFirewallPlus 2008-03-16 20:35:35 93440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver> 2008-03-16 20:35:33 0 d-------- C:\Program Files\Common Files\PC Tools 2008-03-16 20:35:32 0 d-------- C:\Program Files\PC Tools Firewall Plus 2008-03-16 19:58:05 0 d-------- C:\Program Files\ZoneAlarmSB 2008-03-16 19:55:45 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-03-16 19:55:21 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> 2008-03-16 19:54:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-16 19:54:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-16 19:54:30 0 d-------- C:\WINDOWS\system32\ZoneLabs 2008-03-15 23:07:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Comodo 2008-03-15 23:03:39 0 d-------- C:\Program Files\Sage 2008-03-15 11:43:01 0 d-------- C:\Program Files\Trend Micro 2008-03-13 23:47:30 0 d-------- C:\WINDOWS\Prefetch 2008-03-13 23:14:41 0 d-------- C:\Documents and Settings\Default User\Application Data\DivX 2008-03-13 21:58:19 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-13 21:58:19 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-13 21:58:19 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-13 21:58:19 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-13 21:58:16 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec> 2008-03-11 19:43:38 0 d-------- C:\VundoFix Backups 2008-02-29 23:40:12 0 d-------- C:\Documents and Settings\Padraig O'Sullivan\Application Data\Ventrilo 2008-02-29 23:38:28 0 d-------- C:\Program Files\Ventrilo 2008-02-26 15:22:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-26 15:22:43 0 d-------- C:\Program Files\Windows Live 2008-02-26 15:22:31 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller -- Find3M Report --------------------------------------------------------------- 2008-03-17 22:57:43 0 d-------- C:\Program Files\Semagic 2008-03-16 21:27:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-16 20:35:33 0 d-------- C:\Program Files\Common Files 2008-03-16 19:58:06 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-03-15 23:19:11 0 d-------- C:\Program Files\Comodo 2008-03-15 11:46:52 0 d-------- C:\Program Files\Opera 2008-03-14 13:25:01 0 d-------- C:\Program Files\Java 2008-03-14 12:02:06 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-03-14 12:02:05 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2008-03-13 23:42:09 0 d-------- C:\Program Files\Movie Maker 2008-03-13 23:42:04 0 d-------- C:\Program Files\Windows NT 2008-03-13 23:28:12 0 d--h----- C:\Program Files\WindowsUpdate 2008-03-13 23:13:09 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-02-22 05:49:48 8974 --a------ C:\WINDOWS\mozver.dat 2008-02-17 16:38:37 0 d-------- C:\Documents and Settings\Padraig O'Sullivan\Application Data\Winamp 2008-02-14 20:24:38 0 d-------- C:\Program Files\Stardock 2008-02-08 13:33:30 0 d-------- C:\Program Files\Common Files\Adobe 2008-01-29 04:35:31 121442 --a------ C:\Documents and Settings\Padraig O'Sullivan\Application Data\Cosmos Prefs 2008-01-28 22:40:40 0 d-------- C:\Documents and Settings\Padraig O'Sullivan\Application Data\Bioshock 2008-01-28 19:00:53 0 d-------- C:\Documents and Settings\Padraig O'Sullivan\Application Data\uTorrent 2008-01-28 18:58:41 0 d-------- C:\Documents and Settings\Padraig O'Sullivan\Application Data\Azureus 2008-01-24 15:44:49 0 d-------- C:\Program Files\Sony 2008-01-24 15:44:49 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-01-24 15:42:27 0 d-------- C:\Program Files\Common Files\Sony Shared 2008-01-24 15:42:27 0 d-------- C:\Documents and Settings\Padraig O'Sullivan\Application Data\Sony Corporation -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 04/10/2007 20:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 16/03/2008 19:58 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 20:06 1135968] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [16/03/2008 19:58 262144] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 13:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "iTunesHelper"="F:\iTunes\iTunesHelper.exe" [26/09/2007 14:42] "WinampAgent"="F:\Program Files\Winamp\winampa.exe" [15/01/2008 22:54] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [11/05/2007 02:08] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41] "nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\Ctxfihlp.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41] "00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [25/02/2008 16:49] "BMb31536dd"="C:\WINDOWS\system32\lkglvyek.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56] C:\Documents and Settings\Padraig O'Sullivan\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [21/07/2007 02:17:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,\userinit.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CONNECTAUTrayApp.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CONNECTAUTrayApp.lnk backup=C:\WINDOWS\pss\CONNECTAUTrayApp.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE -- End of Deckard's System Scanner: finished at 2008-03-18 16:54:50 ------------
ActorSeeksJob wrote: »You also need to disable Comodo or PC Tools Firewall as well
I uninstalled Comodo before I installed PC Tools. Did it leave stuff behind maybe? Comodo is definitely not running atm, or at least the main program isn't.
Thanks very much for your help btw.0 -
Nearly done now
No need to put the logs in code boxes
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O4 - HKLM\..\Run: [BMb31536dd] Rundll32.exe "C:\WINDOWS\system32\lkglvyek.dll",s
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Reboot and post a new DSS log and tell me how your PC is running0 -
Advertisement
-
The machine is running fine, one of my harddrives is giving a bit of trouble though (that Malware thing made things go a bit odd), so I'll get back to you with a scan once I've replaced it with a shiny new one.0
-
Hi, I have more or less the same problem. Tried to download a key gen for music software and while not paying full attention ended up getting truckloads of rogueware ads and warning icons. I've run every anti spyware search under the sun but I still have stuff popping up and my browser is pretty slow. I am completely ridled with the stuff.
As far as I know its a zlob trojan.
Should I follow the same instructions or do things differently?0 -
I'd advise starting your own thread and posting your own logs using the links ASJ provided. You might have additional spyware on the system that using the steps above may not catch.0
-
Do not follow the steps that were posted to nesf as this can damage your PC if you don't have the same infections he has
Make a new topic and I will help you0
Advertisement