Hi, my computer was all infected so I came to this forum, I read "read me before posting a request", so I ran all the programs
DSS MAIN
Deckard's System Scanner v20071014.68
Run by User on 2008-08-10 23:51:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-08-10 21:51:52 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-08-10 21:18:19 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).
System Drive C: has 2.96 GiB (less than 15%) free.
-- HijackThis (run as User.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56, on 2008-08-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\DO ONCE A MONTH\dss.exe
C:\DOCUME~1\User\Desktop\DOONCE~1\User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A593064F-EC2E-42A0-8980-63602F6AF20B} - C:\WINDOWS\system32\byXNfCSi.dll
O2 - BHO: {3f31ceaf-6df6-ff48-7284-4ca89011739e} - {e9371109-8ac4-4827-84ff-6fd6faec13f3} - C:\WINDOWS\system32\alwodj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [4799db9b] rundll32.exe "C:\WINDOWS\system32\arkjyygq.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: Photobucket Publisher - http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130233850519
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://esamanthasala.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
--
End of file - 11977 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
S3 bDMusicb - c:\docume~1\user\locals~1\temp\bdmusicb.sys (file missing)
S3 SQTECH9080 (MegaCam(PID_9080_00)) - c:\windows\system32\drivers\capt9080.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
R2 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module>
R2 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" <Not Verified; ; MaxBackServiceInt Module>
R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\onetouch\utils\syncservices.exe" <Not Verified; ; SyncServices>
S2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTEAC_DW-224E-A__________________________A.2E____\5&3264C8A2&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TEAC DW-224E-A
PNP Device ID: IDE\CDROMTEAC_DW-224E-A__________________________A.2E____\5&3264C8A2&0&0.0.0
Service: cdrom
-- Scheduled Tasks -------------------------------------------------------------
2008-08-10 23:27:16 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-05 21:43:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-07-10 and 2008-08-10 -----------------------------
2008-08-10 15:16:17 0 d-------- C:\Program Files\Panda Security
2008-08-10 15:09:56 82432 --a------ C:\WINDOWS\system32\arkjyygq.dll
2008-08-10 15:09:49 107008 --a------ C:\WINDOWS\system32\alwodj.dll
2008-08-10 15:09:48 107008 --a------ C:\WINDOWS\system32\gtlkgcet.dll
2008-08-10 15:09:14 2048 --a------ C:\WINDOWS\system32\vefqctiu.exe
2008-08-09 12:00:34 2048 --a------ C:\WINDOWS\system32\xbnbgqbl.exe
2008-08-09 12:00:25 107008 --a------ C:\WINDOWS\system32\bicajbwv.dll
2008-08-09 12:00:25 107008 --a------ C:\WINDOWS\system32\abahvl.dll
2008-08-09 11:59:57 89088 --a------ C:\WINDOWS\system32\kqojmuwa.dll
2008-08-05 16:39:00 418734 --ahs---- C:\WINDOWS\system32\iSCfNXyb.ini2
2008-08-05 15:27:58 68096 --a------ C:\WINDOWS\zip.exe
2008-08-05 15:27:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-05 15:27:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-05 15:27:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-05 15:27:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-05 15:27:58 98816 --a------ C:\WINDOWS\sed.exe
2008-08-05 15:27:58 80412 --a------ C:\WINDOWS\grep.exe
2008-08-05 15:27:58 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-04 23:31:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-08-04 21:16:07 2048 --a------ C:\WINDOWS\system32\oinvkwwc.exe
2008-08-04 21:16:05 83456 -----n--- C:\WINDOWS\system32\jkdwajvm.dll
2008-08-04 21:12:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-08-04 21:12:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-04 21:12:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-04 21:12:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-08-04 21:12:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-04 21:12:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-04 21:12:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-08-04 21:12:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-04 21:12:45 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-04 21:12:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-04 21:12:45 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-04 21:12:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-04 21:12:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-08-04 21:12:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-04 21:12:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-04 21:12:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-04 21:12:44 3670016 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-04 21:09:43 105472 --a------ C:\WINDOWS\system32\ilkkyp.dll
2008-08-04 21:09:42 105472 --a------ C:\WINDOWS\system32\lokihbaw.dll
2008-08-04 21:09:13 91648 --a------ C:\WINDOWS\system32\vrxtrieh.dll
2008-08-04 21:05:42 91648 --a------ C:\WINDOWS\system32\vnnkwcgb.dll
2008-08-03 17:55:11 0 d-------- C:\VundoFix Backups
2008-08-03 17:23:09 105472 --a------ C:\WINDOWS\system32\nirxvj.dll
2008-08-03 17:23:05 105472 --a------ C:\WINDOWS\system32\hgnldqpm.dll
2008-08-03 17:22:54 83456 --a------ C:\WINDOWS\system32\flxbsnss.dll
2008-08-03 17:22:30 91648 --a------ C:\WINDOWS\system32\ivhapami.dll
2008-08-01 08:24:18 105472 --a------ C:\WINDOWS\system32\cgkxqp.dll
2008-08-01 08:24:17 105472 --a------ C:\WINDOWS\system32\rjqpulbq.dll
2008-08-01 08:23:14 83456 --a------ C:\WINDOWS\system32\qsgpfsnl.dll
2008-08-01 08:22:36 91648 --a------ C:\WINDOWS\system32\ebahiaob.dll
2008-07-28 21:33:49 105472 --a------ C:\WINDOWS\system32\rkzraa.dll
2008-07-28 21:33:38 91648 --a------ C:\WINDOWS\system32\xmmxdlbt.dll
2008-07-28 14:25:03 314880 --a------ C:\WINDOWS\system32\byXNfCSi.dll
2008-07-28 14:23:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-07-28 14:22:40 0 d--hs---- C:\WINDOWS\VXNlcg
2008-07-28 14:20:20 64841 --a------ C:\WINDOWS\system32\lpuozmdysozvfkoj.exe
2008-07-28 14:20:02 0 d-------- C:\WINDOWS\system32\ntfig
2008-07-28 14:20:00 0 d-------- C:\WINDOWS\system32\wnet
2008-07-28 14:20:00 0 d-------- C:\WINDOWS\system32\bet2
-- Find3M Report ---------------------------------------------------------------
2008-08-05 17:29:05 0 d-------- C:\Program Files\NavNT
2008-08-05 17:06:39 0 d-------- C:\Program Files\Common Files
2008-08-05 16:00:07 0 d-------- C:\Documents and Settings\User\Application Data\skypePM
2008-08-04 23:33:11 0 d--h----- C:\Documents and Settings\User\Application Data\Move Networks
2008-07-27 10:35:36 0 d-------- C:\Program Files\Lx_cats
2008-06-27 14:15:20 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 22:47:12 0 d-------- C:\Documents and Settings\User\Application Data\Roxio
2008-06-06 18:39:01 456150 --a------ C:\WINDOWS\Natura Sound Therapy Uninstaller.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A593064F-EC2E-42A0-8980-63602F6AF20B}]
2008-07-28 14:25 314880 --a------ C:\WINDOWS\system32\byXNfCSi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9371109-8ac4-4827-84ff-6fd6faec13f3}]
2008-08-10 15:09 107008 --a------ C:\WINDOWS\system32\alwodj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-16 00:18 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-15 02:29]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 16:05]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 15:26]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-01-31 00:53]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 19:26]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-01 23:21]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 18:26]
"MemoryCardManager"="C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe" [2004-02-02 13:58]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 18:23]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 16:04]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 17:24]
"4799db9b"="C:\WINDOWS\system32\arkjyygq.dll" [2008-08-10 15:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-03-20 18:44:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-06 13:01:45]
Philips FunCam Monitor.lnk - C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe [2007-12-19 19:25:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXNfCSi
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e54bf52-7b9a-11db-bbbd-000e7f740085}]
AutoRun\command- F:\Autorun.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8972 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-08-11 00:01:23 ------------
EXTRA log
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel(R) CPU 2.80GHz
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 446.98 MiB / 95.43 MiB
Pagefile Memory (total/avail): 1057.52 MiB / 540.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.79 MiB
C: is Fixed (NTFS) - 55.92 GiB total, 2.96 GiB free.
\\.\PHYSICALDRIVE0 - SAMSUNG MP0603H - 55.93 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.92 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:BitTornado"
"C:\\Program Files\\SpywareBlaster\\spywareblaster.exe"="C:\\Program Files\\SpywareBlaster\\spywareblaster.exe:*:Enabled:SpywareBlaster"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Documents and Settings\\User\\My Documents\\My Documents\\Ragones files\\Emule\\emule.exe"="C:\\Documents and Settings\\User\\My Documents\\My Documents\\Ragones files\\Emule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"="C:\\Program Files\\Motorola\\Software Update\\msu.exe:*:Enabled:msu"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\VPC32.exe"="C:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\VPC32.exe:*:Enabled:Symantec AntiVirus Client"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype. Take a deep breath "
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAMANTHA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\SAMANTHA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\NVIDIA Corporation\NVIDIA DDS Utilities;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=SAMANTHA
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
User (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HPQ\Software Setup\Uninst.isu" -c"C:\Program Files\HPQ\Software Setup\CPQUNST.DLL"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE Mega CoDecS Pack --> "C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BitTornado 0.3.7 --> C:\Program Files\BitTornado\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Caesar 3 --> C:\WINDOWS\IsUn040c.exe -fC:\SIERRA\Caesar3\Uninst.isu
Caplio Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80819F5D-9E5D-4D77-B3F0-36557B3086A6}\setup.exe" -l0x9 anything
CEP - Color Enable Package --> "C:\WINDOWS\unins000.exe"
Client Windows Rights Management --> MsiExec.exe /X{6FDC80E2-C818-4EDA-93DB-453490DE2907}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant 56K ACLink Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
Conexant AC-Link Audio --> CIAunwdm.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
easy Internet sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
Easy Video Converter 7.2.1 --> "C:\Program Files\Easy Video Converter\unins000.exe"
eMulev0.47c.-MorphXTv9.6 --> "C:\Program Files\eMule\unins000.exe"
Encarta Online --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0A23442-6214-11D3-8CDF-0080C768385C}\setup.exe" -l0x9 -uninst
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java 2 Runtime Environment Standard Edition v1.2.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.2\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Lexmark 810 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBSUNST.EXE -NOLICENSE
Lexmark Precision Photo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{56F81937-C3B5-4C98-A260-E47B631709D7} /l1033 /z/U
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Magic ISO Maker v5.3 (build 0229) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Maxtor Backup --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9C3F9580-F5CF-4288-894E-9FF0EB24A21C} /l1033
Maxtor OneTouch III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9} /l1033
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E3040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mon Livre Photo by Cewe --> "C:\Program Files\Mon Livre Photo by Cewe\unins000.exe"
Motorola Driver Installation --> MsiExec.exe /I{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x40c -removeonly
Motorola Software Update --> MsiExec.exe /I{3D13B5F1-8FE4-4829-AA6E-6461D4B0B7E8}
MP3 Player Utilities 3.68 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP4 to MP3 Converter 3 --> C:\Program Files\MP4Converter\MP4 to MP3 Converter 3\Uninstall.exe
MSUlvc06 Lossless Video Codec 0.6.0 (Remove Only) --> RunDLL32.exe advpack.dll,LaunchINFSection msulvc06.INF, DefaultUnInstall
Natura Sound Therapy --> C:\WINDOWS\Natura Sound Therapy Uninstaller.exe
Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe
Neuf Giga Drive v2.3.0 --> "C:\Program Files\Neuf\Neuf Giga Drive\unins000.exe"
Notebook Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\Setup.exe" -l0x9 UNINSTALL
One-Touch Buttons --> C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Philips FunCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8ED84666-3A2A-4E28-AB26-B6B65260CB86}\Setup.exe" -l0x9
Philips FunCam Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E793B230-D5E0-4500-8476-E0B94112C3A6}\SETUP.EXE" -l0x9
PhotoSmart Printer Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HP PhotoSmart Printers\PhotoImpression\Uninst.isu"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Railroad Tycoon 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE29025A-091F-4998-AD2D-24C84421190F}\setup.exe" -l0x40c
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Swoosh EDN Client (lol remove only) --> C:\WINDOWS\RSEDNClientUninstaller.exe
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v2.5.2 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Utilitaires Sierra --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Webshots Toolbar --> C:\Program Files\Webshots\ToolbarUninstall.exe
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> C:\Program Files\WinZip\WINZIP32.EXE /uninstall
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\WINDOWS\DOWNLO~1\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zelda Classic 2.10w --> C:\Program Files\ZC2.10\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type11508 / Success
Event Submitted/Written: 08/10/2008 11:24:07 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.
Event Record #/Type11501 / Success
Event Submitted/Written: 08/10/2008 11:10:53 PM / 08/10/2008 11:10:54 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.
Event Record #/Type11495 / Success
Event Submitted/Written: 08/10/2008 10:36:13 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.
Event Record #/Type11494 / Warning
Event Submitted/Written: 08/10/2008 10:29:20 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C
Event Record #/Type11493 / Warning
Event Submitted/Written: 08/10/2008 10:29:20 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91E3040C-6000-11D3-8CFE-0150048383C9}', feature 'WordUserData', component '{8ADD2C93-C8B7-11D1-9C67-0000F81F1B38}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\UserData' does not exist.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type55201 / Error
Event Submitted/Written: 08/10/2008 11:24:38 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
cdudf_xp
Event Record #/Type55200 / Error
Event Submitted/Written: 08/10/2008 11:24:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The StarWind iSCSI Service service failed to start due to the following error:
%%2
Event Record #/Type55199 / Error
Event Submitted/Written: 08/10/2008 11:24:21 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Symantec AntiVirus Client service terminated with the following error:
%%5
Event Record #/Type55198 / Error
Event Submitted/Written: 08/10/2008 11:24:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ati HotKey Poller service failed to start due to the following error:
%%1053
Event Record #/Type55197 / Error
Event Submitted/Written: 08/10/2008 11:24:21 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
-- End of Deckard's System Scanner: finished at 2008-08-11 00:01:23 ------------
Disk clean up, add/remove programs, malicious software removal tool from windows, ATF cleaner,
malwarebytes (mbam) log
Malwarebytes' Anti-Malware 1.24
Database version: 1038
Windows 5.1.2600 Service Pack 2
04:49:16 2008-08-11
mbam-log-8-11-2008 (04-49-16).txt
Scan type: Full Scan (C:\|)
Objects scanned: 126876
Time elapsed: 1 hour(s), 28 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 28
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\arkjyygq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXNfCSi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\alwodj.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a593064f-ec2e-42a0-8980-63602f6af20b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a593064f-ec2e-42a0-8980-63602f6af20b} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9371109-8ac4-4827-84ff-6fd6faec13f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e9371109-8ac4-4827-84ff-6fd6faec13f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4799db9b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxnfcsi -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxnfcsi -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\byXNfCSi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iSCfNXyb.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iSCfNXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alwodj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\arkjyygq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qgyyjkra.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flxbsnss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssnsbxlf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkdwajvm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvjawdkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qsgpfsnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lnsfpgsq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\AntiMalwareGuard\amg.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gtlkgcet.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lpuozmdysozvfkoj.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oinvkwwc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vefqctiu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xbnbgqbl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wnet\MOZV3231dm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\VXNlcg\asappsrv.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\WINDOWS\VXNlcg\command.exe (Adware.CommAd) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM44aae807.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM44aae807.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
ESET online who found 91 infections..., ran it twice, the second time I had none
HiJackThis log
Logfile of HijackThis v1.99.1
Scan saved at 09:16, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Webshots\webshots.scr
C:\Documents and Settings\User\Desktop\DO ONCE A MONTH\HijackThis.exe
R0 - HKCU\Software\Mic
