Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page Looks like a tough one
Register FAQ Calendar Today's Active Topics Search

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Closed Topic
Page 1 of 2 1 2
 
Topic Tools
  #1  
Old June 3rd, 2008, 11:47 PM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
Looks like a tough one
I don't think this is going to be easy. I have something that redirects my web address. When I click on a website in the search results of Google I get sent someplace else. I have ran system mechanic, registry mechanic, adaware, and spybot S&D and none of them could get rid of it.
Here's the "Stuff" (log File)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:23 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\1142496391\EE\aolsoftware.exe
c:\program files\common files\aol\1142496391\ee\services\safetyCore\ver210 _5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebRe...EL424AA&LF=red
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdblt.exe] C:\WINDOWS\system32\kdblt.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.windll.com
O15 - Trusted IP range: http://170.164.50.60
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1197305858578
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188750979843
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Compaq_Owner\Desktop\my funny clips\Chuy with an outboard for sale.JPG
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 7492 bytes
  #2  
Old June 4th, 2008, 06:40 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Hi Brunobasser. I can see a couple of problems but I would like to see more comprehensive logs before we start cleaning up. Download Deckard's System Scanner (dss.exe) from here to your Desktop. Close all open applications and windows, doubleclick on dss.exe to run it and follow the prompts.

When the scan is complete, a text file will open. Copy and paste the contents of this log (Main.txt) in your next reply. Also post the contents of Extra.txt (it should be minimised on your taskbar but if not, it can be found in the C:\Deckard\System Scanner folder). You may find that the maximum characters allowed is exceeded when you post. If so, halve the logs and make several posts.
  #3  
Old June 4th, 2008, 07:27 AM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
Deckards didn't work
Ann Marie,
I downloaded the dss.exe and tried to run it and the program starts and when it gets to "backing up the hives" the programs hangs and then quits?
No text file "Main" or "extra" on the taskbar or in the Deckards File.
I disabled the screen saver and closed all programs.
Could it be something i did or did not do?

Thanks for taking the time to help me with this.
  #4  
Old June 4th, 2008, 07:49 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Ok, try this.

Make sure dss.exe is saved to your desktop and go to Start > Run and copy and paste the following command and then click on OK.

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens, click the "Check All" button. Next, under Main Log, uncheck the following:

System Restore
Temp Cleanup
Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear. Copy and paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Open it and copy and paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder).
  #5  
Old June 4th, 2008, 08:55 AM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
OK here ya go Part 1
That Worked.
Here's the results, Good Luck
Thanks again

Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-06-04 00:42:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 15.06 GiB (less than 15%) free.


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:08 AM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\AOL\1142496391\EE\aolsoftware.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
c:\program files\common files\aol\1142496391\ee\services\safetyCore\ver210 _5_2_1\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebRe...EL424AA&LF=red
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdblt.exe] C:\WINDOWS\system32\kdblt.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.windll.com
O15 - Trusted IP range: http://170.164.50.60
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1197305858578
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188750979843
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Compaq_Owner\Desktop\my funny clips\Chuy with an outboard for sale.JPG
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 7668 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080603-152403-401 O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdblt.exe] C:\WINDOWS\system32\kdblt.exe
backup-20080603-152449-918 O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdblt.exe] C:\WINDOWS\system32\kdblt.exe

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 FGDSCSI - c:\windows\system32\drivers\fgdscsi.sys
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 sbusb (Sound Blaster USB Audio Driver) - c:\windows\system32\drivers\sbusb.sys (file missing)
S4 PfModNT - c:\windows\system32\pfmodnt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 ITMRTSVC (CA Pest Patrol Realtime Protection Service) - "c:\program files\ca\pprt\bin\itmrtsvc.exe" (file missing)
S4 merger - "c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe" <Not Verified; Microsoft Corporation; Microsoft(R) Application Compatibility Toolkit>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {CFB15040-5BC7-11D3-B194-0060B0EFD4AA}
Description:
Device ID: ROOT\UNKNOWN\0001
Manufacturer:
Name:
PNP Device ID: ROOT\UNKNOWN\0001
Service:


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 248)
2001-02-07 10:17:02 364607 --a------ C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Handwriting Input UI>
2005-05-24 01:28:16 7168 --a----c- C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent>


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-03 15:04:48 0 d-------- C:\Program Files\Trend Micro
2008-06-01 20:50:18 0 d-------- C:\WINDOWS\nvidia icons
2008-06-01 18:22:21 0 d-------- C:\UnrealTournament
2008-05-31 11:53:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-31 11:53:16 22528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-31 11:53:16 34304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-31 11:39:13 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-31 11:37:46 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\iolo
2008-05-31 11:37:46 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-26 22:02:57 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-12 20:59:56 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller


-- Find3M Report ---------------------------------------------------------------

2008-05-31 14:22:16 0 d-------- C:\Program Files\America Online 9.0
2008-05-31 11:53:15 0 d-------- C:\Program Files\iolo
2008-05-31 10:38:07 0 d-------- C:\Program Files\Google
2008-05-22 18:25:17 0 d-------- C:\Program Files\dezkzijw
2008-05-17 00:47:15 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-05-10 08:46:47 0 d-------- C:\Program Files\West Point Bridge Designer 2006
2008-05-10 08:46:47 0 d-------- C:\Program Files\GuitarVision
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-29 07:51:23 99368 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-27 07:16:26 81 -r-hs---- C:\WINDOWS\CT5STET.BIN
2008-04-27 07:15:17 0 d-------- C:\Program Files\Reallusion
2008-04-27 07:15:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 05:45:53 0 --a----c- C:\WINDOWS\brdfxspd.dat
2008-04-22 05:44:05 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC-FAX TX
2008-04-21 09:22:05 0 d-------- C:\Program Files\QuickTime
2008-04-13 08:07:08 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-13 08:01:52 0 d-------- C:\Program Files\EzVoice 3.3
2008-04-13 07:46:56 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-04-13 07:46:13 0 d-------- C:\Program Files\Brother
2008-04-13 07:42:12 0 d-------- C:\Program Files\Nuance
2008-04-13 07:40:18 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-04-13 07:40:14 0 d-------- C:\Program Files\Common Files
2008-04-13 07:39:54 0 d-------- C:\Program Files\ScanSoft
2008-03-21 02:01:22 50 --a----c- C:\WINDOWS\system32\BRIDF04A.dat
  #6  
Old June 4th, 2008, 08:56 AM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
part II
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [05/24/2005 01:28 AM C:\WINDOWS\CTHELPER.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe" [04/12/2007 02:23 PM]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [10/02/2007 11:10 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [01/29/2007 09:12 PM]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [03/23/2007 01:14 PM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [01/26/2007 03:58 PM]
"C:\WINDOWS\system32\kdblt.exe"="C:\WINDOWS\system 32\kdblt.exe" [08/04/2004 05:00 AM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [05/06/2008 04:36 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [02/11/2008 09:11 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"Wallpaper"=
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoStartBanner"=00000000
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Compaq_Owner\Desktop\my funny clips\Chuy with an outboard for sale.JPG
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdblt.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1142496391\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2 (0x2)
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"LightScribeService"=3 (0x3)
"merger"=3 (0x3)
"Brother XP spl Service"=3 (0x3)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"Windows Management Service"=2 (0x2)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"McShield"=2 (0x2)
"aolavupd"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinPatrol PLUS"=C:\WinPatrol\WinPatrol.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\IS USPM.exe -startup


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-06-04 00:43:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
---------------------------------------------------------------------------------- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) Processor 3200+
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1278.48 MiB / 684.91 MiB
Pagefile Memory (total/avail): 4582.51 MiB / 4126.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.93 MiB

C: is Fixed (NTFS) - 142.08 GiB total, 15.06 GiB free.
D: is Fixed (FAT32) - 6.96 GiB total, 1.54 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-00GUC0 - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.97 GiB - D:
\PARTITION1 (bootable) - Installable File System - 142.08 GiB - C:

\\.\PHYSICALDRIVE1 - Brother MFC-685CW USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation)
AV: AOL Antivirus v210.5.2.1 (AOL)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled: AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled: AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1142496391\\EE\\AOLServiceHost.exe"="C :\\Program Files\\Common Files\\AOL\\1142496391\\EE\\AOLServiceHost.exe:*:E nabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\ \Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Ena bled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\ system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled: AOL TopSpeed"
"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe"="C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe:*:Enabled:tes t1 Module"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\sys tem32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\MoxieProxy\\ProspectorV3\\Prospector.exe"=" C:\\Program Files\\MoxieProxy\\ProspectorV3\\Prospector.exe:*: Enabled:Prospector.exe"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Owner
LOGONSERVER=\\HAL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;c:\Python22;C:\Program Files\Microsoft USB Flash Drive Manager\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft USB Flash Drive Manager\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=HAL
USERNAME=Compaq_Owner
USERPROFILE=C:\Documents and Settings\Compaq_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Owner (admin)
Ecurb (admin)
  #7  
Old June 4th, 2008, 08:59 AM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
part III, your gonna need some coffee
-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Professional\Digital Audio System\Program\SETUP.EXE" /S /U /W
--> "C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
--> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5633D266-6BAE-41CE-987F-0FE5F5F92D64}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A9CAD --> MsiExec.exe /I{C8E104FE-D57E-4082-9524-6C3A1C8DBDD7}
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Agere Systems PCI Soft Modem --> agrsmdel
AmpliTube LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{216EAAD9-D733-4141-BEAF-2C0B6F6B1D04}\Setup.exe" -l0x9 uninstall
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Brother MFL-Pro Suite --> "C:\Program Files\InstallShield Installation Information\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
CA Pest Patrol Realtime Protection --> MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Cakewalk Audio Finder Tool --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CWAF\DeIsL1.isu"
Cakewalk VST Adapter 4 --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Call of Duty - United Offensive --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty Game of the Year Edition --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
CombiMovie version 2 --> C:\PROGRA~1\COMBIM~1\UNWISE.EXE C:\PROGRA~1\COMBIM~1\INSTALL.LOG
Compaq Connections (remove only) --> C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Compaq Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
CrazyTalk v4.6 Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40B3D357-96DE-4889-A8F4-C533A39E3608}\Setup.exe" -l0x9 /uninstall
CrazyTalk v5.0 --> C:\Program Files\InstallShield Installation Information\{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1 \IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SU BSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
Digital Audio System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6ACBC6E4-03D0-422E-A0CA-3BA1A8EF8374}\SETUP.EXE" -l0x9 /remove
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
E-MU PatchMix DSP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5633D266-6BAE-41CE-987F-0FE5F5F92D64}\setup.exe" -l0x9 /remove
Ez-Architect --> MsiExec.exe /I{16605D8C-8469-4D20-9C32-ED0A47FA6AD3}
First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D917C5F-1CF9-42E0-899F-78AC10576405}\setup.exe" -l0x9 UNINSTALL
Fruityloops Express --> MsiExec.exe /X{35F490E3-3543-4840-BC24-1E7E83472179}
Futuremark Measurement Services Client --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
Garmin MapSource --> MsiExec.exe /X{DF4B49A6-C31A-4D68-8983-505EC9334A63}
Garmin WebUpdater --> MsiExec.exe /X{996EC44B-38E1-4898-8E47-3EE3D15F2712}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Guitar Tracks Pro 2.0 --> C:\PROGRA~1\Cakewalk\GUITAR~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\GUITAR~1\INSTALL.LOG
GuitarVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3884FCC0-9E16-423B-959A-FD77DD2F39E6}\setup.exe" -l0x9
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\s puninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Support Overview --> "C:\WINDOWS\unins000.exe"
iFly 747-400 --> MsiExec.exe /I{CD5EDC95-46C4-4008-8513-3BA826EAC374}
IL-2 Sturmovik Demo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ubi Soft\IL-2 Sturmovik Demo\Uninst.isu"
ImageMixer EasyStepDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C32B46-41C3-438F-94F6-55FE150D50D8}\setup.exe" -l0x9 UNINSTALL
iolo technologies' System Mechanic 7 --> "C:\Program Files\iolo\System Mechanic 7\unins000.exe"
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Live 4.1.2 --> C:\PROGRA~1\Ableton\LIVE41~1.2\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE41~1.2\Install\INSTALL.LOG
Live 6.0.7 --> C:\PROGRA~1\Ableton\LIVE60~1.7\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE60~1.7\Install\INSTALL.LOG
MapSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
MapSource - City Select North America v6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{5F8434AA-E977-4A28-8D39-35969565DF53} /l1033
MapSource - City Select North America v7 Update --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{C6279D46-3D24-4F88-BBA1-DEDD0E532EB4} /l1033
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Application Compatibility Toolkit 4.1 --> MsiExec.exe /I{8BF235B3-F7AD-4670-9131-E95582E5A405}
Microsoft Combat Flight Simulator 3.1 --> "C:\Program Files\Microsoft Games\Combat Flight Simulator 3\UNINSTAL.EXE" /runtemp /addremove
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 --> MsiExec.exe /I{85DF6786-66AA-42EE-8616-AE456B07BD99}
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\I Driver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X --> MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Photo Scenery Display Update --> MsiExec.exe /I{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}
Microsoft Flight Simulator X Service Pack 1 --> C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 2 --> MsiExec.exe /X{4847BBB9-EADD-4C92-90BF-4223B0892FF6}
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Project Standard 2002 --> MsiExec.exe /I{913A0409-6000-11D3-8CFE-0050048383C9}
Microsoft USB Flash Drive Manager --> MsiExec.exe /I{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola Driver Installation --> MsiExec.exe /I{0D442113-1F96-40DE-948C-5850CE7B8005}
Motorola USB Drivers --> C:\PROGRA~1\MOTORO~1\UNWISE.EXE C:\PROGRA~1\MOTORO~1\INSTALL.LOG
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Nostromo --> MsiExec.exe /X{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PaperPort Image Printer --> MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PentagonBridge 9907 --> C:\WINDOWS\IsUninst.exe -fc:\Bridge\Uninst.isu
Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickBooks Basic Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b21-78c1-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b21-78c1-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rand McNally SGDE Engine V6.35 --> MsiExec.exe /I{63505193-EE81-450B-9F74-B1F25FAE64B7}
Rand McNally SGDE Search Databases --> MsiExec.exe /X{BE50CAF7-C98E-4242-B476-C1BCEFC6E22E}
Rand McNally Street Guide San Bernardino and Riverside Counties --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\I Driver.exe /M{F405FC2F-8BA7-44CB-8932-F22678ED992B}
Rand McNally Street Guide XP SP2 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19F32745-B7F9-4FC0-BC64-1148CAB55846}\Setup.exe" -l0x9 AnyText
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RiskyProject 2.1 --> MsiExec.exe /I{F03D9800-6054-4452-8C86-5AD21EFB36BC}
Safety and Security Center Uninstaller --> C:\Program Files\Common Files\AOL\uninstaller.exe
Saitek SD6 Programming Software 6.0.10.7 --> MsiExec.exe /X{DC6CD4F8-6AF8-4B47-A25A-9D9560D3845E}
ScanSoft PaperPort 11 --> MsiExec.exe /I{B6C89654-A6A2-477C-873B-724EC1C56407}
SeaStorm 3D Screensaver (remove only) --> "C:\Program Files\SeaStorm 3D Screensaver\Uninstall.exe"
SeaTools for Windows --> MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe"
SONAR LE --> C:\PROGRA~1\Cakewalk\SONARL~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONARL~1\INSTALL.LOG
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony DVD Handycam USB Driver 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A360821C-6B51-4EE4-A7E5-5E14B15004CD}\Setup.exe" UNINSTALL
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase LE --> "C:\Program Files\Steinberg\Cubase LE\Uninstall.exe" "C:\Program Files\Steinberg\Cubase LE\Install.log"
Studio Buddy --> C:\WINDOWS\unvise32.exe c:\PROGRA~1\uninstal.log
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tangent v1.00 Demo --> C:\WINDOWS\ST4UNST.EXE -n "C:\Program Files\TangDemo\ST4UNST.LOG"
The TileProxy Project for Microsoft FSX und FS 2004 --> "C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe"
Thomas Bros. Street Guide Digital Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{085FE193-B676-11D4-82BC-00A0C993905F}\setup.exe" -l0x9 AnyText
Ufd Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9331E1EE-FB9F-11D6-ACFF-000082512888}\Setup.exe" -l0x9
Unreal Tournament G.O.T.Y. Edition --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
WaveLab Lite --> "C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log"
West Point Bridge Designer 2006 --> C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2006\irunin.ini"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spunins t.exe"
Wings of POWER II: P51 Mustang --> C:\PROGRA~1\MI9A48~1\MICROS~1\\UNWISE.EXE C:\PROGRA~1\MI9A48~1\MICROS~1\\tempwp.log
Wings of POWER: Heavy Bombers and Jets --> C:\PROGRA~1\MI9A48~1\MICROS~1\\UNWISE.EXE C:\PROGRA~1\MI9A48~1\MICROS~1\\tempwp.log
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
  #8  
Old June 4th, 2008, 09:00 AM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
Part IV, More coffee
-- Application Event Log -------------------------------------------------------

Event Record #/Type322 / Error
Event Submitted/Written: 06/04/2008 00:42:48 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type319 / Error
Event Submitted/Written: 06/04/2008 00:42:47 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type318 / Error
Event Submitted/Written: 06/04/2008 00:42:47 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type299 / Error
Event Submitted/Written: 06/01/2008 05:05:08 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126648864.

Event Record #/Type298 / Error
Event Submitted/Written: 06/01/2008 05:05:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1862819 / Error
Event Submitted/Written: 06/04/2008 00:38:25 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%2

Event Record #/Type1862816 / Error
Event Submitted/Written: 06/04/2008 00:38:24 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%2

Event Record #/Type1862813 / Error
Event Submitted/Written: 06/04/2008 00:38:23 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%2

Event Record #/Type1862810 / Error
Event Submitted/Written: 06/04/2008 00:38:23 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%2

Event Record #/Type1862807 / Error
Event Submitted/Written: 06/04/2008 00:38:21 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-06-04 00:43:23 ------------


I hope I didn't miss anything
Ann Marie, You are a Trooper for looking at all this Thanks a bunch!
  #9  
Old June 4th, 2008, 09:19 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
You are welcome.

Download the latest version of Combofix.exe from here and save it to your C folder (C:\ComboFix.exe).

Doubleclick on combofix.exe and and the scan will start. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

NB Please disable your antivirus program as it may interfere with ComboFix's routines.

Copy this log in your next reply together with a new Hijack This log.
  #10  
Old June 4th, 2008, 07:56 PM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
More Results
I ran ComboFix.exe and Hijack This.
Here is the Combofix Log
ComboFix 08-06-03.4 - Compaq_Owner 2008-06-04 11:19:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.714 [GMT -7:00]
Running from: C:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\{C7AAAD17-8ACB-4778-8DFF-1A100509DE1E}.exe
C:\WINDOWS\system32\kdblt.exe
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\nuinopsd
C:\WINDOWS\system32\nuinopsd\bg1.gif
C:\WINDOWS\system32\nuinopsd\bgtop.gif
C:\WINDOWS\system32\nuinopsd\bottom1.gif
C:\WINDOWS\system32\nuinopsd\essentials.gif
C:\WINDOWS\system32\nuinopsd\icon1.ico
C:\WINDOWS\system32\nuinopsd\install1.gif
C:\WINDOWS\system32\nuinopsd\left1.gif
C:\WINDOWS\system32\nuinopsd\li.gif
C:\WINDOWS\system32\nuinopsd\logo.gif
C:\WINDOWS\system32\nuinopsd\main.htm
C:\WINDOWS\system32\nuinopsd\mainframe.htm
C:\WINDOWS\system32\nuinopsd\reinstall1.gif
C:\WINDOWS\system32\nuinopsd\right1.gif
C:\WINDOWS\system32\nuinopsd\s1.htm
C:\WINDOWS\system32\nuinopsd\s2.htm
C:\WINDOWS\system32\nuinopsd\s3.htm
C:\WINDOWS\system32\nuinopsd\SMTop1.gif
C:\WINDOWS\system32\nuinopsd\SMTop2.gif
C:\WINDOWS\system32\nuinopsd\SMTop3.gif
C:\WINDOWS\system32\nuinopsd\SMTop4.gif
C:\WINDOWS\system32\nuinopsd\soft1_off.gif
C:\WINDOWS\system32\nuinopsd\soft1_off_ext.gif
C:\WINDOWS\system32\nuinopsd\soft1_on.gif
C:\WINDOWS\system32\nuinopsd\soft1_on_ext.gif
C:\WINDOWS\system32\nuinopsd\soft2_off.gif
C:\WINDOWS\system32\nuinopsd\soft2_off_ext.gif
C:\WINDOWS\system32\nuinopsd\soft2_on.gif
C:\WINDOWS\system32\nuinopsd\soft2_on_ext.gif
C:\WINDOWS\system32\nuinopsd\soft3_off.gif
C:\WINDOWS\system32\nuinopsd\soft3_off_ext.gif
C:\WINDOWS\system32\nuinopsd\soft3_on.gif
C:\WINDOWS\system32\nuinopsd\soft3_on_ext.gif
C:\WINDOWS\system32\nuinopsd\softbottom_off.gif
C:\WINDOWS\system32\nuinopsd\softbottom_on.gif
C:\WINDOWS\system32\nuinopsd\softleft_off.gif
C:\WINDOWS\system32\nuinopsd\softleft_on.gif
C:\WINDOWS\system32\nuinopsd\Thumbs.db
C:\WINDOWS\system32\nuinopsd\top1.gif
C:\WINDOWS\system32\nuinopsd\top2.gif
C:\WINDOWS\system32\nuinopsd\turnoff1.gif
C:\WINDOWS\system32\nuinopsd\turnon1.gif
C:\WINDOWS\WINDOWS
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 11:16 . 2008-06-04 11:16 1,953,707 --a------ C:\ComboFix.exe
2008-06-03 22:45 . 2008-06-03 22:45 <DIR> d-------- C:\Deckard
2008-06-03 15:04 . 2008-06-03 15:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-03 12:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-03 12:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-03 11:56 . 2008-06-03 11:56 11,776 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-03 09:45 . 2008-06-03 21:43 52,692 --a------ C:\VETlog.dmp
2008-06-01 20:50 . 2008-06-01 20:50 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-01 18:22 . 2008-06-01 19:18 <DIR> d-------- C:\UnrealTournament
2008-05-31 11:53 . 2008-05-31 11:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-31 11:53 . 2008-05-06 16:36 428,904 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-05-31 11:53 . 2008-03-24 08:53 34,304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-31 11:53 . 2008-03-24 08:53 22,528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-31 11:53 . 2008-05-31 11:53 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-31 11:39 . 2008-05-31 11:39 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-31 11:37 . 2008-06-03 14:59 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\iolo
2008-05-31 11:37 . 2008-05-31 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-26 22:43 . 2008-05-26 22:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 22:02 . 2008-05-26 22:02 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-12 20:59 . 2008-05-12 21:00 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-04 08:05 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-03 19:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 21:22 --------- d-----w C:\Program Files\America Online 9.0
2008-05-31 18:53 --------- d-----w C:\Program Files\iolo
2008-05-31 17:38 --------- d-----w C:\Program Files\Google
2008-05-23 01:25 --------- d-----w C:\Program Files\dezkzijw
2008-05-17 07:47 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-05-10 15:46 --------- d-----w C:\Program Files\West Point Bridge Designer 2006
2008-05-10 15:46 --------- d-----w C:\Program Files\GuitarVision
2008-05-03 05:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-04-29 14:51 99,368 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-27 14:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 14:15 --------- d-----w C:\Program Files\Reallusion
2008-04-22 12:44 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\PC-FAX TX
2008-04-21 16:22 --------- d-----w C:\Program Files\QuickTime
2008-04-21 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 15:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-13 15:01 --------- d-----w C:\Program Files\EzVoice 3.3
2008-04-13 14:46 --------- d-----w C:\Program Files\Brother
2008-04-13 14:42 --------- d-----w C:\Program Files\Nuance
2008-04-13 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-13 14:40 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-04-13 14:39 --------- d-----w C:\Program Files\ScanSoft
2008-02-21 06:57 22,328 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\PnkBstrK.sys
2007-05-03 18:19 478 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-01-20 17:50 2,188 -c--a-w C:\Program Files\uninstal.log
2007-08-11 05:20 61 --sh--w C:\WINDOWS\cnerolf.bin
2006-06-15 06:45 61 -csh--w C:\WINDOWS\cnerolf.dat
2005-07-13 17:16 3,985 --sha-w C:\WINDOWS\rreg32.dll
2005-07-13 17:16 1,548 --sha-w C:\WINDOWS\utapi32.dll
2006-04-01 18:26 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2008-02-11 21:11 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"C:\WINDOWS\system32\kdblt.exe"="C:\WINDOWS\system 32\kdblt.exe" [ ]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2005-05-24 01:28 16384 C:\WINDOWS\CTHELPER.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"HostManager"="C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe" [2007-04-12 14:23 42032]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 11:10 131072]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 13:14 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-05-06 16:36 764776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Compaq_Owner\Desktop\my funny clips\Chuy with an outboard for sale.JPG
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-02-11 21:11 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-04-12 14:23 42032 C:\Program Files\Common Files\AOL\1142496391\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 10:41 1605740 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-28 00:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 22:46 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-18 17:57 116272 C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2005-05-24 01:17 25088 C:\WINDOWS\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-29 18:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--a------ 2007-08-11 15:48 292152 C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2 (0x2)
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"LightScribeService"=3 (0x3)
"merger"=3 (0x3)
"Brother XP spl Service"=3 (0x3)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"Windows Management Service"=2 (0x2)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"McShield"=2 (0x2)
"aolavupd"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinPatrol PLUS"=C:\WinPatrol\WinPatrol.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\IS USPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142496391\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MoxieProxy\\ProspectorV3\\Prospector.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sony pvl3.sys [2007-06-28 12:28]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sony pvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sony pvt3.sys [2004-12-06 14:26]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-12-12 11:28]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-09-03 09:53]
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2007-08-14 11:57]
S3 BrSerWdm;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 14:12]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
S3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH 0763.sys [2006-06-08 02:37]
S3 SaiH2541;SaiH2541;C:\WINDOWS\system32\DRIVERS\SaiH 2541.sys [2007-05-01 17:10]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys []
S4 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 11:33]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 11:25:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Common Files\AOL\1142496391\EE\services\safetyCore\ver210 _5_2_1\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0\shellmon.exe
.
************************************************** ************************
.
Completion time: 2008-06-04 11:34:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 18:34:49

Pre-Run: 16,066,068,480 bytes free
Post-Run: 16,001,499,136 bytes free

283
  #11  
Old June 4th, 2008, 07:58 PM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
The Hijack this log
Here is the HiJack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:50 AM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Common Files\AOL\1142496391\EE\aolsoftware.exe
c:\program files\common files\aol\1142496391\ee\services\safetyCore\ver210 _5_2_1\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebRe...EL424AA&LF=red
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdblt.exe] C:\WINDOWS\system32\kdblt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.windll.com
O15 - Trusted IP range: http://170.164.50.60
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1197305858578
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188750979843
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Compaq_Owner\Desktop\my funny clips\Chuy with an outboard for sale.JPG
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 7430 bytes


I think we are getting close.......
  #12  
Old June 5th, 2008, 12:27 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Close Internet Explorer and any open windows and run Hijack This again. Check the below entries and click on Fix Checked.

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdblt.exe] C:\WINDOWS\system32\kdblt.exe

O15 - Trusted Zone: http://*.windll.com

O15 - Trusted IP range: http://170.164.50.60 (fix this if you did not add this address)

O24 - Desktop Component 1: (no name) - (no file)

Open notepad and copy and paste the text in the codebox below into it:

Code:
DirLook::
C:\Program Files\dezkzijw

Suspect::
C:\WINDOWS\rreg32.dll
C:\WINDOWS\utapi32.dll
Go to File > Save As and save the file as CFScript.txt and set the location to your Desktop. Drag CFScript.txt and drop it into ComboFix.exe. See below:



ComboFix will run again. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply.

Additionally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip. Please send this file to anniefriday@xtra.co.nz and include a link to this thread. Title your email "Requested Files".
  #13  
Old June 5th, 2008, 06:17 AM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
I think I did good....
OK I think I did everything correctly.
Here is the log file from Combofix.exe
Thank you again,

This stuff gives me a headache

ComboFix 08-06-03.4 - Compaq_Owner 2008-06-04 16:47:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.793 [GMT -7:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 11:16 . 2008-06-04 11:16 1,953,707 --a------ C:\ComboFix.exe
2008-06-03 22:45 . 2008-06-03 22:45 <DIR> d-------- C:\Deckard
2008-06-03 15:04 . 2008-06-03 15:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-03 12:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-03 12:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-03 11:56 . 2008-06-03 11:56 11,776 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-03 09:45 . 2008-06-04 11:27 51,684 --a------ C:\VETlog.dmp
2008-06-01 20:50 . 2008-06-01 20:50 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-01 18:22 . 2008-06-01 19:18 <DIR> d-------- C:\UnrealTournament
2008-05-31 11:53 . 2008-05-31 11:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-31 11:53 . 2008-05-06 16:36 428,904 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-05-31 11:53 . 2008-03-24 08:53 34,304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-31 11:53 . 2008-03-24 08:53 22,528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-31 11:53 . 2008-05-31 11:53 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-31 11:39 . 2008-05-31 11:39 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-31 11:37 . 2008-06-03 14:59 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\iolo
2008-05-31 11:37 . 2008-05-31 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-26 22:43 . 2008-05-26 22:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 22:02 . 2008-05-26 22:02 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-12 20:59 . 2008-05-12 21:00 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-04 21:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 21:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-03 19:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 21:22 --------- d-----w C:\Program Files\America Online 9.0
2008-05-31 18:53 --------- d-----w C:\Program Files\iolo
2008-05-31 17:38 --------- d-----w C:\Program Files\Google
2008-05-23 01:25 --------- d-----w C:\Program Files\dezkzijw
2008-05-17 07:47 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-05-10 15:46 --------- d-----w C:\Program Files\West Point Bridge Designer 2006
2008-05-10 15:46 --------- d-----w C:\Program Files\GuitarVision
2008-05-01 00:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 14:51 99,368 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-27 14:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 14:15 --------- d-----w C:\Program Files\Reallusion
2008-04-22 12:44 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\PC-FAX TX
2008-04-21 16:22 --------- d-----w C:\Program Files\QuickTime
2008-04-21 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 15:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-13 15:01 --------- d-----w C:\Program Files\EzVoice 3.3
2008-04-13 14:46 --------- d-----w C:\Program Files\Brother
2008-04-13 14:42 --------- d-----w C:\Program Files\Nuance
2008-04-13 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-13 14:40 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-04-13 14:39 --------- d-----w C:\Program Files\ScanSoft
2008-02-21 06:57 22,328 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\PnkBstrK.sys
2007-05-03 18:19 478 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-01-20 17:50 2,188 -c--a-w C:\Program Files\uninstal.log
2007-08-11 05:20 61 --sh--w C:\WINDOWS\cnerolf.bin
2006-06-15 06:45 61 -csh--w C:\WINDOWS\cnerolf.dat
2005-07-13 17:16 3,985 --sha-w C:\WINDOWS\rreg32.dll
2005-07-13 17:16 1,548 --sha-w C:\WINDOWS\utapi32.dll
2006-04-01 18:26 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.

---- Directory of C:\Program Files\dezkzijw ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2008-02-11 21:11 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2005-05-24 01:28 16384 C:\WINDOWS\CTHELPER.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"HostManager"="C:\Program Files\Common Files\AOL\1142496391\EE\AOLSoftware.exe" [2007-04-12 14:23 42032]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 11:10 131072]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 13:14 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-05-06 16:36 764776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Compaq_Owner\Desktop\my funny clips\Chuy with an outboard for sale.JPG
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-02-11 21:11 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-04-12 14:23 42032 C:\Program Files\Common Files\AOL\1142496391\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 10:41 1605740 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-28 00:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 22:46 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-18 17:57 116272 C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2005-05-24 01:17 25088 C:\WINDOWS\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-29 18:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--a------ 2007-08-11 15:48 292152 C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2 (0x2)
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"LightScribeService"=3 (0x3)
"merger"=3 (0x3)
"Brother XP spl Service"=3 (0x3)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"Windows Management Service"=2 (0x2)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"McShield"=2 (0x2)
"aolavupd"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinPatrol PLUS"=C:\WinPatrol\WinPatrol.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\IS USPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142496391\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MoxieProxy\\ProspectorV3\\Prospector.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sony pvl3.sys [2007-06-28 12:28]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sony pvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sony pvt3.sys [2004-12-06 14:26]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-12-12 11:28]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-09-03 09:53]
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2007-08-14 11:57]
S3 BrSerWdm;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 14:12]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
S3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH 0763.sys [2006-06-08 02:37]
S3 SaiH2541;SaiH2541;C:\WINDOWS\system32\DRIVERS\SaiH 2541.sys [2007-05-01 17:10]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys []
S4 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 11:33]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 16:51:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-04 16:56:56
ComboFix-quarantined-files.txt 2008-06-04 23:56:23
ComboFix2.txt 2008-06-04 18:34:53

Pre-Run: 15,939,760,128 bytes free
Post-Run: 15,965,237,248 bytes free

214
  #14  
Old June 5th, 2008, 07:26 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Hi Brunobasser. I cant identify those files and they are not picked up by any antivirus program either. I dont like them much though. What I think we will do is rename them and if any program has problems functioning, they can be easily renamed again.

Make sure that you can view hidden files and folders, open Windows Explorer and navigate to C:\Windows. Look for rreg32.dll and utapi32.dll. When you find them, rightclick on each file and rename them to filename.old (rreg32.old and utapi32.old).

When you have done this, go here and download ATF cleaner (do not download the Recommended Download on the mirror site). Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others that you would like to remove. If you also use Opera or Firefox, also click on the cleaning options for each browser.

Next, disable your antivirus program. To do this, rightclick on the Icon in the Notification area (lower righthand corner of your screen) and choose Quit, Exit, Close or whatever option is offered. Now go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit > Select All then copy the log and paste it back here.

Run Hijack This again and post a new log please. Also tell me if you still have any problems.
  #15  
Old June 5th, 2008, 08:46 AM
Brunobasser Brunobasser is offline
New Member
  
Join Date: Jun 2008
Posts: 13
I will get started on this
AnnMarie,
Leave it to me to get the strange "bugs" that no one has seen before...geez
That's a whole bunch of stuff to do but I will get it all done without mistakes (I Hope) .
Where did you learn so much about computer programing?
I will post a reply soon.
Thanks
Brunobasser
Closed Topic
Page 1 of 2 1 2

Bookmarks

« Previous Topic | Next Topic »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
This is really tough! Scharnhorst Hardware 5 April 3rd, 2007 01:21 AM
Got a tough one! John Frank Malware Removal 39 October 29th, 2006 04:40 PM
Tough being a Man sweetillusion Jokes Forum 4 November 26th, 2005 08:44 PM
It's old, and it's tough MortTheMuffin Hardware 3 December 7th, 2004 01:26 AM
tough day renegade600 Jokes Forum 1 August 13th, 2004 12:10 PM


All times are GMT +1. The time now is 06:00 AM.