Thread: Deckard's System Scanner
View Single Post
Old 08-11-2008, 02:36 PM   #1 (permalink)
RavenShiraki
Registered User
 
Join Date: Aug 2008
Posts: 2
OS: Windows XP Home


Deckard's System Scanner
Hey there,

I recently (foolishly) downloaded a file which turned out ot be a trojan/malware. I have no idea how to get rid of it, I've tried everything but nothing seems to get rid of it.

Here is what the log says:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-11 14:19:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-08-11 20:19:43 UTC - RP532 - Deckard's System Scanner Restore Point
79: 2008-08-11 20:00:44 UTC - RP531 - Installed Ad-Aware
78: 2008-08-11 19:50:57 UTC - RP530 - Deckard's System Scanner Restore Point
77: 2008-08-11 17:48:57 UTC - RP529 - Last known good configuration
76: 2008-08-11 17:47:41 UTC - RP528 - System Checkpoint


-- First Restore Point --
1: 2008-08-11 17:45:59 UTC - RP453 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.07 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24: VIRUS ALERT!, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\Owner.YOUR-3E6407B95F\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mash1/en-u...370-4&langid=1
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {c82cd11c-fe4e-0128-0434-0d3e00186b61} - {16b68100-e3d0-4340-8210-e4efc11dc28c} - C:\WINDOWS\system32\occufq.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A4C1EF9B-C431-4F2D-B45B-02A5A98BFE96} - C:\WINDOWS\system32\jkkHWPhH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: QXK Olive - {DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} - C:\WINDOWS\wnlmdakqlag.dll
O2 - BHO: (no name) - {E482A951-26ED-4898-A1EB-09A942D95A52} - C:\WINDOWS\system32\tuvWpNee.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: bgrqfetx - {892B88A3-DC94-4A1F-A75A-9AA50061A683} - C:\WINDOWS\bgrqfetx.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [8c06e33e] rundll32.exe "C:\WINDOWS\system32\ognndkiy.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Wireless USB utility V1.02.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.****online.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164853536593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164944925640
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvWpNee - C:\WINDOWS\SYSTEM32\tuvWpNee.dll
O21 - SSODL: xokvrpwg - {6D44C2C7-0CF6-4034-83D5-8FCA5E50A166} - C:\WINDOWS\xokvrpwg.dll
O21 - SSODL: tfnslopk - {D0120659-9FAF-47F0-80A7-6332BC6DB61D} - C:\WINDOWS\tfnslopk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11677 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 MRVW225 (802.11g/b Wireless LAN Dirver for Windows XP) - c:\windows\system32\drivers\mrvw225.sys <Not Verified; Marvell Semiconductor, Inc; Marvell Wireless LAN Cilent Adapter-USB>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S0 VClone - c:\windows\system32\drivers\vclone.sys (file missing)
S3 b4cef69f-7af8-44e1-b52f-9803ba7976e8 - e:\player\cds300.dll (file missing)
S3 gel90xne - c:\docume~1\owner~1.you\locals~1\temp\gel90xne.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 09:35:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 14:24:31 0 d-------- C:\Program Files\Trend Micro
2008-08-11 14:00:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-11 11:49:57 120960 --a------ C:\WINDOWS\system32\occufq.dll
2008-08-11 11:49:55 120960 --a------ C:\WINDOWS\system32\qemcelfl.dll
2008-08-11 11:49:47 98688 --a------ C:\WINDOWS\system32\ognndkiy.dll
2008-08-11 11:45:33 8994 --ahs---- C:\WINDOWS\system32\HhPWHkkj.ini2
2008-08-11 11:45:17 323328 --a------ C:\WINDOWS\system32\jkkHWPhH.dll
2008-08-11 11:40:00 34176 --a------ C:\WINDOWS\system32\tuvWpNee.dll
2008-08-11 11:40:00 34176 --a------ C:\WINDOWS\system32\ddcYsRJb.dll
2008-08-11 11:39:45 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\TmpRecentIcons
2008-08-11 11:39:23 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-11 11:39:21 94208 --a------ C:\WINDOWS\edlb.exe
2008-08-11 11:39:20 385024 --a------ C:\WINDOWS\wnlmdakqlag.dll
2008-08-11 11:38:45 233472 --a------ C:\WINDOWS\xokvrpwg.dll
2008-08-11 11:38:44 188416 --a------ C:\WINDOWS\tfnslopk.dll
2008-07-31 23:59:28 41764 --a------ C:\WINDOWS\system32\kek.exe
2008-07-29 10:01:03 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\.dvdcss
2008-07-21 19:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Screaming Bee
2008-07-21 19:51:14 0 d-------- C:\Program Files\Screaming Bee
2008-07-21 14:00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-21 13:59:29 0 d-------- C:\Program Files\Common Files\Skype
2008-07-17 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-16 23:26:16 0 d-------- C:\vcs5BGEffects
2008-07-16 23:22:48 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-07-14 13:03:38 58594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-12 12:44:54 18944 --a------ C:\WINDOWS\system32\mpxa.exe


-- Find3M Report ---------------------------------------------------------------

2008-08-11 13:59:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 12:26:52 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\uTorrent
2008-08-11 12:16:51 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Yahoo!
2008-08-11 12:07:23 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\AVG7
2008-08-11 11:41:50 0 d-------- C:\Program Files\MPlayer for Windows
2008-08-03 19:56:42 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-21 20:05:17 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Screaming Bee
2008-07-21 19:51:15 0 d-------- C:\Program Files\Common Files\Screaming Bee
2008-07-21 14:36:17 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Skype
2008-07-21 14:07:51 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-07-21 14:00:02 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\skypePM
2008-07-21 13:59:29 0 d-------- C:\Program Files\Common Files
2008-07-17 17:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Google
2008-07-17 17:10:37 0 d-------- C:\Program Files\Google
2008-07-04 13:26:35 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\acccore
2008-07-04 13:25:26 0 d-------- C:\Program Files\AIM6
2008-07-04 13:25:14 0 d-------- C:\Program Files\Viewpoint
2008-07-04 13:24:38 0 d-------- C:\Program Files\Common Files\AOL
2008-06-17 20:05:30 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\dvdcss
2008-06-15 22:36:10 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Azureus
2008-06-14 19:15:23 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-14 10:25:26 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Sierra
2008-06-14 10:08:57 0 d-------- C:\Program Files\Sierra
2008-06-14 10:08:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 21:53:13 9676 --a------ C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16b68100-e3d0-4340-8210-e4efc11dc28c}]
11/08/2008 11:49: VIRUS ALERT! 120960 --a------ C:\WINDOWS\system32\occufq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4C1EF9B-C431-4F2D-B45B-02A5A98BFE96}]
11/08/2008 11:45: VIRUS ALERT! 323328 --a------ C:\WINDOWS\system32\jkkHWPhH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}]
10/08/2008 01:23: VIRUS ALERT! 385024 --a------ C:\WINDOWS\wnlmdakqlag.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E482A951-26ED-4898-A1EB-09A942D95A52}]
11/08/2008 11:40: VIRUS ALERT! 34176 --a------ C:\WINDOWS\system32\tuvWpNee.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [26/09/2005 17:07: VIRUS ALERT! C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [18/09/2005 10:32: VIRUS ALERT!]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [18/09/2005 10:32: VIRUS ALERT!]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 03:25: VIRUS ALERT!]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/04/2008 08:12: VIRUS ALERT!]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/12/2006 20:27: VIRUS ALERT!]
"8c06e33e"="C:\WINDOWS\system32\ognndkiy.dll" [11/08/2008 11:49: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 13:00: VIRUS ALERT!]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54: VIRUS ALERT!]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [03/04/2007 16:29: VIRUS ALERT!]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [27/03/2008 16:44: VIRUS ALERT!]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23/05/2007 15:12: VIRUS ALERT!]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [19/06/2008 11:51: VIRUS ALERT!]
"mpt"="c:\WINDOWS\system32\mpt.exe" [14/07/2008 13:03: VIRUS ALERT!]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless USB utility V1.02.exe.lnk - C:\Program Files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe [09/03/2008 4:35:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E482A951-26ED-4898-A1EB-09A942D95A52}"= C:\WINDOWS\system32\tuvWpNee.dll [11/08/2008 11:40: VIRUS ALERT! 34176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xokvrpwg"= {6D44C2C7-0CF6-4034-83D5-8FCA5E50A166} - C:\WINDOWS\xokvrpwg.dll [10/08/2008 01:23: VIRUS ALERT! 233472]
"tfnslopk"= {D0120659-9FAF-47F0-80A7-6332BC6DB61D} - C:\WINDOWS\tfnslopk.dll [10/08/2008 01:23: VIRUS ALERT! 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWpNee]
tuvWpNee.dll 11/08/2008 11:40: VIRUS ALERT! 34176 C:\WINDOWS\system32\tuvWpNee.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkHWPhH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EFSysMon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EFSysMon.lnk
backup=C:\WINDOWS\pss\EFSysMon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\Eraser.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastUser]
C:\WINDOWS\system32\fast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a8e002-460f-11dc-9307-0015581be460}]
AutoRun\command- M:\setup.exe /autorun
directx\command- M:\DirectX\dxsetup.exe
setup\command- M:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{994fe1b5-d3bc-11da-b3cd-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - AAWSERVICE



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7966 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-11 14:25:28 ------------
RavenShiraki is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here