Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vista Troubles

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Vista Troubles

Unread postby Keronadon » July 15th, 2008, 6:13 am

Howdy all,havn't had to come here in a while,but I believe I need some help now.I have a gateway comp with Vista Home Premium on it.I have an AMD64 x2 dual core 6000+ processor and 4 gigs of ram.I connect to the web through a router.I ran into a problem when I tried to create a set of recovery disks.First thing I noticed was that this comp does not even have a recovery drive showing.This may not have anything to do with the maijn problem I have,this comp could have come from the factory without a recovery partition installed I never bothered to check ity before.
I use Nod 32 foR antivirus protection.I do something you guys recommend against,I use utorrent a lot.After I noticed my comp slowing way down on startup I ran a detailed scan with Nod32 and it cam up with these warnings,
C:\Junk\Nero 7.8.5.0\Nero 7.8.5.0.exe »RAR »Toolbar.exe - Win32/Toolbar.AskSBar application - deleted
C:\Users\Jeff\AppData\Local\Temp\NERO13904\Toolbar.exe - Win32/Toolbar.AskSBar application - deleted
C:\Users\Jeff\AppData\Local\Temp\NERO14210\Toolbar.exe - Win32/Toolbar.AskSBar application - deleted
C:\Users\Jeff\AppData\Local\Temp\NERO14399\Toolbar.exe - Win32/Toolbar.AskSBar application - deleted
Nod32 seems to have cleared out the infected files but I noticed that one instance of infection was in the original installation file,I removed Nero from my system some time ago but this thing is some kinda of toolbar add on.Comp seems to be starting up faster since I ran the detailed scan in Nod32,but I know from experience that malware can go into hiding for a bit and still come back and hammer your system.The followingt HJT log was run after I had let Nod32 delete the infected files it found.I also noticed that Nod32 had not been able to inspect a lot of files because it said they were locked,and it seemed like there were a lot more files it could not open when I ran the detailed scan again after I removed the malware it found the first time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:46 AM, on 11/6/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [auditadmin] C:\windows\options\auditadmin.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46321C7B-0AAB-4904-BB33-F5D7B8C3EE2F}: NameServer = 216.51.211.234,216.51.211.233
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5706 bytes
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina
Advertisement
Register to Remove

Re: Vista Troubles

Unread postby Carolyn » July 20th, 2008, 5:46 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.

I am currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Right click on HijackThis and click Run as administrator
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » July 21st, 2008, 3:05 am

Carollyn,please take your time and help me make sure this comp is clean and clear.I am in no hurry I own 4 computers.I know thbis one is probably virused up good and I want to make sure ity is clean before I use it,last time I got a keylogger it cost me $3000 so please,take your time and help me clean this one good :)
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » July 21st, 2008, 6:01 pm

Hello,

Upload file for scanning
I'd like you to check a file for malware.
C:\windows\options\auditadmin.cmd

  • Copy/Paste the line in the quote box into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.


Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Right click on mbam-setup.exe and select Run as administrator
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  5. Leave the default options as it is and click on Start Scan.
  6. When done, you will be prompted. Click OK, then click on Show Results.
  7. Checked (ticked) all items and click on Remove Selected.
  8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Right click on dss.exe and select Run as administrator, then follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.


Please post the following:
  • The VirusTotal/Jotti results
  • The Malwarebytes' Anti-Malware log
  • The contents of main.txt and extra.txt.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » July 22nd, 2008, 3:08 am

Here is the uninstall list you wanted me to post.
Sansa Media Converter
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
AGEIA PhysX v7.09.13
AIM 6
Aim Plugin for QQ Games
AIMTunes
AOL Mail and AIM Gadget
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Bejeweled 2 Deluxe
Beyond TV DVD Burning Foundation
Beyond TV DVD Burning Foundation
BigFix
Blackhawk Striker 2
Blasterball 3
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
CDDRV_Installer
City of Villains/City of Heroes (remove only)
Crysis(R) SP Demo
Digital Media Reader
Diner Dash - Flo on the Go
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dragon NaturallySpeaking 9
Drivers Install For Linksys Easylink Advisor
Exteel
Family Feud 2
FATE
Fax Machine 4.26
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
Google Earth
Google Updater
Hellgate: London
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Solution Center 8.0
HP Update
HPSSupply
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
KhalInstallWrapper
LimeWire PRO 4.14.10
Linkit_eBay
Linksys EasyLink Advisor 1.6 (0032)
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Marvell Miniport Driver
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MVision
neroxml
NOD32 antivirus system
NVIDIA Drivers
Penguins!
Philips SPC 900NC PC Camera
PlayNC Launcher
Polar Bowler
Polar Golfer
Power2Go 5.0
PowerISO
Presto! VideoWorks 6 (VCD Version)
QQ Games
QuickTime
Rappelz_USA
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
RTC Client API v1.2
Samsung Master
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Security Update for Visio 2007 (KB947590)
Shades of Truth
SiSoftware Sandra Lite XII.SP2c
SnapStream Beyond TV 4.8.1
SnapStream Firefly Mini 1.0.2
Soft Data Fax Modem with SmartCP
System Requirements Lab
Total Video Converter 3.12 080330
Tradewinds
Uninstall AOL Emergency Connect Utility 1.0
Unreal Tournament 3 Demo
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
VCRedistSetup
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual Studio 2005 Redist Package
Windows Media Player Firefox Plugin
WinRAR archiver
World of Kaneva V2.0
World of Warcraft
Yahoo! Messenger
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Keronadon » July 22nd, 2008, 4:48 am

Malwarebytes' Anti-Malware 1.22
Database version: 977
Windows 6.0.6001 Service Pack 1

3:26:26 AM 7/22/2008
mbam-log-7-22-2008 (03-26-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 172158
Time elapsed: 1 hour(s), 1 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\GALA-NET\Rappelz_USA\Launcher.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\VirtualStore\Program Files\GALA-NET\Rappelz_USA\Launcher.exe.new (Trojan.FakeAlert) -> Quarantined and deleted successfully.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Keronadon » July 22nd, 2008, 4:49 am

File: auditadmin.cmd
Status: OK
MD5: e59512f36692221e582a8b68d8503836
Packers detected: -

Scanner results
Scan taken on 22 Jul 2008 07:15:40 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Keronadon » July 22nd, 2008, 4:54 am

DSS EXE kept shutting itself down and these were the problem details:
Problem signature:
Problem Event Name: BEX
Application Name: dss.exe
Application Version: 3.2.8.1
Application Timestamp: 46e55b6e
Fault Module Name: dss.dll
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4711ba44
Exception Offset: 00002120
Exception Code: c000000d
Exception Data: 00000000
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033
Additional Information 1: e2f2
Additional Information 2: d84a66c33abbb46f501b933d79e5686c
Additional Information 3: f020
Additional Information 4: 3e86566947750b0ffce7c1741945f063
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » July 22nd, 2008, 7:07 am

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire PRO

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Programs and Features.].

If you wish to keep it, please do not use it until your computer is cleaned.



Boot to SAFE MODE

You should print out these instructions, or copy them to NotePad for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer.
  • When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows Vista Advanced Boot Options.
  • Select the Safe Mode option using the arrow keys.
  • Then press the enter key on your keyboard to boot into Vista Safe Mode.
  • When Windows starts you will be at a typical logon screen. Logon to your computer and Vista will enter Safe mode.


Scan with Deckard's System Scanner
  1. Close all applications and windows.
  2. Right click on dss.exe and select Run as administrator, then follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Save both reports to your desktop so that they will be easy to find.
  5. Reboot your computer to NORMAL MODE.


Scan with HijackThis
  • Right click HijackThis and select Run as administrator
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Please post the contents of main.txt and extra.txt along with the HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » July 22nd, 2008, 2:42 pm

As I said in my last posting I could not get DSS.exe to run on my comp,Here are the details it gave when it stopped working:
Problem signature:
Problem Event Name: BEX
Application Name: dss.exe
Application Version: 3.2.8.1
Application Timestamp: 46e55b6e
Fault Module Name: dss.dll
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4711ba44
Exception Offset: 00002120
Exception Code: c000000d
Exception Data: 00000000
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033
Additional Information 1: e2f2
Additional Information 2: d84a66c33abbb46f501b933d79e5686c
Additional Information 3: f020
Additional Information 4: 3e86566947750b0ffce7c1741945f063
I ran another HJT scan here are the results:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:50 PM, on 7/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\drivers\Phibtn.exe
C:\Windows\System32\drivers\Tray900.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [auditadmin] C:\windows\options\auditadmin.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [PhiBtn] C:\Windows\System32\Drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] C:\Windows\System32\Drivers\Tray900.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9188 bytes
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » July 22nd, 2008, 2:46 pm

Did you try running DSS in Safe Mode? Sometimes an application that fails in Normal Mode will run in Safe Mode.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » July 24th, 2008, 2:48 am

I tried running DSS in safe mode and it still failed at the same point as before.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » July 24th, 2008, 5:23 pm

Hello,

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file from one of the three below listed places :
    For information regarding this download, please visit this webpage:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link1
    Link2
    Link3

    **Note: It is important that it is saved directly to your desktop**

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Then right click combofix.exe, select Run as administrator & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Please post the Combofix log and a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » July 26th, 2008, 1:51 am

Something strange happened when I ran combofix,it ran for over 2 hours before I went to work so I just left it running,it seems it found quite a few problems.When I got home from work there was a logfile on the screen and my computer is running very slowly.I am going to post the logfile and reboot and run hijackthis after the reboot.
ComboFix 08-07-24.6 - Jeff 2008-07-25 12:40:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2554 [GMT -5:00]
Running from: C:\Users\Jeff\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\Phibtn.exe
C:\Windows\system32\drivers\Tray900.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-22 03:31 . 2008-07-22 03:31 <DIR> d-------- C:\Deckard
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 02:22 . 2008-07-20 20:21 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-22 02:22 . 2008-07-20 20:21 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:02 <DIR> d-------- C:\Program Files\QuickTime
2008-07-12 22:42 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 22:42 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-12 22:42 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-08 15:29 . 2008-07-08 15:29 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU
2008-07-08 13:42 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 13:42 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-06-26 05:46 . 2008-06-26 05:46 <DIR> d-------- C:\Program Files\Total Video Converter
2008-06-26 05:46 . 2000-05-22 22:58 608,448 --a------ C:\Windows\System32\comctl32.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 17:45 --------- d-----w C:\ProgramData\Google Updater
2008-07-20 08:53 --------- d-----w C:\Users\Jeff\AppData\Roaming\uTorrent
2008-07-15 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-13 03:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-08 20:29 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 20:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-25 06:53 --------- d-----w C:\Program Files\DivX
2008-06-24 08:21 2,834 ----a-w C:\Users\Jeff\AppData\Roaming\SAS7_000.DAT
2008-06-19 08:42 --------- d-----w C:\Users\Jeff\AppData\Roaming\CyberLink
2008-06-19 07:18 --------- d-----w C:\Users\Jeff\AppData\Roaming\dvdcss
2008-06-15 22:05 --------- d-----w C:\ProgramData\Nero
2008-06-15 22:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-15 21:58 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-15 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\SnapStream
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-15 09:28 --------- d-----w C:\Program Files\SiSoftware
2008-06-15 09:15 --------- d---a-w C:\ProgramData\TEMP
2008-06-14 08:56 --------- d-----w C:\Users\Jeff\AppData\Roaming\Move Networks
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-28 09:20 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-05-28 09:19 --------- d-----w C:\ProgramData\LogiShrd
2008-05-28 09:19 --------- d-----w C:\Program Files\Logitech
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-03-26 13:08 174 --sha-w C:\Program Files\desktop.ini
2008-03-15 14:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-15 14:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-15 14:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auditadmin"="C:\windows\options\auditadmin.cmd" [2007-04-05 19:58 476]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-01 08:08 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 02:33 227840]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-18 20:55 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-18 20:55 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 16:46 4349952 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]

C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-25 19:56:27 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-29 23:31:09 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.NSVI"= NSVIDEO.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2007-03-19 10:20 259624 C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPDetect]
--a------ 2004-03-16 14:49 40960 C:\Program Files\NewSoft\Presto! VideoWorks 6\IPP4Detect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 19:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 10:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 12:52 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9016ED6-7E6A-4733-9451-4B947E3B4DBE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B849EBEF-F8BF-47D5-AE84-FFDF2619C5E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DF82768-3AD3-42C3-890B-67FFB6087F6F}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{8D45B4C1-774C-44AB-99F5-03FCBCB867D1}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{777120E9-BB54-458B-82AB-841A3EB7FB7D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{9B099D0E-B636-47C0-9E0D-95CF0469060F}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{8023A7CE-BB5D-4536-90CF-8EF6B8C8B41D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{5BBF1454-DDB2-4DFD-97D1-4A7ADB187C2C}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{CF2228F7-FF8C-4EA0-AC79-05EDC8493784}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{915A84C2-0551-4E71-80D7-1FCB0ECE91D5}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{E8D2CCF1-0928-4037-9751-46C22A32EADC}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{226F141E-F1D1-4575-885B-BF478BB4DB80}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{AA4C1154-3C8B-4603-9B65-4862763BAC67}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{8DB49E7C-5F22-459F-A177-22A8088BF304}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{2DC4135F-AD50-46C4-B41F-17C3DD747C51}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{3119FF8A-2B25-48C0-85A9-087FDEE547C8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{4B9FFAEE-C62F-4542-909B-14B85AD48E04}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{D707EE12-5C6C-440E-AA88-00FBF416BAC8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{3DE595B0-F6A2-4C9E-9DAD-21A657341822}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"{189DF32D-B5C3-45CD-9817-EFB04270C016}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"TCP Query User{CBD6BDBD-44BB-4F7A-94A7-75BF7385F2C0}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{F11CE85A-96BE-4CD1-9683-B3690EB1F28A}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{AB74DB35-565A-44BA-A990-ED7C09A86A82}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"UDP Query User{6D98AC01-E756-487C-ADF5-92620DF73489}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"TCP Query User{042043E3-3F1F-4490-8F0E-710AA396C1C1}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FC47FCBA-3798-4052-A345-1B6B4ED62570}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8A752FFF-F0CE-40A5-B9FB-B75E694BD64C}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"UDP Query User{761E2616-B5B5-4991-851A-D0A16F2A2AF7}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"{3F8DBF73-452C-495E-A32B-6A37B8D379A0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F4084399-4C7C-4A6A-A50A-8ED8C53221CA}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{46C0492C-5087-4B5F-960C-72AE499A60E0}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{0FA74659-9970-4A6A-9FB2-4FE12FDC6E6C}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{739789E4-4AD8-44C8-B313-B6556C16A9A2}C:\\program files\\shades of truth\\underlight.exe"= UDP:C:\program files\shades of truth\underlight.exe:P-Lyra
"UDP Query User{D966E2C2-018E-45FB-B2A4-BF88FF9C8893}C:\\program files\\shades of truth\\underlight.exe"= TCP:C:\program files\shades of truth\underlight.exe:P-Lyra
"TCP Query User{5838DC9E-F0EF-4EB5-812A-C28A73F7985D}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7C563B76-CBC8-4272-B9DD-44770B56244F}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{F5DFC06C-43B6-467A-83C8-13101C202104}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{3DDB5C3A-CF7D-4BFF-8E2B-1F4B1B3323F6}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{A396B86C-019C-4DBF-894D-5256C36D0794}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B40BE65D-8913-43CD-9905-F97E444E43B1}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B40F5858-707B-457C-83C8-D7C3358C336C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{99A8B560-063C-4731-9551-81DBEFA6C07C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{464184D5-4886-4399-A83E-23F4407D173B}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{8F34C19E-081E-4538-9A27-48140C769DE2}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{001796E6-5BC5-4BEB-9671-C71B89C9ECCE}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{F40C2A12-3865-412C-968D-FD3F618CCB2F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{1C7BD611-8ECA-422F-A7BC-1BB70E0A68CA}"= UDP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{0023D449-D9B6-4252-8F38-F24A5468D9B7}"= TCP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{ABFF9636-F8E3-4E20-A498-0D888A77D5E5}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5E11565F-D08D-464D-878C-01B905986E1F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1A34A367-E1F2-4F14-898F-47A17B189F40}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{C1E987EA-6BFF-48A5-8F33-01EF09DE182F}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{36E84982-0C4C-47BE-BC5C-369FBCD22943}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E5928EC5-59F7-431C-B004-93C786DED980}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{3F128E8C-76C1-4777-848D-9E04B629D438}"= UDP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{1DF66FF6-541C-45B8-B808-7C07F750E258}"= TCP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{BC2C87A8-DD05-49CF-9F96-B4E5E33256BA}"= UDP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{D0E8E484-E01A-4E3E-85F8-ADC9B6B0336B}"= TCP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{38198640-A2AD-464B-AB44-BF0AEC0BFC9C}"= UDP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{D2C1036C-8765-4195-9A38-151AA42CD2AD}"= TCP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{51A3F9F5-26F1-4D38-838E-A999A224829E}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{04766688-1A24-4B23-896E-A93221CFDFC2}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"TCP Query User{DCF7E62A-8574-497E-A898-94B59FABD5FD}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\jeff\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{1A545066-588A-4FBB-AFCE-40F3FBA3446D}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\jeff\program files\utorrent\utorrent.exe:utorrent.exe
"{CD3A12C0-0983-48E0-AA1E-08DF6A173C03}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{26886B81-95CD-4DA6-B7C2-78DE0DC64DFA}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{204CDFC4-4328-4276-92CB-DEDDB5D6683C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A7B5323B-EB80-490C-80BE-04BD997B06EA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C14AAE9C-412E-4A50-9F59-443D121A32E9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C34DE1C0-2859-4C47-B693-2148EA0D623A}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{826F8499-49EF-401C-9BD3-A5E0DB4B9C97}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{2D9BCDD3-7344-4CBA-9DD2-82D85F1ECA06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{65DCB432-5C13-4D87-949C-654E878BB3BE}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B83BF5C1-E82C-4E6C-BCF4-83FB91341630}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E578A938-E364-4870-B631-140D4E426A67}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D6CDD40E-72D7-4372-8E49-B6FA399EA6E2}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BED51DCB-521F-4BB4-8435-52F7ABD59C11}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B3411FE4-D09C-42F7-847E-090677D38247}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1B470EA0-99DD-4D2C-805B-BF280980CC94}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{A0C410C7-F5C2-45E4-B792-2F4ADA510A73}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{F6D479C4-1A04-4127-A60A-022A838EA18C}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{8842ED0A-4911-4742-9720-6A76C3D5FB6E}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{B9886591-77E7-4E58-A306-F34CD7A25843}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{EE57C978-7A91-4CEB-98CA-BA09181F9C42}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{4158E73A-0103-4098-85C5-8FB6F5837274}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{DEE29D52-2C70-4724-BE77-522247FCD489}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{B7761C7F-717B-41F7-BF9B-060B9233CCB9}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"{4888903E-B6B1-40E5-95D3-A68F99D3ACAB}"= Disabled:UDP:443:ooVoo TCP port 443
"{8F1132E3-1BA4-4659-B17B-7F7979094AC0}"= Disabled:TCP:443:ooVoo UDP port 443
"{16455A28-1DDB-4F19-AF78-9166A4EC843B}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{1C937F7F-7A08-4C76-82AD-3EEE697C6362}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{C165B523-4A89-48A1-820E-EA752A37D4EA}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{66E86256-E406-4D8B-A412-DAD1FC3F63D2}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service
"{E8FB135C-D536-4CD8-B219-5E9BF7A0C8C2}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-05-04 09:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKCU-Run-Power2GoExpress - (no file)
HKLM-Run-PhiBtn - C:\Windows\System32\Drivers\PhiBtn.exe
HKLM-Run-TrayMin900 - C:\Windows\System32\Drivers\Tray900.exe
HKLM-Run-Fax Machine - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe
MSConfigStartUp-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.smunet.net/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\Windows\Downloaded Program Files\SysReqLab3.osd
C:\Windows\Downloaded Program Files\sysreqlab3.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 13:51:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-25 14:49:46
ComboFix-quarantined-files.txt 2008-07-25 19:47:54

Pre-Run: 275,481,206,784 bytes free
Post-Run: 277,558,374,400 bytes free

300 --- E O F --- 2008-07-24 07:31:14
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Keronadon » July 26th, 2008, 2:05 am

And the comp speeded back up on the reboot,here is the new Hijackthis logfile.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:09 AM, on 7/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [auditadmin] C:\windows\options\auditadmin.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8676 bytes
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 504 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware