Author Topic: HijackThis! log file (Read 678 times)

idezol · « **on:** July 10, 2008, 04:17:12 AM »

I'm posting my hijachThis log file.
Please, help me about what to remove/fix.
Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:28 Î¼Î¼, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211971731046
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B044CC1-4BDB-4BCC-92FB-A67C9F9EEEF4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B044CC1-4BDB-4BCC-92FB-A67C9F9EEEF4}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5358 bytes

guestolo · « **Reply #1 on:** July 10, 2008, 02:13:48 PM »

Can you please do the following

Download
[color=\"red\"]SDFix[/color]
Save it to your desktop

After that
Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

Post the report from SDFix please

In addition, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt
It may take more than one reply to post back all the above information

idezol · « **Reply #2 on:** July 11, 2008, 04:56:32 AM »

I did the Deckard's System Scanner test. Im posting the two log files

MAIN.txt

Deckard's System Scanner v20071014.68
Run by idezol on 2008-07-11 12:53:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
7: 2008-07-11 10:54:00 UTC - RP299 - Deckard's System Scanner Restore Point
6: 2008-07-10 11:33:02 UTC - RP298 - System Checkpoint
5: 2008-07-09 09:26:34 UTC - RP297 - Software Distribution Service 3.0
4: 2008-07-09 01:01:35 UTC - RP296 - Software Distribution Service 3.0
3: 2008-07-08 09:30:51 UTC - RP295 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-07-06 01:01:32 UTC - RP293 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as idezol.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:09 Î¼Î¼, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\_installs\Deckard System Scanner.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\idezol.exe

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211971731046
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B044CC1-4BDB-4BCC-92FB-A67C9F9EEEF4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B044CC1-4BDB-4BCC-92FB-A67C9F9EEEF4}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5339 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]
[color=\"red\"].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Tomcat5 (Apache Tomcat) - "c:\program files\apache software foundation\tomcat 5.5\bin\tomcat5.exe" //rs//tomcat5 <Not Verified; Apache Software Foundation; Service Runner>
S4 wampapache - "c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S4 wampmysqld - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30BB103C&REV_02\3&B1BFB68&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30BB103C&REV_02\3&B1BFB68&0&FB
Service:

-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-06 15:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Soulseek
2008-07-06 15:37:35 0 d-------- C:\Program Files\SoulseekNS

-- Find3M Report ---------------------------------------------------------------

2008-07-10 19:57:21 0 d-------- C:\Documents and Settings\idezol\Application Data\Skype
2008-07-06 15:33:07 0 d-------- C:\Program Files\Soulseek
2008-06-17 19:00:42 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-10 11:14:57 0 d-------- C:\Program Files\Microsoft Works
2008-06-02 11:53:47 95 --a------ C:\WINDOWS\system32\productregistry
2008-05-29 03:07:59 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-28 13:29:04 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-05-28 13:27:24 0 d-------- C:\Program Files\MSBuild
2008-05-28 11:47:37 0 d-------- C:\Documents and Settings\idezol\Application Data\FileZilla
2008-05-26 13:43:22 0 d-------- C:\Program Files\Trend Micro
2008-05-26 11:45:28 0 d-------- C:\Program Files\RegCleaner
2008-05-26 11:33:02 0 d-------- C:\Program Files\CCleaner
2008-05-23 14:36:34 0 d-------- C:\Program Files\FileZilla FTP Client
2008-05-23 12:40:13 0 d-------- C:\Program Files\AVG
2008-05-21 12:41:50 0 d-------- C:\Program Files\Microsoft Application Blocks for .NET
2008-05-19 11:27:54 0 d-------- C:\Documents and Settings\idezol\Application Data\Creative
2008-05-19 11:26:12 0 d-------- C:\Program Files\Creative
2008-05-19 01:47:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-16 12:03:00 0 d-------- C:\Program Files\Steinberg
2008-05-16 12:01:09 0 d-------- C:\Program Files\OpenOffice.org 2.2
2008-05-16 11:59:09 0 d-------- C:\Program Files\Native Instruments
2008-05-16 11:58:49 0 d-------- C:\Program Files\Macromedia
2008-05-16 11:58:48 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-16 11:57:31 0 d-------- C:\Program Files\Common Files
2008-05-16 11:57:31 0 d-------- C:\Documents and Settings\idezol\Application Data\Macromedia
2008-05-13 16:00:28 0 d-------- C:\Program Files\MSXML 6.0
2008-05-13 14:50:21 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-13 14:05:30 0 d-------- C:\Program Files\MSN Messenger
2008-05-13 14:02:10 0 d-------- C:\Program Files\Messenger
2008-05-13 13:47:08 0 d-------- C:\Program Files\Movie Maker
2008-05-13 13:43:15 0 d-------- C:\Program Files\Windows NT
2008-05-13 13:07:36 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-13 13:00:42 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-05-13 12:54:09 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-05-13 12:53:53 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-05-13 12:46:07 0 d-------- C:\Program Files\HTML Help Workshop
2008-05-13 12:30:39 0 d-------- C:\Program Files\Common Files\Business Objects
2008-05-13 12:28:31 0 d-------- C:\Program Files\CE Remote Tools
2008-05-13 11:59:17 0 d-------- C:\Program Files\SQLXML 4.0
2008-05-13 11:57:42 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 11:53:55 0 d-------- C:\Program Files\Hooligans
2008-05-13 11:53:29 0 d-------- C:\Program Files\Badder Adder
2008-05-13 11:52:55 0 d-------- C:\Program Files\eMule
2008-05-13 11:49:46 0 d-------- C:\Program Files\Microsoft Analysis Services

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [27/09/2006 05:10 Â£Â£]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [27/09/2006 05:10 Â£Â£]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [26/07/2006 10:44 Â£Â£ C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SunJavaUpdateSched"="C:\jre1.5.0_08\bin\jusched.exe" [26/07/2006 04:03 Â§Â£]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 05:42 Â§Â£]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:55 Â£Â£]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/04/2008 05:42 Â§Â£]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/4/2008 3:38:16 Â§Â£]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^idezol^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\idezol\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apache2.2"=2 (0x2)
"MySQL"=3 (0x3)
"OracleXETNSListener"=2 (0x2)
"OracleXEClrAgent"=3 (0x3)
"Tomcat5"=2 (0x2)
"WinVNC4"=3 (0x3)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"usnjsvc"=3 (0x3)
"hpqwmiex"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"AddFiltr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0200eda7-2763-11dd-9464-001636bd3ca1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1792e8ee-2670-11dc-93d2-001636bd3ca1}]
1\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d193cbe-233b-11dd-945d-001636bd3ca1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{337f248f-5e18-11dc-93f2-001636bd3ca1}]
1\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{337f2490-5e18-11dc-93f2-001636bd3ca1}]
1\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd84eb1-2103-11dd-9457-001636bd3ca1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40f49ca7-3c51-11dc-93e7-001636bd3ca1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78a07a7d-16a6-11dc-93b4-001636bd3ca1}]
1\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4a6bdfe-54a1-11dc-93f0-001636bd3ca1}]
1\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed663e03-f9e5-11dc-9443-001636bd3ca1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

-- End of Deckard's System Scanner: finished at 2008-07-11 12:59:41 ------------

EXTRA.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core(tm)2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1021.98 MiB / 661.59 MiB
Pagefile Memory (total/avail): 2460.07 MiB / 2006.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.01 MiB

C: is Fixed (NTFS) - 29.3 GiB total, 6.94 GiB free.
D: is Fixed (FAT32) - 46.19 GiB total, 7.16 GiB free.
E: is Fixed (FAT32) - 7.35 GiB total, 1.22 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL - 111.79 GiB - 6 partitions
\PARTITION0 (bootable) - Installable File System - 29.3 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 27.84 GiB
\PARTITION2 - Unknown - 46.28 GiB - D:
\PARTITION3 - Unknown - 7.37 GiB - E:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\idezol\Application Data
CATALINA_HOME=C:\Program Files\Apache Software Foundation\Tomcat 5.5
CLASSPATH=.;C:\jdk1.5.0_08\lib;C:\jre1.5.0_08\lib
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PATSABOURI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\idezol
JAVA_HOME=C:\jdk1.5.0_08
LANG=EL
lib=C:\Program Files\SQLXML 4.0\bin\
LOGONSERVER=\\PATSABOURI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=c:\program files\imagemagick-6.4.0-q8;C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\jdk1.5.0_08\bin;C:\Program Files\Apache Software Foundation\maven-2.0.7\bin;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\idezol\LOCALS~1\Temp
TMP=C:\DOCUME~1\idezol\LOCALS~1\Temp
TOMCAT_HOME=C:\Program Files\Apache Software Foundation\Tomcat 5.5
USERDOMAIN=PATSABOURI
USERNAME=idezol
USERPROFILE=C:\Documents and Settings\idezol
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

idezol (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 5.0 PowerPack Trial --> MsiExec.exe /I{E48A3003-0DB6-41A8-AEA7-B95989B5D505}
ActivePerl 5.8.8 Build 822 --> MsiExec.exe /I{D0E5A0E6-5947-4F21-B8AE-5129D153083B}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Reader Korean Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-7E8A45000001}
Apache Tomcat 5.5 (remove only) --> "C:\Program Files\Apache Software Foundation\Tomcat 5.5\Uninstall.exe"
ASAPI Update --> C:\PROGRA~1\VOB\ASAPIU~1\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BSPlayer --> "C:\Program Files\Webteh\BSPlayer\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Creative Live! Cam Vista IM Driver (1.00.07.0401) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl
Creative Live! Cam Vista IM User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Vista IM\Creative Live! Cam Vista IM User's Guide\English\CTManual.isu"
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
FileZilla Client 3.0.10 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
GDR 3054 for SQL Server Analysis Services 2005 ENU (KB934458) --> C:\WINDOWS\OLAP9_KB934458_ENU\Hotfix.exe /Uninstall
GDR 3054 for SQL Server Database Services 2005 ENU (KB934458) --> C:\WINDOWS\SQL9_KB934458_ENU\Hotfix.exe /Uninstall
GDR 3054 for SQL Server Integration Services 2005 ENU (KB934458) --> C:\WINDOWS\DTS9_KB934458_ENU\Hotfix.exe /Uninstall
GDR 3054 for SQL Server Notification Services 2005 ENU (KB934458) --> C:\WINDOWS\NS9_KB934458_ENU\Hotfix.exe /Uninstall
GDR 3054 for SQL Server Tools and Workstation Components 2005 ENU (KB934458) --> C:\WINDOWS\SQLTools9_KB934458_ENU\Hotfix.exe /Uninstall
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
GPL Ghostscript 8.56 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.56\uninstal.txt"
GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
GSview 4.8 --> C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x8 -removeonly
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe" -l0x8 -removeonly uninst
HP Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant --> MsiExec.exe /I{6FE30813-AC60-40A3-BE53-F6713A1F3893}
ImageMagick 6.4.0-6 Q8 (05/01/08) --> "C:\Program Files\ImageMagick-6.4.0-Q8\unins000.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
J2SE Development Kit 5.0 Update 8 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150080}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KeyTool GUI 1.7 --> C:\Program Files\KeyTool GUI 1.7\uninstall.exe
LEGO Star Wars II --> C:\Program Files\InstallShield Installation Information\{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe -runfromtemp -l0x0409
Microsoft Baseline Security Analyzer 2.1 --> MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Data Access Application Block for .NET --> MsiExec.exe /I{847AA256-42FA-45D1-BC8B-5C75E6EE6352}
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office 2003 Primary Interop Assemblies --> MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 --> MsiExec.exe /I{2373A92B-1C1C-4E71-B494-5CA97F96AA19}
Microsoft SQL Server 2005 Analysis Services --> MsiExec.exe /I{982DB00A-9C4E-436B-8707-18E113BAA44C}
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{69880C00-08DD-4385-B752-9C62656F6D1E}
Microsoft SQL Server 2005 Books Online (English) --> MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Integration Services --> MsiExec.exe /I{E0A41F96-7231-4AE8-A654-EEB34F935462}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Notification Services --> MsiExec.exe /I{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}
Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{90032DD0-ABEE-4424-AC1E-B076BDD4E350}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Premier Partner Edition - ENU --> MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
mIRC --> "d:\mirc\mirc32.exe" -uninstall
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Native Instruments Traktor DJ Studio 2 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Paragon Partition Manager 8.5 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}\Setup.exe" -l0x9
PDFCreator --> "C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6953.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
PDFCreator Toolbar --> "C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6953.exe" _?=C:\Program Files\PDFCreator Toolbar
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Skypeâ„¢ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SoulSeek 157 NS 12d --> "C:\Program Files\SoulseekNS\uninstall.exe"
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SQLXML4 --> MsiExec.exe /I{36DD7006-7BFE-4E3D-AF6E-FA734BC879B7}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vim 7.0 (self-installing) --> C:\Program Files\Vim\vim70\uninstall-gui.exe
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
VSO Image Resizer 1.1.15.65 --> "C:\Program Files\VSO\Image Resizer\unins000.exe"
WampServer 2.0 --> "c:\wamp\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.07) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\usbvm326_B3B8E60236EEFD3ED17E69EF6BBE5C38F2C4B420\usbvm326.inf
Windows Live Messenger --> MsiExec.exe /I{39CD7D93-BF66-4B8F-9A9C-560A1F939A0E}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
XCA (remove only) --> "C:\Program Files\xca\uninstall.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type33794 / Error
Event Submitted/Written: 07/10/2008 06:31:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application glosprelegal.vshost.exe, version 8.0.50727.42, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [glosprelegal.vshost.exe!ws!]

Event Record #/Type33686 / Error
Event Submitted/Written: 07/10/2008 06:14:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03f720d0.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type32177 / Error
Event Submitted/Written: 07/10/2008 02:09:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application glosprelegal.vshost.exe, version 8.0.50727.42, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [glosprelegal.vshost.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- End of Deckard's System Scanner: finished at 2008-07-11 12:59:41 ------------

So, what should i do next?

guestolo · « **Reply #3 on:** July 11, 2008, 08:11:55 AM »

Whey didn't you run SDFix?
If you did can I see the log please

Also NOTE: I asked you to run dss.exe from Desktop
You appear to have it on a seperate partition or running from a CD
D:\_installs\Deckard System Scanner.exe

It's important that when I ask you to run a tool from your desktop you transfer the download directly to your desktop or directly download it to your desktop

guestolo · « **Reply #4 on:** July 13, 2008, 10:35:46 AM »

Any update here?
You still show signs of malware in your logs

TheTechGuide Forum

News:

Author Topic: HijackThis! log file (Read 678 times)

idezol

HijackThis! log file

guestolo

HijackThis! log file

idezol

HijackThis! log file

guestolo

HijackThis! log file

guestolo

HijackThis! log file