Install-privacy-danger.bat Virus

lypio · #1 July 18th, 2008, 01:19 AM

Hi,

I saw an earlier post that was discribing the same problem I'm having i.e. wallpaper changes, internet explorer pop ups every half hour and mozzilla pop ups as well. I am using avast as antivirus that hasn't done much...

To avoid timewasting I already made the first steps as instructed to the other fellow user and have the log files from dss

so the main log is:

Deckard's System Scanner v20071014.68
Run by Kriton on 2008-07-18 02:42:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

System Drive D: has 14.13 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-18 02:43:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\ASUSKBService.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TVersity\Media Server\MediaServer.exe
D:\WINDOWS\system32\UAService7.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\nvraidservice.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\adiras.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Kriton\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨γ¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - D:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {503E4419-0565-4887-9B72-B8B15EABB811} - D:\WINDOWS\system32\geBuUlMd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EA479BF-A910-4B14-8BB1-CD195871F947} - D:\WINDOWS\system32\xxyXPJdA.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - D:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - D:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! ¤u¨γ¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - D:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - D:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [nTrayFw] D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaBtSh] D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [240a2378] rundll32.exe "D:\WINDOWS\system32\swukarbd.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM2_Monitor] "D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Πρόχειρες σελίδες HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Έξυπνη επιλογή HP - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D0DABEF-DBD1-417A-A187-5D7E71A175A0}: NameServer = 195.170.0.1,195.170.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: xxyXPJdA - D:\WINDOWS\system32\xxyXPJdA.dll
O21 - SSODL: kvxqmtre - {C23C8ECB-70BA-456A-A2E1-12AB7E3E0C3B} - D:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {2432C990-3153-4089-806C-3BBB3C55A486} - D:\WINDOWS\evgratsm.dll
O23 - Service: app_filter - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ASUSKBService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

--
End of file - 14338 bytes

lypio · #2 July 18th, 2008, 01:20 AM

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - D:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - D:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Asus Display Driver Helper Service) - d:\windows\system32\drivers\asuskbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SCDEmu - d:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 EIO - d:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 MaVctrl - d:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 DstAudio - d:\windows\system32\drivers\dstaudio.sys <Not Verified; Dst provider; Dst driver>
R3 DstVideo - d:\windows\system32\drivers\dstvideo.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 Ma730Pt (MA730 Bluetooth VCOM Driver) - d:\windows\system32\drivers\ma730pt.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 Ma730Vad (MA730 Bluetooth Audio) - d:\windows\system32\drivers\ma730vad.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 MRVW225 (802.11g/b Wireless LAN Dirver for Windows XP) - d:\windows\system32\drivers\mrvw225.sys <Not Verified; Marvell Semiconductor, Inc; Marvell Wireless LAN Cilent Adapter-USB>
R3 pfc (Padus ASPI Shell) - d:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 DCamUSBNW800 (Crypto COMPACT Web Camera) - d:\windows\system32\drivers\pcam800.sys <Not Verified; Divio Inc.; NW800 USB PC Camera>
S3 Ma730c (MA730 Bluetooth Core Driver) - d:\windows\system32\drivers\ma730c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8630C - d:\windows\system32\drivers\ma8630c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8630M - d:\windows\system32\drivers\ma8630m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8630U - d:\windows\system32\drivers\ma8630u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MaRdPnp - d:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 netModUSBService (Service for netMod USB CAPI Driver) - d:\windows\system32\drivers\nmusb.sys <Not Verified; Intracom S.A.; netMod USB Drivers>
S3 P1160COM (Creative PC-CAM 880 (Camera)) - d:\windows\system32\drivers\p1160buk.sys <Not Verified; Accapella Ltd.; >
S3 P1160VID (Creative PC-CAM 880 (Video)) - d:\windows\system32\drivers\p1160vid.sys <Not Verified; Accapella Ltd.; >
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - d:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
S3 sony_ssm.sys - d:\docume~1\kriton\locals~1\temp\sony_ssm.sys (file missing)
S3 WINIO - e:\winio.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 app_filter - d:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.ex e <Not Verified; ; app_filter Module>
R2 ASUSKeyboardService (ASUS Keyboard Service) - d:\windows\asuskbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 ForcewareWebInterface (Forceware Web Interface) - "d:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Nero BackItUp Scheduler 3 - d:\program files\nero\nero8\nero backitup\nbservice.exe
R2 nSvcIp (ForceWare IP service) - d:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
R2 nSvcLog (ForceWare user log service) - d:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
R2 PLFlash DeviceIoControl Service - d:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 TVersityMediaServer - "d:\program files\tversity\media server\mediaserver.exe"
R2 UserAccess7 (SecuROM User Access Service (V7)) - d:\windows\system32\uaservice7.exe <Not Verified; Sony DADC Austria AG.; >

S2 PavPrSrv (Panda Process Protection Service) -
S3 ServiceLayer - "d:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N72
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N72
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 03:30:00 404 --a------ D:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job

-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-18 02:06:21 3458 --a------ D:\WINDOWS\system32\tmp.reg
2008-07-18 02:05:48 25600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-07-18 02:05:48 289144 --a------ D:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-18 02:05:48 86528 --a------ D:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-18 02:05:48 288417 --a------ D:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-18 02:05:48 53248 --a------ D:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-18 02:05:48 82944 --a------ D:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-18 02:05:48 51200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-07-18 02:05:48 81920 --a------ D:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-18 01:40:11 92672 --a------ D:\WINDOWS\system32\swukarbd.dll
2008-07-17 14:35:30 92672 -----n--- D:\WINDOWS\system32\qgpqqrdw.dll
2008-07-17 14:34:37 383124 --ahs---- D:\WINDOWS\system32\dMlUuBeg.ini2
2008-07-17 14:34:33 322816 --a------ D:\WINDOWS\system32\geBuUlMd.dll
2008-07-17 14:29:05 33152 --a------ D:\WINDOWS\system32\xxyXPJdA.dll
2008-07-17 14:29:05 33152 --a------ D:\WINDOWS\system32\fccYOhFy.dll
2008-07-17 14:25:30 159744 --a------ D:\WINDOWS\qndsfmao.dll
2008-07-17 14:25:30 245760 --a------ D:\WINDOWS\evgratsm.dll
2008-07-17 14:25:30 163840 --a------ D:\WINDOWS\erms.exe

-- Find3M Report ---------------------------------------------------------------

2008-07-17 15:39:56 0 d-------- D:\Program Files\AskTBar
2008-07-17 02:08:48 0 d-------- D:\Documents and Settings\Kriton\Application Data\Azureus
2008-06-03 12:46:03 0 d-------- D:\Program Files\DC++
2008-06-01 01:31:23 0 d-------- D:\Program Files\Sun
2008-06-01 01:31:10 0 d-------- D:\Program Files\Java
2008-05-27 12:06:20 0 d-------- D:\Program Files\Microsoft Silverlight

lypio · #3 July 18th, 2008, 01:22 AM

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
02/03/2007 17:52 1298024 -ra------ D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 17:52 177768 -ra------ D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503E4419-0565-4887-9B72-B8B15EABB811}]
17/07/2008 14:34 322816 --a------ D:\WINDOWS\system32\geBuUlMd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EA479BF-A910-4B14-8BB1-CD195871F947}]
17/07/2008 14:29 33152 --a------ D:\WINDOWS\system32\xxyXPJdA.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NVRaidService"="D:\WINDOWS\system32\nvraidservice .exe" [02/11/2004 01:55]
"nTrayFw"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [01/11/2004 12:22]
"SoundMan"="SOUNDMAN.EXE" [15/11/2004 13:20 D:\WINDOWS\SOUNDMAN.EXE]
"NVIDIA nTune"="D:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [18/11/2004 07:33]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"MaBtSh"="D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [08/02/2006 17:29]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [29/03/2008 20:37]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [13/02/2007 21:29]
"adiras"="adiras.exe" [13/02/2007 16:19 D:\WINDOWS\adiras.exe]
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
"NeroFilterCheck"="D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [28/02/2008 09:59]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 16:29]
"240a2378"="D:\WINDOWS\system32\swukarbd.dll" [18/07/2008 01:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"OM2_Monitor"="D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [28/05/2007 17:59]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Nokia.PCSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [25/7/2007 8:38:58 ££]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/3/2007 10:26:24 ££]
InterVideo WinCinema Manager.lnk - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [27/4/2005 12:43:43 §£]
NkbMonitor.exe.lnk - D:\Program Files\Nikon\PictureProject\NkbMonitor.exe [29/4/2005 10:44:38 ££]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///D:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{8EA479BF-A910-4B14-8BB1-CD195871F947}"= D:\WINDOWS\system32\xxyXPJdA.dll [17/07/2008 14:29 33152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"kvxqmtre"= {C23C8ECB-70BA-456A-A2E1-12AB7E3E0C3B} - D:\WINDOWS\kvxqmtre.dll [ ]
"evgratsm"= {2432C990-3153-4089-806C-3BBB3C55A486} - D:\WINDOWS\evgratsm.dll [17/07/2008 13:14 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyXPJdA]
xxyXPJdA.dll 17/07/2008 14:29 33152 D:\WINDOWS\system32\xxyXPJdA.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\system32\geBuUlMd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fbb7b4b5-aba2-11d9-97b5-806d6172696f}]
AutoRun\command- E:\Autorun.exe

-- End of Deckard's System Scanner: finished at 2008-07-18 02:45:10 ------------

lypio · #4 July 18th, 2008, 01:24 AM

the extra log is:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3000+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1279.48 MiB / 665.27 MiB
Pagefile Memory (total/avail): 1899.57 MiB / 1318.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.47 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.91 GiB total, 28.76 GiB free.
D: is Fixed (NTFS) - 186.3 GiB total, 14.13 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L060J3 - 55.91 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.91 GiB - C:

\\.\PHYSICALDRIVE1 - ST3200826AS - 186.31 GiB - 1 partition
\PARTITION0 - Installable File System - 186.3 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: NVIDIA Firewall v1.0 (NVIDIA Corporation)
AV: avast! antivirus 4.8.1169 [VPS 080717-0] v4.8.1169 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Program Files\\NetMeeting\\conf.exe"="D:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"="D:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe:*:Enabled:WinD VD"
"D:\\WINDOWS\\system32\\rtcshare.exe"="D:\\WINDOWS \\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"="D:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yah oo! Messenger"
"D:\\Program Files\\DC++\\DCPlusPlus.exe"="D:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled

C++"
"D:\\Program Files\\Hexacto Games\\Lemonade Tycoon\\Lemonade.exe"="D:\\Program Files\\Hexacto Games\\Lemonade Tycoon\\Lemonade.exe:*:Enabled:Lemonade"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"D:\\Program Files\\Azureus\\Azureus.exe"="D:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\WINDOWS\\system32\\include\\svchost.exe"="D:\ \WINDOWS\\system32\\include\\svchost.exe:*

isable d:mIRC"
"D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Kriton\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=ATHLON
ComSpec=D:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Kriton
LOGONSERVER=\\ATHLON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\Program Files\PC Connectivity Solution\;D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOW S\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;D:\Program Files\Common Files\Teleca Shared;D:\Program Files\QuickTime\QTSystem\;D:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1f00
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Kriton\LOCALS~1\Temp
TMP=D:\DOCUME~1\Kriton\LOCALS~1\Temp
USERDOMAIN=ATHLON
USERNAME=Kriton
USERPROFILE=D:\Documents and Settings\Kriton
windir=D:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

lypio · #5 July 18th, 2008, 01:25 AM

-- User Profiles ---------------------------------------------------------------

Kriton (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> D:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> D:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> D:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> D:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SETUP.EXE" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Δείγματα πολυμέσων --> MsiExec.exe /I{A918DE8A-98C8-0920-0001-000000000000}
Βοηθός εισόδου του Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ACDSee 32 --> D:\PROGRA~1\ACDSee32\UNWISE.EXE D:\PROGRA~1\ACDSee32\INSTALL.LOG
Ad-aware 5.83 --> D:\PROGRA~1\LAVASO~1\UNWISE.EXE D:\PROGRA~1\LAVASO~1\INSTALL.LOG
Adobe Acrobat 5.0 --> D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> D:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Shockwave Player --> D:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ArcSoft Panorama Maker 3 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E2D201C4-92AF-4544-A5CC-1419F8D5618B}\SETUP.EXE" -l0x9 -uninst
Ask Toolbar --> rundll32 D:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O
ASUS Enhanced Display Driver --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}
ASUS Video Security --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{169E414A-37C7-434E-9021-27A03AE087CD}
ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
avast! Antivirus --> D:\Program Files\Alwil Software\Avast4\aswRunDll.exe "D:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5 --> "D:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus --> D:\Program Files\Azureus\Uninstall.exe
Betoto Poker (remove only) --> "D:\Program Files\Betoto\uninst.exe"
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
Creative DVD Audio Plugin for Audigy Series --> "D:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Creative PC-CAM 880 Driver (1.00.05.0403) --> D:\WINDOWS\CtDrvIns.exe -uninstall -script Pd1160.uns -unsext NT -plugin P1160Pin.dll -pluginres P1160Pin.crl
Creative PC-CAM 880 Manual (English) --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Creative\Creative PC-CAM 880 Manual\English\CTManual.isu"
Creative PC-CAM Center --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\SETUP.EXE" -l0x9 /remove
Creative WebCam Monitor --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SETUP.EXE" -l0x9 /remove
Crypto COMPACT Web Camera --> D:\WINDOWS\pcamr800.exe
DC++ 0.698 --> "D:\Program Files\DC++\uninstall.exe"
DesTaVideo3 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{21032AE6-5993-455B-932E-73AD7E1B5806}\SETUP.EXE"
Digital Guitar Tuner 2.30 --> "D:\Program Files\Digital Guitar Tuner\Uninstall.exe" "D:\Program Files\Digital Guitar Tuner\install.log"
DVD Decrypter (Remove Only) --> "D:\Program Files\DVD Decrypter\uninstall.exe"
Elasto Mania --> D:\PROGRA~1\ELASTO~1\UNWISE.EXE D:\PROGRA~1\ELASTO~1\INSTALL.LOG
eMusic - 50 Free MP3 offer --> "D:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
ffdshow [rev 1324] [2007-07-01] --> "D:\Program Files\The FilmMachine\ffdshow\unins000.exe"
FLV Player 1.3.3 --> "D:\Program Files\FLVPlayer\uninstall.exe"
GIMP 2.4.4 --> "D:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "D:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
HP Customer Participation Program 9.0 --> D:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0 --> D:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> D:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0 --> D:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01 --> D:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> D:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
InterVideo WinDVB --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{45B3D436-FC53-4728-8110-FD9639178CE0}\setup.exe" REMOVEALL
InterVideo WinDVD 5 --> "D:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 3.6.5 --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
Ladbrokes Poker --> D:\PROGRA~1\LADBRO~1\LADBRO~1\UNWISE.EXE D:\PROGRA~1\LADBRO~1\LADBRO~1\INSTALL.LOG
Learning Essentials for Microsoft Office --> MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
Lemonade Tycoon --> D:\PROGRA~1\HEXACT~1\LEMONA~1\UNWISE.EXE D:\PROGRA~1\HEXACT~1\LEMONA~1\INSTALL.LOG
Lemonade Tycoon 2 --> "D:\Program Files\Lemonade Tycoon 2\unins000.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "D:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "D:\WINDOWS\$NtUninstallWudf01005$\spuninst\spunin st.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "d:\windows\system32\include\svchost.exe" -uninstall
Mjuice Components --> D:\Program Files\Mjuice Media PlayerMJUninst.exe
Mozilla ActiveX Control v1.7.12 --> D:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (2.0.0.16) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG Scissors --> "D:\Program Files\TFM\MPEG Scissors\unins000.exe"
MSN --> D:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Trial --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891032}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetMod Configuration Manager --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Intracom S.A.\NetMod Configuration Manager\Uninst.isu"
Nikon FotoShare --> D:\Program Files\Nikon\FotoShare\Uninstal.exe D:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> D:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_gre_web. exe /LANG="1032"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers --> D:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA nTune --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1032
OLYMPUS Master 2 --> MsiExec.exe /X{CBC85F2E-1981-4C55-9418-908D08D2C6E8}
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint.NET v3.22 --> MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PictureProject --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PowerISO --> "D:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek AC'97 Audio --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAGEM F@st 800-840 --> D:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe -runfromtemp -l0x0008 -removeonly
Sam and Max - Season Two - Sam and Max Episode 205 - What's New, Beelzebub? --> D:\Program Files\Telltale Games\Sam and Max - Season Two\Uninstall Episode 205 - What's New, Beelzebub.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SnagIt 6 --> D:\Program Files\TechSmith\SnagIt 6\SIUNINST.EXE
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Sub Station Alpha v4.08 --> D:\WINDOWS\uninst.exe -f"D:\Program Files\Sub Station Alpha v4.08\DeIsL1.isu" -c"D:\Program Files\Sub Station Alpha v4.08\_ISREG32.DLL"
TeleText --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D46BF5B1-315A-4E7F-AC0A-206497BA7705}\setup.exe"
The FilmMachine 1.5.4 --> "D:\Program Files\The FilmMachine\unins000.exe"
thriXXX 3DSexVilla-034.001 --> "D:\Program Files\thriXXX\3D SexVilla\Binaries\Uninstall-3DSexVilla-034.001.exe"
thriXXX WebLaunch --> D:\Program Files\thriXXX\WebLaunch\WebLaunchUninstall.exe
Total Video Converter 3.10 --> "D:\Program Files\Total Video Converter\unins000.exe"
TVersity Codec Pack 1.1 --> D:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 0.9.11.4 beta --> D:\Program Files\TVersity\Media Server\uninst.exe
USB Remote NDIS Network Device --> D:\Program Files\InstallShield Installation Information\{7F628837-063A-4391-8B6E-9D9E21A7CE2D}\setup.exe -runfromtemp -l0x0409
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions --> D:\PROGRA~1\VIRTUA~1\UNWISE.EXE D:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VobSub v2.23 (Remove Only) --> "D:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> D:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC45 7D98997\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E2457 5DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> D:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC45 7D98997\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC7291 8CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08 EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live installer --> MsiExec.exe /X{1A304004-5798-44EF-9A0D-5C27FC3C4FD4}
Windows Live Messenger --> MsiExec.exe /X{7924F96E-93F9-49F5-905F-444D96DCFC91}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
WinDVB Patch 1.7 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{228ACE3C-69F9-4BB9-BACF-464BC23739D1}\setup.exe"
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
Yahoo! Extras --> D:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> D:\WINDOWS\system32\regsvr32 /u D:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> D:\WINDOWS\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨γ¦C --> D:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YETISPORTS Pingu Throw D.C. --> "D:\Program Files\Yetisports\Uninstall.exe" "D:\Program Files\Yetisports\install.log"

lypio · #6 July 18th, 2008, 01:26 AM

-- Application Event Log -------------------------------------------------------

Event Record #/Type14344 / Error
Event Submitted/Written: 07/18/2008 01:36:18 AM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> [Fri Jul 18 01:36:18 2008] [notice] Disabled use of AcceptEx() WinSock2 API .

Event Record #/Type14327 / Error
Event Submitted/Written: 07/17/2008 03:01:37 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> [Thu Jul 17 15:01:37 2008] [notice] Disabled use of AcceptEx() WinSock2 API .

Event Record #/Type14308 / Error
Event Submitted/Written: 07/17/2008 02:14:39 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> [Thu Jul 17 14:14:39 2008] [notice] Disabled use of AcceptEx() WinSock2 API .

Event Record #/Type14294 / Error
Event Submitted/Written: 07/17/2008 08:57:13 AM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> [Thu Jul 17 08:57:13 2008] [notice] Disabled use of AcceptEx() WinSock2 API .

Event Record #/Type14280 / Error
Event Submitted/Written: 07/17/2008 08:12:39 AM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> [Thu Jul 17 08:12:39 2008] [notice] Disabled use of AcceptEx() WinSock2 API .

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type4746 / Error
Event Submitted/Written: 07/18/2008 01:35:47 AM / 07/18/2008 01:36:38 AM
Event ID/Source: 18 / Ma730Pt
Event Description:

Event Record #/Type4741 / Error
Event Submitted/Written: 07/18/2008 01:36:34 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type4740 / Error
Event Submitted/Written: 07/18/2008 01:36:34 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type4739 / Error
Event Submitted/Written: 07/18/2008 01:36:34 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type4738 / Error
Event Submitted/Written: 07/18/2008 01:36:34 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

-- End of Deckard's System Scanner: finished at 2008-07-18 02:45:10 ------------

the subsequent scans are:

Deckard's System Scanner v20071014.68
Run by Kriton on 2008-07-18 03:08:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive D: has 14.13 GiB (less than 15%) free.

lypio · #7 July 18th, 2008, 01:26 AM

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-18 03:09:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\ASUSKBService.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TVersity\Media Server\MediaServer.exe
D:\WINDOWS\system32\UAService7.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\nvraidservice.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\adiras.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\Kriton\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨γ¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - D:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {503E4419-0565-4887-9B72-B8B15EABB811} - D:\WINDOWS\system32\geBuUlMd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EA479BF-A910-4B14-8BB1-CD195871F947} - D:\WINDOWS\system32\xxyXPJdA.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - D:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - D:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! ¤u¨γ¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - D:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - D:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [nTrayFw] D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaBtSh] D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [240a2378] rundll32.exe "D:\WINDOWS\system32\swukarbd.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM2_Monitor] "D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Πρόχειρες σελίδες HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Έξυπνη επιλογή HP - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D0DABEF-DBD1-417A-A187-5D7E71A175A0}: NameServer = 195.170.0.1,195.170.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: xxyXPJdA - D:\WINDOWS\system32\xxyXPJdA.dll
O21 - SSODL: kvxqmtre - {C23C8ECB-70BA-456A-A2E1-12AB7E3E0C3B} - D:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {2432C990-3153-4089-806C-3BBB3C55A486} - D:\WINDOWS\evgratsm.dll
O23 - Service: app_filter - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ASUSKBService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

--
End of file - 14371 bytes

lypio · #8 July 18th, 2008, 01:27 AM

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - D:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - D:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Asus Display Driver Helper Service) - d:\windows\system32\drivers\asuskbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SCDEmu - d:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 EIO - d:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 MaVctrl - d:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 DstAudio - d:\windows\system32\drivers\dstaudio.sys <Not Verified; Dst provider; Dst driver>
R3 DstVideo - d:\windows\system32\drivers\dstvideo.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 Ma730Pt (MA730 Bluetooth VCOM Driver) - d:\windows\system32\drivers\ma730pt.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 Ma730Vad (MA730 Bluetooth Audio) - d:\windows\system32\drivers\ma730vad.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 MRVW225 (802.11g/b Wireless LAN Dirver for Windows XP) - d:\windows\system32\drivers\mrvw225.sys <Not Verified; Marvell Semiconductor, Inc; Marvell Wireless LAN Cilent Adapter-USB>
R3 pfc (Padus ASPI Shell) - d:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 DCamUSBNW800 (Crypto COMPACT Web Camera) - d:\windows\system32\drivers\pcam800.sys <Not Verified; Divio Inc.; NW800 USB PC Camera>
S3 Ma730c (MA730 Bluetooth Core Driver) - d:\windows\system32\drivers\ma730c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8630C - d:\windows\system32\drivers\ma8630c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8630M - d:\windows\system32\drivers\ma8630m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8630U - d:\windows\system32\drivers\ma8630u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MaRdPnp - d:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 netModUSBService (Service for netMod USB CAPI Driver) - d:\windows\system32\drivers\nmusb.sys <Not Verified; Intracom S.A.; netMod USB Drivers>
S3 P1160COM (Creative PC-CAM 880 (Camera)) - d:\windows\system32\drivers\p1160buk.sys <Not Verified; Accapella Ltd.; >
S3 P1160VID (Creative PC-CAM 880 (Video)) - d:\windows\system32\drivers\p1160vid.sys <Not Verified; Accapella Ltd.; >
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - d:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
S3 sony_ssm.sys - d:\docume~1\kriton\locals~1\temp\sony_ssm.sys (file missing)
S3 WINIO - e:\winio.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 app_filter - d:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.ex e <Not Verified; ; app_filter Module>
R2 ASUSKeyboardService (ASUS Keyboard Service) - d:\windows\asuskbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 ForcewareWebInterface (Forceware Web Interface) - "d:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Nero BackItUp Scheduler 3 - d:\program files\nero\nero8\nero backitup\nbservice.exe
R2 nSvcIp (ForceWare IP service) - d:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
R2 nSvcLog (ForceWare user log service) - d:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
R2 PLFlash DeviceIoControl Service - d:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 TVersityMediaServer - "d:\program files\tversity\media server\mediaserver.exe"
R2 UserAccess7 (SecuROM User Access Service (V7)) - d:\windows\system32\uaservice7.exe <Not Verified; Sony DADC Austria AG.; >

S2 PavPrSrv (Panda Process Protection Service) -
S3 ServiceLayer - "d:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N72
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N72
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 03:30:00 404 --a------ D:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job

-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-18 02:06:21 3458 --a------ D:\WINDOWS\system32\tmp.reg
2008-07-18 02:05:48 25600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-07-18 02:05:48 289144 --a------ D:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-18 02:05:48 86528 --a------ D:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-18 02:05:48 288417 --a------ D:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-18 02:05:48 53248 --a------ D:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-18 02:05:48 82944 --a------ D:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-18 02:05:48 51200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-07-18 02:05:48 81920 --a------ D:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-18 01:40:11 92672 --a------ D:\WINDOWS\system32\swukarbd.dll
2008-07-17 14:35:30 92672 -----n--- D:\WINDOWS\system32\qgpqqrdw.dll
2008-07-17 14:34:37 388347 --ahs---- D:\WINDOWS\system32\dMlUuBeg.ini2
2008-07-17 14:34:33 322816 --a------ D:\WINDOWS\system32\geBuUlMd.dll
2008-07-17 14:29:05 33152 --a------ D:\WINDOWS\system32\xxyXPJdA.dll
2008-07-17 14:29:05 33152 --a------ D:\WINDOWS\system32\fccYOhFy.dll
2008-07-17 14:25:30 159744 --a------ D:\WINDOWS\qndsfmao.dll
2008-07-17 14:25:30 245760 --a------ D:\WINDOWS\evgratsm.dll
2008-07-17 14:25:30 163840 --a------ D:\WINDOWS\erms.exe

-- Find3M Report ---------------------------------------------------------------

2008-07-17 15:39:56 0 d-------- D:\Program Files\AskTBar
2008-07-17 02:08:48 0 d-------- D:\Documents and Settings\Kriton\Application Data\Azureus
2008-06-03 12:46:03 0 d-------- D:\Program Files\DC++
2008-06-01 01:31:23 0 d-------- D:\Program Files\Sun
2008-06-01 01:31:10 0 d-------- D:\Program Files\Java
2008-05-27 12:06:20 0 d-------- D:\Program Files\Microsoft Silverlight

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
02/03/2007 17:52 1298024 -ra------ D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 17:52 177768 -ra------ D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503E4419-0565-4887-9B72-B8B15EABB811}]
17/07/2008 14:34 322816 --a------ D:\WINDOWS\system32\geBuUlMd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EA479BF-A910-4B14-8BB1-CD195871F947}]
17/07/2008 14:29 33152 --a------ D:\WINDOWS\system32\xxyXPJdA.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NVRaidService"="D:\WINDOWS\system32\nvraidservice .exe" [02/11/2004 01:55]
"nTrayFw"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [01/11/2004 12:22]
"SoundMan"="SOUNDMAN.EXE" [15/11/2004 13:20 D:\WINDOWS\SOUNDMAN.EXE]
"NVIDIA nTune"="D:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [18/11/2004 07:33]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"MaBtSh"="D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [08/02/2006 17:29]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [29/03/2008 20:37]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [13/02/2007 21:29]
"adiras"="adiras.exe" [13/02/2007 16:19 D:\WINDOWS\adiras.exe]
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
"NeroFilterCheck"="D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [28/02/2008 09:59]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 16:29]
"240a2378"="D:\WINDOWS\system32\swukarbd.dll" [18/07/2008 01:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"OM2_Monitor"="D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [28/05/2007 17:59]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Nokia.PCSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [25/7/2007 8:38:58 ££]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/3/2007 10:26:24 ££]
InterVideo WinCinema Manager.lnk - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [27/4/2005 12:43:43 §£]
NkbMonitor.exe.lnk - D:\Program Files\Nikon\PictureProject\NkbMonitor.exe [29/4/2005 10:44:38 ££]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///D:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{8EA479BF-A910-4B14-8BB1-CD195871F947}"= D:\WINDOWS\system32\xxyXPJdA.dll [17/07/2008 14:29 33152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"kvxqmtre"= {C23C8ECB-70BA-456A-A2E1-12AB7E3E0C3B} - D:\WINDOWS\kvxqmtre.dll [ ]
"evgratsm"= {2432C990-3153-4089-806C-3BBB3C55A486} - D:\WINDOWS\evgratsm.dll [17/07/2008 13:14 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyXPJdA]
xxyXPJdA.dll 17/07/2008 14:29 33152 D:\WINDOWS\system32\xxyXPJdA.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\system32\geBuUlMd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fbb7b4b5-aba2-11d9-97b5-806d6172696f}]
AutoRun\command- E:\Autorun.exe

-- End of Deckard's System Scanner: finished at 2008-07-18 03:10:05 ------------

and extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: NVIDIA Firewall v1.0 (NVIDIA Corporation)
AV: avast! antivirus 4.8.1169 [VPS 080717-0] v4.8.1169 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Program Files\\NetMeeting\\conf.exe"="D:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"="D:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe:*:Enabled:WinD VD"
"D:\\WINDOWS\\system32\\rtcshare.exe"="D:\\WINDOWS \\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"="D:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yah oo! Messenger"
"D:\\Program Files\\DC++\\DCPlusPlus.exe"="D:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled

C++"
"D:\\Program Files\\Hexacto Games\\Lemonade Tycoon\\Lemonade.exe"="D:\\Program Files\\Hexacto Games\\Lemonade Tycoon\\Lemonade.exe:*:Enabled:Lemonade"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"D:\\Program Files\\Azureus\\Azureus.exe"="D:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\WINDOWS\\system32\\include\\svchost.exe"="D:\ \WINDOWS\\system32\\include\\svchost.exe:*

isable d:mIRC"
"D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

-- End of Deckard's System Scanner: finished at 2008-07-18 03:10:05 ------------

lypio · #9 July 18th, 2008, 01:28 AM

Thank you for bearing with me

I will appreciate any kind of help

**Jintan** · #10 July 20th, 2008, 03:34 AM

Another duplicate request - see here.

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
malware problem install-privac-danger.bat	lypio	Malware Removal	1	July 20th, 2008 02:54 AM
Install-privacy-danger.bat Virus/ No Window updates/ Pop_ups	gskang	Malware Removal	25	July 19th, 2008 10:36 PM
Help Error Cleaner, Privacy Danger and Privacy Protection	mason1958	Malware Removal	1	November 26th, 2007 05:28 AM
new virus - "Your Computer is in danger!	Pat Cantrell	Windows XP	3	August 29th, 2006 02:36 AM
Warning your in Danger! ??? Virus - Please Help	anais4uk	Malware Removal	6	February 15th, 2005 08:21 AM