some nasty stuff here

Status
Not open for further replies.
wow you guys must be smart people to actually be able to make sense of these logs! here's the HJT and other log you asked for, will attach combofix next.


Deckard's System Scanner v20071014.68
Run by Daanish Rashid on 2008-02-11 12:53:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; disk is full.


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.07 GiB (less than 15%) free.


-- HijackThis (run as Daanish Rashid.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Evolve Developmental Coaching\HypnoTutor Audio\HypnoTutorScheduler.exe
C:\WINDOWS\Explorer.EXE
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Daanish Rashid\Local Settings\Temporary Internet Files\Content.IE5\K5U7G5EF\dss[1].exe
C:\DOCUME~1\DAANIS~1\Desktop\Daanish Rashid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = globeandmail.com: Canada's National Newspaper
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44709E95-7744-4123-A011-95F7B523C072} - C:\WINDOWS\system32\urqom.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {3c017d6d-b18a-3f7b-b9f4-0ea4ab90b016} - {610b09ba-4ae0-4f9b-b7f3-a81bd6d710c3} - C:\WINDOWS\system32\nmlcurof.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {771BB8CB-3DBD-4403-A0F6-8B2A42B70400} - C:\WINDOWS\system32\gebba.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9DB30F1E-538B-4395-9E49-37C1429AB459} - C:\WINDOWS\system32\khfefda.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\ErrClean\ucookw.exe" -start
O4 - HKLM\..\Run: [c4ff9d44] rundll32.exe "C:\WINDOWS\system32\uwbyyueb.dll",b
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NoteZilla] C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/ca/en/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: khfefda - khfefda.dll (file missing)
O20 - Winlogon Notify: winpcl32 - winpcl32.dll (file missing)
O21 - SSODL: PrxCheck - {fb493eaf-406b-48b9-b153-e24ea4ae3401} - C:\WINDOWS\Installer\{fb493eaf-406b-48b9-b153-e24ea4ae3401}\PrxCheck.dll (file missing)
O21 - SSODL: zip - {2655105c-5766-4797-ba96-5061ca911978} - C:\WINDOWS\Installer\{2655105c-5766-4797-ba96-5061ca911978}\zip.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Training Schedule for the HypnoTutor Training Application (HypnoTutor Training Schedule) - Unknown owner - C:\Program Files\Evolve Developmental Coaching\HypnoTutor Audio\HypnoTutorScheduler.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

--
End of file - 8506 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\DAANIS~1\Desktop\backups\) ------------

backup-20080211-014933-233 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080211-014933-544 O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\ErrClean\ucookw.exe" -start
backup-20080211-014933-837 O4 - HKLM\..\Run: [c4ff9d44] rundll32.exe "C:\WINDOWS\system32\uwbyyueb.dll",b
backup-20080211-014933-870 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 vkquwexg - c:\windows\system32\drivers\combo-fix.sys (file missing)
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 HypnoTutor Training Schedule (Training Schedule for the HypnoTutor Training Application) - "c:\program files\evolve developmental coaching\hypnotutor audio\hypnotutorscheduler.exe" /install /service <Not Verified; ; HypnoTutorScheduler Application>
R2 OracleServiceXE - c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe <Not Verified; Oracle Corporation; >
R2 OracleXETNSListener - c:\oraclexe\app\oracle\product\10.2.0\server\bin\tnslsnr.exe

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 OracleMTSRecoveryService - c:\oraclexe\app\oracle\product\10.2.0\server\bin\omtsreco.exe "oraclemtsrecoveryservice" <Not Verified; Oracle Corporation; Oracle MTS Recovery Service>
S3 OracleXEClrAgent - c:\oraclexe\app\oracle\product\10.2.0\server\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25
S3 SandraDataSrv (Sandra Data Service) - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\rpcdatasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2005.SR3>
S3 SandraTheSrv (Sandra Service) - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\rpcsandrasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2005.SR3>
S4 OracleJobSchedulerXE - c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\3&61AAA01&0&70
Manufacturer: Linksys
Name: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\3&61AAA01&0&70
Service: AN983


-- Scheduled Tasks -------------------------------------------------------------

2008-02-03 06:21:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-11 and 2008-02-11 -----------------------------

2008-02-11 03:38:26 0 d-------- C:\Program Files\EsetOnlineScanner
2008-02-11 03:36:36 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\HouseCall 6.6
2008-02-11 03:36:26 0 d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-02-11 02:02:03 60416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-11 01:38:46 0 dr-h----- C:\$VAULT$.AVG
2008-02-11 01:21:57 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\AVG7
2008-02-11 01:21:11 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-02-11 01:19:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-02-11 01:19:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-02-10 23:13:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-02-10 22:50:13 0 d-------- C:\cmdcons
2008-02-10 22:46:57 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-10 22:46:57 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-10 22:46:57 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-10 22:46:57 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-10 22:46:50 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-10 22:17:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-02-10 22:16:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-02-10 22:08:56 15 --a------ C:\WINDOWS\system32\c4ff8fca
2008-02-10 12:56:36 0 dr-h----- C:\Documents and Settings\Daanish Rashid\Recent
2008-02-09 11:51:53 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-09 11:51:53 3469 --a------ C:\WINDOWS\unins000.dat
2008-02-09 11:39:56 0 d-------- C:\Program Files\SysCleaner
2008-02-09 11:35:44 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\SystemDefender
2008-02-09 11:34:27 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Application Data\errclean
2008-02-09 11:33:41 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
2008-02-01 06:41:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2008-02-01 06:41:29 0 d-------- C:\Program Files\TechSmith
2008-02-01 06:39:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 06:38:19 0 d-------- C:\Program Files\MediaMonkey
2008-02-01 06:35:17 0 d-------- C:\Program Files\IrfanView
2008-01-31 00:32:29 0 d-------- C:\Program Files\Ares
2008-01-31 00:30:36 0 d-------- C:\Program Files\WallPerformer 2.0
2008-01-31 00:30:31 0 d-------- C:\Program Files\DocPad
2008-01-31 00:30:00 0 d-------- C:\Program Files\Common Files\System-G
2008-01-30 14:36:53 0 d-------- C:\Program Files\eMule
2008-01-18 22:51:55 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\Ashampoo
2008-01-18 21:53:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ashampoo
2008-01-18 21:50:24 0 d-------- C:\Program Files\Ashampoo
2008-01-18 21:43:35 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\Obsidium
2008-01-18 21:42:40 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\{1A6E8DCF-3BC3-4C53-A3E9-CF66F0B2C556}
2008-01-18 21:41:57 0 d-------- C:\Program Files\Oront Burning Kit 2
2008-01-18 21:37:00 0 d-------- C:\Program Files\Instant CD & DVD Burner
2008-01-18 21:36:53 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-01-18 18:45:58 0 d-------- C:\Program Files\GetData
2008-01-18 18:45:40 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-14 21:07:05 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\CyberLink
2008-01-14 21:04:57 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-01-14 21:02:35 0 d-------- C:\Program Files\CyberLink
2008-01-14 00:57:09 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\Conceptworld
2008-01-14 00:56:49 0 d-------- C:\Program Files\Conceptworld
2008-01-13 02:58:13 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\3M
2008-01-13 02:55:14 0 d-------- C:\Program Files\3M
2008-01-11 04:22:58 0 d-------- C:\Documents and Settings\Daanish Rashid\.housecall6.6


-- Find3M Report ---------------------------------------------------------------

2008-02-11 01:14:29 0 d-------- C:\Program Files\FastStone Image Viewer
2008-02-10 22:40:29 0 d-------- C:\Program Files\iCal v4.0 Web Calendar
2008-02-10 12:52:07 0 d-------- C:\Program Files\Opera
2008-02-10 12:37:11 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-02-09 16:35:35 0 d-a------ C:\Program Files\Common Files
2008-02-07 14:18:15 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\uTorrent
2008-02-03 23:15:21 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\LimeWire
2008-02-03 00:56:20 0 d-------- C:\Program Files\Shareaza Lite
2008-01-30 20:52:55 0 d-------- C:\Program Files\Winamp
2008-01-30 20:52:44 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\foobar2000
2008-01-14 21:02:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-13 05:07:23 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\dvdcss
2008-01-09 23:14:53 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\GRETECH
2008-01-09 23:00:20 0 d-------- C:\Program Files\Total Video Player
2008-01-09 22:59:11 0 d-------- C:\Program Files\MP4 Video Player
2008-01-09 22:58:48 0 d-------- C:\Program Files\FLV Player
2008-01-09 22:56:30 0 d-------- C:\Program Files\GRETECH
2008-01-09 16:34:44 0 d-------- C:\Program Files\Microsoft Visual Studio .NET
2008-01-09 05:18:16 11270 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-28 19:37:18 0 d-------- C:\Program Files\Alcovarp
2007-12-28 19:03:12 0 d-------- C:\Program Files\RocketDock
2007-12-28 18:57:30 0 d-------- C:\Program Files\CrossLoop
2007-12-24 20:06:41 0 d-------- C:\Program Files\BearFlix
2007-12-24 19:47:56 0 dr-h----- C:\Documents and Settings\Daanish Rashid\Application Data\yahoo!
2007-12-20 11:36:56 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\SlimBrowser
2007-12-19 22:58:33 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\Azureus
2007-12-19 16:19:42 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\Ulead Systems
2007-12-19 11:25:22 0 d-------- C:\Documents and Settings\Daanish Rashid\Application Data\Flock
2007-12-19 11:24:58 0 d-------- C:\Program Files\Flock
2007-12-19 08:09:45 0 d-------- C:\Program Files\DivX
2007-12-19 08:08:13 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-12-18 11:47:21 0 d-------- C:\Program Files\MSN Messenger
 
the above was from main.txt. wasnt able to fix it all above. here's part 2 of it.



-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44709E95-7744-4123-A011-95F7B523C072}]
C:\WINDOWS\system32\urqom.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{610b09ba-4ae0-4f9b-b7f3-a81bd6d710c3}]
C:\WINDOWS\system32\nmlcurof.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{771BB8CB-3DBD-4403-A0F6-8B2A42B70400}]
C:\WINDOWS\system32\gebba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DB30F1E-538B-4395-9E49-37C1429AB459}]
C:\WINDOWS\system32\khfefda.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 16:39]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 05:50]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 16:37]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 16:47]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-11 01:24]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"ucookw"="C:\PROGRA~1\ErrClean\ucookw.exe" []
"c4ff9d44"="C:\WINDOWS\system32\uwbyyueb.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 16:07]
"NoteZilla"="C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe" [2007-09-08 16:17]
"QNPlus"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9DB30F1E-538B-4395-9E49-37C1429AB459}"= C:\WINDOWS\system32\khfefda.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PrxCheck"= {fb493eaf-406b-48b9-b153-e24ea4ae3401} - C:\WINDOWS\Installer\{fb493eaf-406b-48b9-b153-e24ea4ae3401}\PrxCheck.dll [ ]
"zip"= {2655105c-5766-4797-ba96-5061ca911978} - C:\WINDOWS\Installer\{2655105c-5766-4797-ba96-5061ca911978}\zip.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfefda]
khfefda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpcl32]
winpcl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebba.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4ff9d44]
rundll32.exe "C:\WINDOWS\system32\uwbyyueb.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoteZilla]
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QNPlus]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
C:\WINDOWS\system32\spoolvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ucookw]
"C:\PROGRA~1\ErrClean\ucookw.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f11ad50-89e9-11db-b880-806d6172696f}]
Auto\command- zcgrbpcnr.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL zcgrbpcnr.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 Command - Keeping Software Free
127.0.0.1 032439.com

7902 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-11 12:57:44 ------------
 
and here's extra.txt





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 639.53 MiB / 291.88 MiB
Pagefile Memory (total/avail): 1177.77 MiB / 720.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.93 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 28.62 GiB total, 0.07 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 114.49 GiB total, 1.47 GiB free.
F: is Removable (FAT)
G: is Removable (FAT)

\\.\PHYSICALDRIVE1 - Maxtor 4R120L0 - 114.49 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 114.49 GiB - E:

\\.\PHYSICALDRIVE0 - Maxtor 93073U6 - 28.62 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 28.62 GiB - C:

\\.\PHYSICALDRIVE2 - Memorex Flashdrive 601B USB Device - 470.65 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 477.36 MiB - F:

\\.\PHYSICALDRIVE3 - SanDisk Cruzer Micro USB Device - 1953.22 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1952.88 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Daanish Rashid\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YORK-9B8C2D65D1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Daanish Rashid
LOGONSERVER=\\YORK-9B8C2D65D1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\oraclexe\app\oracle\product\10.2.0\server\bin;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DAANIS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DAANIS~1\LOCALS~1\Temp
USERDOMAIN=YORK-9B8C2D65D1
USERNAME=Daanish Rashid
USERPROFILE=C:\Documents and Settings\Daanish Rashid
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Daanish Rashid (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
1 Click Add n Remove --> "C:\Program Files\Secure PC Solutions\1 Click Add n Remove\Uninstall.exe" "C:\Program Files\Secure PC Solutions\1 Click Add n Remove\install.log"
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Alcovarp --> C:\Program Files\Alcovarp\uninstall.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Ashampoo Burning Studio 7.21 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Backup To DVD/CD 5.1 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Willow Creek Software\ST6UNST.LOG"
Burn My Files --> "C:\Program Files\GetData\Burn My Files\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CrossLoop 2.01 --> "C:\Program Files\CrossLoop\unins000.exe"
Deluxe Wallpapers & Screensavers Pack By Sonnettie --> C:\WINDOWS\iun6002ev.exe "C:\WINDOWS\irunin.ini"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DocPad --> C:\Program Files\DocPad\Uninstall\Uninstall.EXE /u:"DocPad"
Ease Audio Converter 4.10 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Easy Erase File Cleaner --> "C:\Program Files\Easy Erase File Cleaner\unins000.exe"
Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.7.3 --> "C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD\unins000.exe"
eBook SWITCHWORDS[1] --> C:\WINDOWS\dbrmdwb.exe "SWITCHWORDS[1]"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
ewido anti-spyware 4.0 --> C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
FastStone Image Viewer 3.2 --> C:\Program Files\FastStone Image Viewer\uninst.exe
FLAC Installer 1.1.2a (remove only) --> C:\Program Files\FLAC\uninstall.exe
FLAC Ripper 2.0.0 --> "C:\Program Files\FLAC Ripper\unins000.exe"
Flock 1.0 --> C:\Program Files\Flock\uninst.exe
FLV Player 2.0, build 23 --> C:\Program Files\FLV Player\uninst.exe
foobar2000 v0.9.4.2 --> "C:\Program Files\foobar2000\uninstall.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HypnoTutor Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FC74763-488E-4D97-9BFA-8E8A725DF106}\setup.exe"
Instant CD & DVD Burner --> "C:\Program Files\Instant CD & DVD Burner\unins000.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
LIContactsMan --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\LIContactsMan\ST6UNST.LOG"
LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"
Messenger Control Plugin for Ad-aware --> \MESSEN~1\UNWISE.EXE \MESSEN~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft SAPI TTS 5.1 Engine --> MsiExec.exe /I{F3AEF5CD-EDF7-4645-9788-4722FE868791}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MOVAVI VideoSuite 3.1 --> C:\Program Files\MOVAVI VideoSuite 3.1\uninst.exe
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP4 Video Player --> C:\Program Files\MP4 Video Player\uninstall.exe
MSConfig CleanUp 1.2 --> "C:\Program Files\MSConfig CleanUp\UninsHs.exe"
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\mtbs.exe c
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NoteZilla 7.0 --> "C:\Program Files\Conceptworld\NoteZilla\unins000.exe"
NSIS Mixxx --> "C:\Program Files\Mixxx\uninstall.exe"
Opera 9.25 --> MsiExec.exe /X{870B0889-A92E-4230-A6A1-F739C1D140DD}
Oracle Data Provider for .NET Help --> MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
Oracle Database 10g Express Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75} /l1033
Oront Burning Kit 2 Basic --> "C:\Documents and Settings\All Users.WINDOWS\Application Data\{1A6E8DCF-3BC3-4C53-A3E9-CF66F0B2C556}\burningkit2_basic.exe" REMOVE=TRUE MODIFY=FALSE
Oront Burning Kit 2 Basic --> C:\Documents and Settings\All Users.WINDOWS\Application Data\{1A6E8DCF-3BC3-4C53-A3E9-CF66F0B2C556}\burningkit2_basic.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
PowerArchiver 2006 v9.62 --> "C:\Program Files\PowerArchiver\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Scorched3D 40.1d --> C:\Program Files\Scorched3D\uninst.exe
Shareaza 2.3.1.0 --> "C:\Program Files\Shareaza Lite\Uninstall\unins000.exe"
Shareaza Lite 2.1 --> "C:\Program Files\Shareaza Lite\unins000.exe"
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\unins000.exe"
SlimBrowser (remove only) --> "C:\Program Files\SlimBrowser\uninst.exe"
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SystemDefender --> C:\Program Files\SystemDefender\Uninstall.exe
Total Video Player 1.03 --> "C:\Program Files\Total Video Player\unins000.exe"
Ulead DVD MovieFactory 5 Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF164702-AF8B-4F2F-8038-74A4C536866B}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Wendi.com --> C:\Program Files\Wendi.com\Whispers In The Dark.exe /UNINSTALL "C:\WINDOWS\system32\Wendi.com.log"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Widget Engine --> C:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe
Yahoo! Widget Engine --> MsiExec.exe /X{35917680-C0DA-4618-B878-54B74694A2FB}


-- Application Event Log -------------------------------------------------------

Event Record #/Type10711 / Warning
Event Submitted/Written: 02/11/2008 00:08:57 PM
Event ID/Source: 33 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET performance library because it threw an exception: 0x0

Event Record #/Type10710 / Warning
Event Submitted/Written: 02/11/2008 00:08:57 PM
Event ID/Source: 47 / WinMgmt
Event Description:
WMI ADAP was unable to retrieve data from the PerfLib subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ASP.NET, error code: 127

Event Record #/Type10708 / Error
Event Submitted/Written: 02/11/2008 00:08:25 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: How to enable Windows Installer logging

Event Record #/Type10706 / Warning
Event Submitted/Written: 02/11/2008 00:08:08 PM
Event ID/Source: 1073 / ASP.NET 1.1.4322.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To completely uninstall ASP.NET from IIS, please re-enable IIS and unregister ASP.NET using aspnet_regiis.exe /u.

Event Record #/Type10700 / Warning
Event Submitted/Written: 02/11/2008 00:06:59 PM
Event ID/Source: 1020 / ASP.NET 1.1.4322.0
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26404 / Error
Event Submitted/Written: 02/11/2008 00:08:27 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Event Record #/Type26397 / Error
Event Submitted/Written: 02/11/2008 11:33:14 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type26396 / Error
Event Submitted/Written: 02/11/2008 03:36:36 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\system32\HouseCall 6.6\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type26395 / Error
Event Submitted/Written: 02/11/2008 03:36:36 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type26394 / Error
Event Submitted/Written: 02/11/2008 03:36:36 AM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.



-- End of Deckard's System Scanner: finished at 2008-02-11 12:57:44 ------------
 
i ran combofix and it restarted my computer after running, but it didnt give me a log. sorry. am i doing something wrong?

btw the time format has changed to the 24 hr clock. ive poked around but dunno how to change back to AM PM can you advise?
 
Check on your C:\ Directory. It should be named ComboFix.txt. Please give me some time to read through your logs, we will be using ComboFix to remove the infections.

Please redownload ALL of our tools and redo each log for me.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom