Options
Bigtown: win32:vundrop(drp) dropper problems
Hi I found this virus aswell on my computer.
I have followed your instructions here is my Main.txt-
Deckard's System Scanner v20071014.68
Run by Chris on 2008-07-01 12:28:29
Computer is in Normal Mode.
Backed up registry hives.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-01 12:31:46
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TrueSuite Access Manager\CssSvr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Chris\AppData\Local\Temp\AutoDetect.exe
E:\Ceedo\Ceedo\Ceedo.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\SoundSpectrum\G-Force\G-Force Toolbar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Users\Chris\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D02C077D-5FDF-4EDC-82F9-A17E69DF0340} - C:\Windows\System32\xxywVoLc.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [5c1a2056] rundll32.exe "C:\Windows\system32\xoxrocgm.dll",b
O4 - HKLM\..\Run: [BM5f2913ca] Rundll32.exe "C:\Windows\system32\klqaadss.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BM5f2913ca] Rundll32.exe "C:\Windows\system32\klqaadss.dll",s
O4 - HKCU\..\Run: [5c1a2056] rundll32.exe "C:\Users\Chris\AppData\Local\Temp\usqchlqs.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\System32\TAMSvr.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11479 bytes
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 Authentec memory manager (Authentec memory manager service) - c:\windows\system32\tamsvr.exe <Not Verified; AuthenTec Inc.; TrueSuite Access Manager>
R2 ConfigFree Service - "c:\program files\toshiba\configfree\cfsvcs.exe" <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 TOSHIBA SMART Log Service - "c:\program files\toshiba\smartlogservice\tosipcsrv.exe" <Not Verified; TOSHIBA Corporation; TOSHIBA S.M.A.R.T. Log Service>
-- Device Manager: Disabled
No disabled devices found.
-- Files created between 2008-06-01 and 2008-07-01
2008-07-01 11:57:08 91136 --a
C:\Windows\system32\klqaadss.dll
2008-06-30 13:12:56 495104 --a
C:\Windows\HSV Z Maloo 15.exe <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2008-06-30 13:12:55 903168 --a
C:\Windows\HSV Z Maloo 15.scr <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2008-06-30 13:12:55 0 d
C:\Windows\HSV Z Maloo 15 Uninstaller
2008-06-30 13:00:55 0 d
C:\Program Files\InstantStorm
2008-06-30 12:26:56 82432
n--- C:\Windows\system32\xoxrocgm.dll
2008-06-30 12:23:53 460913 --ahs---- C:\Windows\system32\cLoVwyxx.ini2
2008-06-30 12:23:46 319488
n--- C:\Windows\system32\xxywVoLc.dll
2008-06-30 10:12:42 0 d
C:\Program Files\Seagate
2008-06-29 12:47:18 0 d
C:\Shortcuts
2008-06-29 12:47:18 0 d
C:\Program Files\Duke Nukem - Manhattan Project
2008-06-29 12:21:52 0 d
C:\CHARLIE_WILSONS_WAR
2008-06-27 12:29:16 0 d
C:\Program Files\DVD Shrink
2008-06-26 09:43:13 0 d
C:\Program Files\VideoLAN
2008-06-26 08:53:59 0 d
C:\Program Files\Nero
2008-06-26 08:53:59 0 d
C:\Program Files\Common Files\Nero
2008-06-26 08:41:52 903680 --a
C:\Windows\Carlton Draught Skytroop.scr <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2008-06-26 08:41:52 495104 --a
C:\Windows\Carlton Draught Skytroop.exe <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2008-06-26 08:41:52 0 d
C:\Windows\Carlton Draught Skytroop Uninstaller
2008-06-25 14:50:19 0 d
C:\Program Files\Common Files\Adobe
2008-06-25 08:52:09 53248
n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-06-25 08:49:08 0 d
C:\Program Files\Common Files\Creative
2008-06-25 08:49:03 0 d--h
C:\Program Files\Creative Installation Information
2008-06-25 08:48:59 0 d
C:\Program Files\Creative
2008-06-25 08:06:46 0 d
C:\Program Files\uTorrent
2008-06-25 07:30:09 0 d
C:\Users\Chris\G-Force
2008-06-25 07:29:13 0 d
C:\Program Files\SoundSpectrum
2008-06-25 06:56:50 0 d
C:\Program Files\Synaptics
2008-06-25 06:56:28 0 d
C:\DOCS
2008-06-25 06:54:54 0 d
C:\Windows\system32\ENU
2008-06-25 06:54:53 0 d
C:\Windows\system32\Lang
2008-06-25 06:54:47 0 d
C:\Intel
2008-06-25 06:53:56 0 d
C:\Windows\SoftwareDistribution
2008-06-24 20:12:12 0 d
C:\Program Files\Microsoft Silverlight
2008-06-24 19:49:29 0 d
C:\Program Files\Microsoft Visual Studio 8
2008-06-24 16:53:34 0 d
C:\Program Files\CCleaner
2008-06-24 16:31:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-24 16:31:10 0 d
C:\Program Files\Windows Live
2008-06-24 16:23:41 0 d
C:\Program Files\Alwil Software
2008-06-24 15:31:53 0 d
C:\Program Files\NXP
2008-06-24 15:30:14 0 d
C:\Program Files\Camera Assistant Software for Toshiba
2008-06-24 15:29:26 204800 --a
C:\Windows\system32\IVIresizeW7.dll
2008-06-24 15:29:26 188416 --a
C:\Windows\system32\IVIresizePX.dll
2008-06-24 15:29:26 192512 --a
C:\Windows\system32\IVIresizeP6.dll
2008-06-24 15:29:26 192512 --a
C:\Windows\system32\IVIresizeM6.dll
2008-06-24 15:29:26 200704 --a
C:\Windows\system32\IVIresizeA6.dll
2008-06-24 15:29:26 20480 --a
C:\Windows\system32\IVIresize.dll
2008-06-24 15:29:26 0 d
C:\Program Files\InterVideo
2008-06-24 15:29:18 0 d
C:\Windows\system32\Macromed
2008-06-24 15:29:13 0 d
C:\Windows\RegisteredPackages
2008-06-24 15:29:13 0 d--h
C:\Windows\msdownld.tmp
2008-06-24 15:29:11 0 d
C:\Program Files\Windows Media Components
2008-06-24 15:26:33 0 d
C:\Program Files\Ulead Systems
2008-06-24 15:26:33 0 d
C:\Program Files\Common Files\Ulead Systems
2008-06-24 15:25:39 0 d
C:\Program Files\Common Files\Toshiba Shared
2008-06-24 15:24:39 49152 --a
C:\Windows\system32\TAMSvr.exe <Not Verified; AuthenTec Inc.; TrueSuite Access Manager>
2008-06-24 15:24:38 331776 --a
C:\Windows\system32\DrvCrypt.dll <Not Verified; Alfa Corporation; Driver Crypto DLL>
2008-06-24 15:24:38 17408 --a
C:\Windows\system32\AlfaFF.dll <Not Verified; Arachnoid Biometrics Identification Group Corp.; ABIG File System Filter Communication Engine>
2008-06-24 15:24:36 278528 --a
C:\Windows\system32\FpCredProv.dll <Not Verified; AuthenTec,Inc.; Fingerprint Credential Provider>
2008-06-24 15:24:36 0 d
C:\Program Files\TrueSuite Access Manager
2008-06-24 15:21:09 0 --a
C:\Windows\ativpsrm.bin
2008-06-24 15:15:10 0 d
C:\Program Files\ATI Technologies
2008-06-24 15:14:39 0 d
C:\Program Files\ATI
2008-06-24 15:12:24 98304 --a
C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>
2008-06-24 15:12:17 0 d
C:\Windows\system32\RTCOM
2008-06-24 15:11:54 852 --a
C:\Windows\system32\drivers\RTKHDRC1.dat
2008-06-24 15:11:54 852 --a
C:\Windows\system32\drivers\RTKHDRC0.dat
2008-06-24 15:11:54 176 --a
C:\Windows\system32\drivers\RTHDAEQ1.dat
2008-06-24 15:11:54 176 --a
C:\Windows\system32\drivers\RTHDAEQ0.dat
2008-06-24 15:11:54 520 --a
C:\Windows\system32\drivers\RTEQEX1.dat
2008-06-24 15:11:54 520 --a
C:\Windows\system32\drivers\RTEQEX0.dat
2008-06-24 15:11:27 315392 --a
C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-24 15:11:24 520192 --a
C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-24 15:10:47 0 dr
C:\Users\Chris\Searches
2008-06-24 15:10:35 0 dr
C:\Users\Chris\Contacts
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Videos
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Templates
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Start Menu
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\SendTo
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Saved Games
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Recent
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\PrintHood
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Pictures
2008-06-24 15:10:28 1572864 --ahs---- C:\Users\Chris\NTUSER.DAT
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\NetHood
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\My Documents
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Music
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Local Settings
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Links
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Favorites
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Downloads
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Documents
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Desktop
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Cookies
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Application Data
2008-06-24 15:10:28 0 d--h
C:\Users\Chris\AppData
-- Find3M Report
2008-07-01 12:32:12 0 d
C:\Users\Chris\AppData\Roaming\uTorrent
2008-06-30 10:13:29 0 d--h
C:\Program Files\InstallShield Installation Information
2008-06-29 12:46:44 0 d
C:\Program Files\Common Files\InstallShield
2008-06-29 12:44:21 0 d
C:\Users\Chris\AppData\Roaming\Ulead Systems
2008-06-26 09:44:08 0 d
C:\Users\Chris\AppData\Roaming\vlc
2008-06-26 09:01:16 0 d
C:\Users\Chris\AppData\Roaming\Nero
2008-06-26 08:53:59 0 d
C:\Program Files\Common Files
2008-06-26 08:44:02 0 d
C:\Users\Chris\AppData\Roaming\toshiba
2008-06-25 14:48:14 0 d
C:\Users\Chris\AppData\Roaming\Adobe
2008-06-25 06:54:53 0 d
C:\Program Files\Intel
2008-06-24 20:14:56 0 d
C:\Program Files\Microsoft SQL Server
2008-06-24 19:57:16 0 d
C:\Program Files\MSBuild
2008-06-24 16:20:43 0 d
C:\Users\Chris\AppData\Roaming\Macromedia
2008-06-24 16:06:47 0 d
C:\Program Files\Windows Mail
2008-06-24 15:37:05 0 d
C:\Users\Chris\AppData\Roaming\ATI
2008-06-24 15:31:14 0 d
C:\Program Files\Toshiba
2008-06-24 15:24:25 0 d
C:\Users\Chris\AppData\Roaming\InstallShield
2008-06-24 15:11:40 0 d
C:\Program Files\Realtek
2008-06-24 15:10:37 0 d
C:\Users\Chris\AppData\Roaming\Identities
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D02C077D-5FDF-4EDC-82F9-A17E69DF0340}]
30/06/2008 12:23 PM 319488
C:\Windows\system32\xxywVoLc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/01/2008 12:23 PM]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [29/09/2007 10:03 AM]
"NDSTray.exe"="NDSTray.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/12/2007 08:12 PM]
"RtHDVCpl"="RtHDVCpl.exe" [29/01/2008 08:51 PM C:\Windows\RtHDVCpl.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 02:35 PM]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [17/01/2008 06:27 PM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [01/11/2007 12:01 AM]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [15/06/2007 11:01 PM]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [22/01/2008 04:25 PM]
"FingerPrintNotifer"="C:\Program Files\TrueSuite Access Manager\FpNotifier.exe" [24/01/2008 01:21 PM]
"UsbMonitor"="C:\Program Files\TrueSuite Access Manager\usbnotify.exe" [05/06/2007 06:42 PM]
"PwdBank"="C:\Program Files\TrueSuite Access Manager\PwdBank.exe" [01/02/2008 08:24 PM]
"HDMICtrlMan"="C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [25/01/2008 05:43 PM]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [25/10/2007 07:41 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 09:00 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25 AM]
"@=" []
"5c1a2056"="C:\Windows\system32\xoxrocgm.dll" [30/06/2008 12:26 PM]
"BM5f2913ca"="C:\Windows\system32\klqaadss.dll" [01/07/2008 11:57 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 01:34 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [21/01/2008 12:25 PM]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21/01/2008 12:23 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [03/08/2007 12:51 PM]
"BM5f2913ca"="C:\Windows\system32\klqaadss.dll,s" []
"5c1a2056"="C:\Users\Chris\AppData\Local\Temp\usqchlqs.dll,b" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"DisableCAD"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\xxywVoLc
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388694d8-41b6-11dd-908d-001e333937b3}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bdcae42-41cf-11dd-9095-001e333937b3}]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-07-01 12:33:10
And here is Extra.txt- As attachment.
Thanks guys...
I have followed your instructions here is my Main.txt-
Deckard's System Scanner v20071014.68
Run by Chris on 2008-07-01 12:28:29
Computer is in Normal Mode.
Backed up registry hives.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-01 12:31:46
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TrueSuite Access Manager\CssSvr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Chris\AppData\Local\Temp\AutoDetect.exe
E:\Ceedo\Ceedo\Ceedo.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\SoundSpectrum\G-Force\G-Force Toolbar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Users\Chris\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D02C077D-5FDF-4EDC-82F9-A17E69DF0340} - C:\Windows\System32\xxywVoLc.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [5c1a2056] rundll32.exe "C:\Windows\system32\xoxrocgm.dll",b
O4 - HKLM\..\Run: [BM5f2913ca] Rundll32.exe "C:\Windows\system32\klqaadss.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BM5f2913ca] Rundll32.exe "C:\Windows\system32\klqaadss.dll",s
O4 - HKCU\..\Run: [5c1a2056] rundll32.exe "C:\Users\Chris\AppData\Local\Temp\usqchlqs.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\System32\TAMSvr.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11479 bytes
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 Authentec memory manager (Authentec memory manager service) - c:\windows\system32\tamsvr.exe <Not Verified; AuthenTec Inc.; TrueSuite Access Manager>
R2 ConfigFree Service - "c:\program files\toshiba\configfree\cfsvcs.exe" <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 TOSHIBA SMART Log Service - "c:\program files\toshiba\smartlogservice\tosipcsrv.exe" <Not Verified; TOSHIBA Corporation; TOSHIBA S.M.A.R.T. Log Service>
-- Device Manager: Disabled
No disabled devices found.
-- Files created between 2008-06-01 and 2008-07-01
2008-07-01 11:57:08 91136 --a
C:\Windows\system32\klqaadss.dll
2008-06-30 13:12:56 495104 --a
C:\Windows\HSV Z Maloo 15.exe <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2008-06-30 13:12:55 903168 --a
C:\Windows\HSV Z Maloo 15.scr <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2008-06-30 13:12:55 0 d
C:\Windows\HSV Z Maloo 15 Uninstaller
2008-06-30 13:00:55 0 d
C:\Program Files\InstantStorm
2008-06-30 12:26:56 82432
n--- C:\Windows\system32\xoxrocgm.dll
2008-06-30 12:23:53 460913 --ahs---- C:\Windows\system32\cLoVwyxx.ini2
2008-06-30 12:23:46 319488
n--- C:\Windows\system32\xxywVoLc.dll
2008-06-30 10:12:42 0 d
C:\Program Files\Seagate
2008-06-29 12:47:18 0 d
C:\Shortcuts
2008-06-29 12:47:18 0 d
C:\Program Files\Duke Nukem - Manhattan Project
2008-06-29 12:21:52 0 d
C:\CHARLIE_WILSONS_WAR
2008-06-27 12:29:16 0 d
C:\Program Files\DVD Shrink
2008-06-26 09:43:13 0 d
C:\Program Files\VideoLAN
2008-06-26 08:53:59 0 d
C:\Program Files\Nero
2008-06-26 08:53:59 0 d
C:\Program Files\Common Files\Nero
2008-06-26 08:41:52 903680 --a
C:\Windows\Carlton Draught Skytroop.scr <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2008-06-26 08:41:52 495104 --a
C:\Windows\Carlton Draught Skytroop.exe <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2008-06-26 08:41:52 0 d
C:\Windows\Carlton Draught Skytroop Uninstaller
2008-06-25 14:50:19 0 d
C:\Program Files\Common Files\Adobe
2008-06-25 08:52:09 53248
n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-06-25 08:49:08 0 d
C:\Program Files\Common Files\Creative
2008-06-25 08:49:03 0 d--h
C:\Program Files\Creative Installation Information
2008-06-25 08:48:59 0 d
C:\Program Files\Creative
2008-06-25 08:06:46 0 d
C:\Program Files\uTorrent
2008-06-25 07:30:09 0 d
C:\Users\Chris\G-Force
2008-06-25 07:29:13 0 d
C:\Program Files\SoundSpectrum
2008-06-25 06:56:50 0 d
C:\Program Files\Synaptics
2008-06-25 06:56:28 0 d
C:\DOCS
2008-06-25 06:54:54 0 d
C:\Windows\system32\ENU
2008-06-25 06:54:53 0 d
C:\Windows\system32\Lang
2008-06-25 06:54:47 0 d
C:\Intel
2008-06-25 06:53:56 0 d
C:\Windows\SoftwareDistribution
2008-06-24 20:12:12 0 d
C:\Program Files\Microsoft Silverlight
2008-06-24 19:49:29 0 d
C:\Program Files\Microsoft Visual Studio 8
2008-06-24 16:53:34 0 d
C:\Program Files\CCleaner
2008-06-24 16:31:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-24 16:31:10 0 d
C:\Program Files\Windows Live
2008-06-24 16:23:41 0 d
C:\Program Files\Alwil Software
2008-06-24 15:31:53 0 d
C:\Program Files\NXP
2008-06-24 15:30:14 0 d
C:\Program Files\Camera Assistant Software for Toshiba
2008-06-24 15:29:26 204800 --a
C:\Windows\system32\IVIresizeW7.dll
2008-06-24 15:29:26 188416 --a
C:\Windows\system32\IVIresizePX.dll
2008-06-24 15:29:26 192512 --a
C:\Windows\system32\IVIresizeP6.dll
2008-06-24 15:29:26 192512 --a
C:\Windows\system32\IVIresizeM6.dll
2008-06-24 15:29:26 200704 --a
C:\Windows\system32\IVIresizeA6.dll
2008-06-24 15:29:26 20480 --a
C:\Windows\system32\IVIresize.dll
2008-06-24 15:29:26 0 d
C:\Program Files\InterVideo
2008-06-24 15:29:18 0 d
C:\Windows\system32\Macromed
2008-06-24 15:29:13 0 d
C:\Windows\RegisteredPackages
2008-06-24 15:29:13 0 d--h
C:\Windows\msdownld.tmp
2008-06-24 15:29:11 0 d
C:\Program Files\Windows Media Components
2008-06-24 15:26:33 0 d
C:\Program Files\Ulead Systems
2008-06-24 15:26:33 0 d
C:\Program Files\Common Files\Ulead Systems
2008-06-24 15:25:39 0 d
C:\Program Files\Common Files\Toshiba Shared
2008-06-24 15:24:39 49152 --a
C:\Windows\system32\TAMSvr.exe <Not Verified; AuthenTec Inc.; TrueSuite Access Manager>
2008-06-24 15:24:38 331776 --a
C:\Windows\system32\DrvCrypt.dll <Not Verified; Alfa Corporation; Driver Crypto DLL>
2008-06-24 15:24:38 17408 --a
C:\Windows\system32\AlfaFF.dll <Not Verified; Arachnoid Biometrics Identification Group Corp.; ABIG File System Filter Communication Engine>
2008-06-24 15:24:36 278528 --a
C:\Windows\system32\FpCredProv.dll <Not Verified; AuthenTec,Inc.; Fingerprint Credential Provider>
2008-06-24 15:24:36 0 d
C:\Program Files\TrueSuite Access Manager
2008-06-24 15:21:09 0 --a
C:\Windows\ativpsrm.bin
2008-06-24 15:15:10 0 d
C:\Program Files\ATI Technologies
2008-06-24 15:14:39 0 d
C:\Program Files\ATI
2008-06-24 15:12:24 98304 --a
C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>
2008-06-24 15:12:17 0 d
C:\Windows\system32\RTCOM
2008-06-24 15:11:54 852 --a
C:\Windows\system32\drivers\RTKHDRC1.dat
2008-06-24 15:11:54 852 --a
C:\Windows\system32\drivers\RTKHDRC0.dat
2008-06-24 15:11:54 176 --a
C:\Windows\system32\drivers\RTHDAEQ1.dat
2008-06-24 15:11:54 176 --a
C:\Windows\system32\drivers\RTHDAEQ0.dat
2008-06-24 15:11:54 520 --a
C:\Windows\system32\drivers\RTEQEX1.dat
2008-06-24 15:11:54 520 --a
C:\Windows\system32\drivers\RTEQEX0.dat
2008-06-24 15:11:27 315392 --a
C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-24 15:11:24 520192 --a
C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-24 15:10:47 0 dr
C:\Users\Chris\Searches
2008-06-24 15:10:35 0 dr
C:\Users\Chris\Contacts
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Videos
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Templates
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Start Menu
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\SendTo
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Saved Games
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Recent
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\PrintHood
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Pictures
2008-06-24 15:10:28 1572864 --ahs---- C:\Users\Chris\NTUSER.DAT
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\NetHood
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\My Documents
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Music
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Local Settings
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Links
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Favorites
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Downloads
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Documents
2008-06-24 15:10:28 0 dr
C:\Users\Chris\Desktop
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Cookies
2008-06-24 15:10:28 0 d--hs---- C:\Users\Chris\Application Data
2008-06-24 15:10:28 0 d--h
C:\Users\Chris\AppData
-- Find3M Report
2008-07-01 12:32:12 0 d
C:\Users\Chris\AppData\Roaming\uTorrent
2008-06-30 10:13:29 0 d--h
C:\Program Files\InstallShield Installation Information
2008-06-29 12:46:44 0 d
C:\Program Files\Common Files\InstallShield
2008-06-29 12:44:21 0 d
C:\Users\Chris\AppData\Roaming\Ulead Systems
2008-06-26 09:44:08 0 d
C:\Users\Chris\AppData\Roaming\vlc
2008-06-26 09:01:16 0 d
C:\Users\Chris\AppData\Roaming\Nero
2008-06-26 08:53:59 0 d
C:\Program Files\Common Files
2008-06-26 08:44:02 0 d
C:\Users\Chris\AppData\Roaming\toshiba
2008-06-25 14:48:14 0 d
C:\Users\Chris\AppData\Roaming\Adobe
2008-06-25 06:54:53 0 d
C:\Program Files\Intel
2008-06-24 20:14:56 0 d
C:\Program Files\Microsoft SQL Server
2008-06-24 19:57:16 0 d
C:\Program Files\MSBuild
2008-06-24 16:20:43 0 d
C:\Users\Chris\AppData\Roaming\Macromedia
2008-06-24 16:06:47 0 d
C:\Program Files\Windows Mail
2008-06-24 15:37:05 0 d
C:\Users\Chris\AppData\Roaming\ATI
2008-06-24 15:31:14 0 d
C:\Program Files\Toshiba
2008-06-24 15:24:25 0 d
C:\Users\Chris\AppData\Roaming\InstallShield
2008-06-24 15:11:40 0 d
C:\Program Files\Realtek
2008-06-24 15:10:37 0 d
C:\Users\Chris\AppData\Roaming\Identities
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D02C077D-5FDF-4EDC-82F9-A17E69DF0340}]
30/06/2008 12:23 PM 319488
C:\Windows\system32\xxywVoLc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/01/2008 12:23 PM]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [29/09/2007 10:03 AM]
"NDSTray.exe"="NDSTray.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/12/2007 08:12 PM]
"RtHDVCpl"="RtHDVCpl.exe" [29/01/2008 08:51 PM C:\Windows\RtHDVCpl.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 02:35 PM]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [17/01/2008 06:27 PM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [01/11/2007 12:01 AM]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [15/06/2007 11:01 PM]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [22/01/2008 04:25 PM]
"FingerPrintNotifer"="C:\Program Files\TrueSuite Access Manager\FpNotifier.exe" [24/01/2008 01:21 PM]
"UsbMonitor"="C:\Program Files\TrueSuite Access Manager\usbnotify.exe" [05/06/2007 06:42 PM]
"PwdBank"="C:\Program Files\TrueSuite Access Manager\PwdBank.exe" [01/02/2008 08:24 PM]
"HDMICtrlMan"="C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [25/01/2008 05:43 PM]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [25/10/2007 07:41 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 09:00 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25 AM]
"@=" []
"5c1a2056"="C:\Windows\system32\xoxrocgm.dll" [30/06/2008 12:26 PM]
"BM5f2913ca"="C:\Windows\system32\klqaadss.dll" [01/07/2008 11:57 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 01:34 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [21/01/2008 12:25 PM]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21/01/2008 12:23 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [03/08/2007 12:51 PM]
"BM5f2913ca"="C:\Windows\system32\klqaadss.dll,s" []
"5c1a2056"="C:\Users\Chris\AppData\Local\Temp\usqchlqs.dll,b" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"DisableCAD"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\xxywVoLc
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388694d8-41b6-11dd-908d-001e333937b3}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bdcae42-41cf-11dd-9095-001e333937b3}]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-07-01 12:33:10
And here is Extra.txt- As attachment.
Thanks guys...
0
Comments
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
Disable Teatimer
First step:
- Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
- If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
- If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Format C:
It seamed to work really well.
Yes, that would also do it :lol:
If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead