1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Virus keeps coming back

Discussion in 'Malware and Virus Removal Archive' started by Cael Weston, 2008/05/28.

  1. 2008/05/28
    Cael Weston

    Cael Weston Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    36
    Likes Received:
    0
    Hello, I'm having trouble getting rid of a virus, and because it downloads other spyware and viruses, it's hard to know which virus it is. I've run a series of anti-virus and anti-spyware applications, even done a partial reload/repair of windows and still I get stuff popping up. Most recently, AVG warns me that the Win32\Heur virus is present in the c/windows/system32/dmcomposa.dll. Again, because this virus downloads other junk, I can't be sure if this is the virus or just a symptom. Any help would be grand.

    Below is the HJT log. I'll post Deckard's main and extra logs separately as they're too long.

    Also, I posted this once this morning, then changed my email address. I re-registered my account and still didn't see the post so I'm posting again.

    Thanks.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:50:10 AM, on 05/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SnowCrest, Inc.
    R3 - Default URLSearchHook is missing
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3AAC4342-4F16-4537-8700-D9B4CB6CC1C8} - c:\windows\system32\dmcomposa.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {6F45AEA2-9C81-4832-8390-7134102B8DE5} - C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800 "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [vr6ycoh8] C:\WINDOWS\system32\vr6ycoh8.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [vr6ycoh8] C:\WINDOWS\system32\vr6ycoh8.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: ympbcvxv - C:\WINDOWS\SYSTEM32\dmcomposa.dll
    O21 - SSODL: mjahzjg - {B86798E4-12CD-324E-ADC5-3308A5C9CF44} - C:\WINDOWS\system32\aede.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

    --
    End of file - 9935 bytes
     
    Cael Weston,
    #1
  2. 2008/05/28
    Cael Weston

    Cael Weston Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    36
    Likes Received:
    0
    Virus part 2 (deckard's main log)

    Deckard's System Scanner v20071014.68
    Run by Cap on 2008-05-28 06:40:40
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 3 Restore Point(s) --
    3: 2008-05-28 13:40:44 UTC - RP3 - Deckard's System Scanner Restore Point
    2: 2008-05-28 10:00:25 UTC - RP2 - Software Distribution Service 3.0
    1: 2008-05-27 16:36:36 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 503 MiB (512 MiB recommended).


    -- HijackThis (run as Cap.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:41:59 AM, on 05/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Cap\Local Settings\Temporary Internet Files\Content.IE5\GTAF8LY3\dss[1].exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Cap.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SnowCrest, Inc.
    R3 - Default URLSearchHook is missing
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3AAC4342-4F16-4537-8700-D9B4CB6CC1C8} - c:\windows\system32\dmcomposa.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {6F45AEA2-9C81-4832-8390-7134102B8DE5} - C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800 "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [vr6ycoh8] C:\WINDOWS\system32\vr6ycoh8.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [vr6ycoh8] C:\WINDOWS\system32\vr6ycoh8.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: ympbcvxv - C:\WINDOWS\SYSTEM32\dmcomposa.dll
    O21 - SSODL: mjahzjg - {B86798E4-12CD-324E-ADC5-3308A5C9CF44} - C:\WINDOWS\system32\aede.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

    --
    End of file - 9924 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 IFP800 (iriver Internet Audio Player IFP-800) - c:\windows\system32\drivers\ifp800.sys <Not Verified; iRiver, Inc.; IFP-100>
    R0 zplvdnno - c:\windows\system32\drivers\zplvdnno.dat
    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 VzFw (VAIO Entertainment File Import Service) - c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe
    R3 Vcsw (VAIO Entertainment UPnP Client Adapter) - c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe -runbyscm


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-05-27 15:03:00 438 --a------ C:\WINDOWS\Tasks\At1.job
    2008-05-16 17:20:55 372 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
    2008-05-11 20:01:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-04-28 and 2008-05-28 -----------------------------

    2008-05-28 06:38:49 0 d-------- C:\Program Files\Trend Micro
    2008-05-27 13:16:58 0 d-------- C:\WINDOWS\LastGood
    2008-05-27 09:31:43 0 d-------- C:\WINDOWS\Prefetch
    2008-05-23 16:42:49 0 dr-h----- C:\$VAULT$.AVG
    2008-05-22 15:06:34 0 d--h----- C:\$AVG8.VAULT$
    2008-05-22 15:05:31 0 d-------- C:\WINDOWS\system32\drivers\Avg
    2008-05-22 15:05:21 0 d-------- C:\Program Files\AVG
    2008-05-22 15:05:21 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-05-22 09:55:46 0 d-------- C:\WINDOWS\pss
    2008-05-22 09:42:31 0 d-------- C:\Documents and Settings\Cap\Application Data\AXPFixer
    2008-05-21 11:46:01 0 d-------- C:\Documents and Settings\Cap\.housecall6.6
    2008-05-21 11:43:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
    2008-05-21 11:43:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data\skzniban
    2008-05-20 15:55:15 0 d-------- C:\Documents and Settings\Cap\Application Data\WinIFixer.com
    2008-05-20 15:54:50 0 d-------- C:\Program Files\WinIFixer
    2008-05-19 10:11:26 0 d-------- C:\Documents and Settings\Cap\Application Data\skzniban
    2008-05-19 09:44:48 0 d-------- C:\Program Files\Common Files\Mozilla Shared
    2008-05-15 17:17:43 0 d-------- C:\WINDOWS\system32\AppCert
    2008-05-09 19:43:02 0 d-------- C:\Program Files\Mplayer
    2008-05-09 19:40:42 0 d-------- C:\Program Files\Fox
    2008-05-07 19:42:58 0 d-------- C:\WINDOWS\.jagex_cache_32


    -- Find3M Report ---------------------------------------------------------------

    2008-05-27 09:20:45 23444 --a----c- C:\WINDOWS\system32\emptyregdb.dat
    2008-05-22 16:02:02 0 d-------- C:\Documents and Settings\Cap\Application Data\skypePM
    2008-05-22 15:53:49 0 d-------- C:\Documents and Settings\Cap\Application Data\Skype
    2008-05-20 15:54:00 0 d-------- C:\Program Files\LimeWire
    2008-05-19 16:33:02 0 d-------- C:\Program Files\Warcraft III
    2008-05-19 10:11:30 0 d-------- C:\Documents and Settings\Cap\Application Data\Mozilla
    2008-05-19 09:54:26 0 d-------- C:\Program Files\WinMX
    2008-05-19 09:44:48 0 d-------- C:\Program Files\Common Files
    2008-05-10 18:03:44 0 d-------- C:\Program Files\Starcraft
    2008-04-07 15:42:32 0 d-------- C:\Documents and Settings\Cap\Application Data\Adobe
    2008-04-01 09:25:53 0 d-------- C:\Program Files\TuneUp Utilities 2008
    2008-04-01 09:25:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-31 14:47:00 0 d-------- C:\Documents and Settings\Cap\Application Data\TuneUp Software
    2008-03-31 14:04:23 0 d-------- C:\Documents and Settings\Cap\Application Data\Grisoft
    2008-03-25 20:08:42 1 --a------ C:\WINDOWS\system32\kr_done1
    2008-02-29 22:21:42 76306 --a----c- C:\WINDOWS\War3Unin.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AAC4342-4F16-4537-8700-D9B4CB6CC1C8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F45AEA2-9C81-4832-8390-7134102B8DE5}]
    C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG "= "AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [10/08/2004 08:31 AM]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [10/08/2004 08:27 AM]
    "High Definition Audio Property Page Shortcut "= "HDAudPropShortcut.exe" [03/17/2004 04:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "VAIO Update 2 "= "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [09/21/2004 07:54 PM]
    "avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 04:19 PM]
    "EPSON Stylus CX4600 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [03/04/2004 04:00 AM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [11/15/2004 03:07 PM]
    "iRiver Updater "= "\Updater.exe" []
    "EPSON Stylus CX4800 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/01/2005 08:00 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
    "AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/22/2008 03:05 PM]
    "vr6ycoh8 "= "C:\WINDOWS\system32\vr6ycoh8.exe" []
    "SoundMan "= "SOUNDMAN.EXE" [10/21/2004 03:20 PM C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd "= "ALCWZRD.EXE" [10/21/2004 06:44 PM C:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr "= "ALCMTR.EXE" [10/13/2004 05:00 PM C:\WINDOWS\ALCMTR.EXE]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vr6ycoh8 "= "C:\WINDOWS\system32\vr6ycoh8.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "Btn_Back "=0 (0x0)
    "Btn_Forward "=0 (0x0)
    "Btn_Stop "=0 (0x0)
    "Btn_Refresh "=0 (0x0)
    "Btn_Home "=0 (0x0)
    "Btn_Search "=0 (0x0)
    "Btn_History "=0 (0x0)
    "Btn_Favorites "=0 (0x0)
    "Btn_Folders "=0 (0x0)
    "Btn_Fullscreen "=0 (0x0)
    "Btn_Tools "=0 (0x0)
    "Btn_MailNews "=0 (0x0)
    "Btn_Size "=0 (0x0)
    "Btn_Print "=0 (0x0)
    "Btn_Edit "=0 (0x0)
    "Btn_Discussions "=0 (0x0)
    "Btn_Cut "=0 (0x0)
    "Btn_Copy "=0 (0x0)
    "Btn_Paste "=0 (0x0)
    "Btn_Encoding "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "mjahzjg "= {B86798E4-12CD-324E-ADC5-3308A5C9CF44} - C:\WINDOWS\system32\aede.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ympbcvxv]
    dmcomposa.dll 02/28/2006 05:00 AM 82432 C:\WINDOWS\system32\dmcomposa.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysrest32.exe]
    C:\WINDOWS\system32\sysrest32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vr6ycoh8]
    C:\WINDOWS\system32\vr6ycoh8.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherStudio Desktop]
    "C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Documents and Settings\Cap\Desktop\Ryans sutff\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinIFixer]
    C:\Program Files\WinIFixer\WinIFixer.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f5c5d3e-3844-11d9-811d-806d6172696f}]
    AutoRun\command- D:\Autorun.exe




    -- End of Deckard's System Scanner: finished at 2008-05-28 06:42:46 ------------
     
    Cael Weston,
    #2


  3. to hide this advert.

  4. 2008/05/28
    Cael Weston

    Cael Weston Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    36
    Likes Received:
    0
    Virus part 3 (deckard's extra log - part 1)

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
    Percentage of Memory in Use: 73%
    Physical Memory (total/avail): 502.73 MiB / 135.16 MiB
    Pagefile Memory (total/avail): 1227.66 MiB / 881.44 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1938.27 MiB

    C: is Fixed (NTFS) - 180.3 GiB total, 155.83 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM (CDFS)
    F: is Removable (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD2000JD-98HBB0 - 186.31 GiB - 2 partitions
    \PARTITION0 - Unknown - 6.01 GiB
    \PARTITION1 (bootable) - Installable File System - 180.3 GiB - C:

    \\.\PHYSICALDRIVE2 - Sony CF Reader USB Device

    \\.\PHYSICALDRIVE1 - Sony MS Reader USB Device

    \\.\PHYSICALDRIVE4 - Sony SD/MMC Reader USB Device

    \\.\PHYSICALDRIVE3 - Sony SM/xD Reader USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
    AV: avast! antivirus 4.8.1201 [VPS 080528-0] v4.8.1201 (ALWIL Software)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
    "C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
     
    Cael Weston,
    #3
  5. 2008/05/28
    Cael Weston

    Cael Weston Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    36
    Likes Received:
    0
    virus part 4 (the rest of deckard's extra log)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\Fox\\Aliens versus Predator\\avp.exe "= "C:\\Program Files\\Fox\\Aliens versus Predator\\avp.exe:*:Disabled:avp "
    "C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
    "C:\\Program Files\\Starcraft\\StarCraft.exe "= "C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft "
    "C:\\WINDOWS\\system32\\rtcshare.exe "= "C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing "
    "C:\\Program Files\\NetMeeting\\conf.exe "= "C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting® "
    "C:\\Program Files\\Diablo\\Diablo.exe "= "C:\\Program Files\\Diablo\\Diablo.exe:*:Enabled:Diablo "
    "C:\\Program Files\\Diablo II\\Game.exe "= "C:\\Program Files\\Diablo II\\Game.exe:*:Enabled:Diablo II "
    "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\My Received Files\\mapv2.02\\Diablo II.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\My Received Files\\mapv2.02\\Diablo II.exe:*:Enabled:Diablo II "
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe "= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Disabled:GameSpy Arcade "
    "C:\\Program Files\\Diablo II\\Diablo II.exe "= "C:\\Program Files\\Diablo II\\Diablo II.exe:*:Enabled:Diablo II "
    "C:\\Program Files\\WinMX\\WinMX.exe "= "C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application "
    "C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Documents and Settings\\Cap\\Desktop\\WoW-1.8.4.4878-to-0.9.0.4904-enUS-downloader.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\WoW-1.8.4.4878-to-0.9.0.4904-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
     
    Cael Weston,
    #4
  6. 2008/05/28
    Cael Weston

    Cael Weston Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    36
    Likes Received:
    0
    virus part 5 (deckard's extra log 4 - too many images to post as 1)

    "C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\Activision\\Heavy Gear 2\\Heavy Gear 2.exe "= "C:\\Program Files\\Activision\\Heavy Gear 2\\Heavy Gear 2.exe:*:Enabled:Heavy Gear 2 "
    "C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\WOW_Snow_EG-downloader.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\WOW_Snow_EG-downloader.exe:*:Disabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\Repair.exe "= "C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility "
    "C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\WoW-1.10.1.5230-to-0.10.2.5257-enUS-downloader.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\WoW-1.10.1.5230-to-0.10.2.5257-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\wow-ptr-downloader2.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\wow-ptr-downloader2.exe:*:Disabled:Blizzard Downloader "
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe "= "C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III "
    "C:\\StubInstaller.exe "= "C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
    "C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe "= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.11.0.5383-to-0.11.0.5413-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.11.0.5383-to-0.11.0.5413-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.11.0.5413-to-0.11.0.5428-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.11.0.5413-to-0.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\DC++\\DCPlusPlus.exe "= "C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++ "
    "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\EPL_Trailer_EG.avi-downloader.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\Ryans sutff\\EPL_Trailer_EG.avi-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE "= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4 "
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Documents and Settings\\Cap\\Desktop\\WoW-1.12.0.5590-to-2.0.1.6114-enUS-patch-downloader.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\WoW-1.12.0.5590-to-2.0.1.6114-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\Warcraft III\\War3.exe "= "C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
    "C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
    "C:\\Documents and Settings\\Cap\\Desktop\\World of Warcraft\\BackgroundDownloader.exe "= "C:\\Documents and Settings\\Cap\\Desktop\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\WINDOWS\\system32\\dpvsetup.exe "= "C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test "
    "C:\\WINDOWS\\system32\\rundll32.exe "= "C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App "
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer "
    "C:\\WINDOWS\\system32\\vr6ycoh8.exe "= "C:\\WINDOWS\\system32\\vr6ycoh8.exe:*:Disabled:vr6ycoh8 "
    "C:\\Documents and Settings\\Cap\\Local Settings\\Temp\\.tt23E.tmp "= "C:\\Documents and Settings\\Cap\\Local Settings\\Temp\\.tt23E.tmp:*:Enabled:enable "
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "
    "C:\\WINDOWS\\system32\\sysrest32.exe "= "C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable "
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe "= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe "
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe "= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe "


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Cap\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=E58AEB3F9A6342E
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Cap
    LOGONSERVER=\\E58AEB3F9A6342E
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0401
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Cap\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Cap\LOCALS~1\Temp
    USERDOMAIN=E58AEB3F9A6342E
    USERNAME=Cap
    USERPROFILE=C:\Documents and Settings\Cap
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Cap (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
    Agere Systems PCI Soft Modem --> agrsmdel
    Aliens versus Predator Gold Edition --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Fox\Aliens versus Predator\Uninst.isu "
    Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
    ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
    ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
    ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
    AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    BoBaFeTT Diablo Trainer --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\BoBaFeTT Diablo Trainer\DUninst.isu "
    Burger Rush --> C:\PROGRA~1\YAHOO!~1\BURGER~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\BURGER~1\INSTALL.LOG
    Click to DVD 2.0.02 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
    Click to DVD 2.2.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
    Corel Uninstaller --> C:\WINDOWS\Corel\uninst32.exe
    DC++ 0.691 --> "C:\Program Files\DC++\uninstall.exe "
    Deer Hunter --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Doggie Dash (remove only) --> "C:\Program Files\Yahoo! Games\Doggie Dash\Uninstall.exe "
    DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
    EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
    EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall
    EPSON CX 4200 4800 Guide --> C:\Program Files\epson\guide\cx4200_4800_e\uninstall.exe
    EPSON PhotoStarter3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall
    Fraps --> "C:\Fraps\uninstall.exe "
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll "
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hoyle Casino 5 --> C:\WINDOWS\IsUninst.exe -f "C:\SIERRA\Hoyle Casino 5\Uninst.isu "
    Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
    Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
    InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    InterVideo WinDVDX --> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
    iriver Music Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
    iRiver Updater --> \uninst.exe
    iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
    J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    MAIET entertainment - Gunz --> C:\Program Files\MAIET\Gunz\Uninstall.exe
    Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
    Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
    Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
    Mplayer.com --> C:\Program Files\Mplayer\System\Unwise32.exe /a C:\PROGRA~1\Mplayer\System\install.log
    MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\mtbs.exe c
    OpenMG Limited Patch 4.0-04-08-02-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-08-02-01\HotFixSetup\setup.exe /u
    OpenMG Secure Module 4.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1974D6-4249-43B6-88B0-9A9B8A33956C} /l1033 UNINSTALL
    PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe "
    PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
    Pocket Tanks v1.1 --> "C:\Program Files\Pocket Tanks\unins000.exe "
    Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
    QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
    ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
    Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
    Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    SonicStage 2.1.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\Setup.exe" -l0x9 UNINSTALL
    SonicStage Mastering Studio Audio Filter Custom Preset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\setup.exe" -l0x9
    SonicStage MP3 Add-on program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}\Setup.exe" -l0x9
    Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
    Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
    SpySubtract --> C:\Program Files\interMute\SpySubtract\SpySub.exe -uninstall
    Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
    TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe "
    teenSMART® --> C:\PROGRA~1\Adept\teensmrt\UNWISE.EXE C:\PROGRA~1\Adept\teensmrt\INSTALL.LOG
    TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    VAIO Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}\setup.exe" -l0x9
    VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
    VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
    VAIO Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
    VAIO Media 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
    VAIO Media Integrated Server 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
    VAIO Media Redistribution 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
    VAIO Original Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
    VAIO Original Screen Saver VAIO Scene HD Normal Contents --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25CF0627-2EF6-4FCE-A0DE-7D6350C774B2}\setup.exe" -l0x9
    VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
    VAIO Structure Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E715FA41-46EB-4D3F-B4D9-A45973E76026}\setup.exe" -l0x9
    VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
    VAIO Update 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
    VAIO Zone --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
    WeatherStudio Toolbar and Desktop --> C:\Program Files\WeatherStudio348\WeatherStudio348Uninstall.exe
    Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
    Winamp (remove only) --> "C:\Documents and Settings\Cap\Desktop\Ryans sutff\Winamp\UninstWA.exe "
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
    WinMX --> C:\Program Files\WinMX\uninstall.exe
    WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
    World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
    Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type4940 / Error
    Event Submitted/Written: 05/28/2008 04:44:56 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application firefox.exe, version 1.8.20080.40413, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.
    Processing media-specific event for [firefox.exe!ws!]

    Event Record #/Type4939 / Error
    Event Submitted/Written: 05/28/2008 04:44:32 AM
    Event ID/Source: 1001 / Application Error
    Event Description:
    Fault bucket 726579936.
    The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

    Event Record #/Type4938 / Error
    Event Submitted/Written: 05/28/2008 04:44:25 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application firefox.exe, version 1.8.20080.40413, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.
    Processing media-specific event for [firefox.exe!ws!]

    Event Record #/Type4937 / Error
    Event Submitted/Written: 05/28/2008 04:43:41 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application firefox.exe, version 1.8.20080.40413, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.
    Processing media-specific event for [firefox.exe!ws!]

    Event Record #/Type4936 / Error
    Event Submitted/Written: 05/28/2008 04:43:22 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application firefox.exe, version 1.8.20080.40413, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.
    Processing media-specific event for [firefox.exe!ws!]



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type195 / Warning
    Event Submitted/Written: 05/28/2008 02:54:30 AM
    Event ID/Source: 36 / W32Time
    Event Description:
    The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Event Record #/Type165 / Error
    Event Submitted/Written: 05/27/2008 01:15:39 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The AVG Anti-Spyware Support service failed to start due to the following error:
    %%1083

    Event Record #/Type164 / Error
    Event Submitted/Written: 05/27/2008 01:15:39 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The TuneUp Theme Extension service failed to start due to the following error:
    %%1083

    Event Record #/Type128 / Error
    Event Submitted/Written: 05/27/2008 10:17:40 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The AVG Anti-Spyware Support service failed to start due to the following error:
    %%1083

    Event Record #/Type127 / Error
    Event Submitted/Written: 05/27/2008 10:17:40 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The TuneUp Theme Extension service failed to start due to the following error:
    %%1083



    -- End of Deckard's System Scanner: finished at 2008-05-28 06:42:46 ------------
     
    Cael Weston,
    #5
  7. 2008/05/28
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Cael Weston
    You have a couple infections going on.

    Please do this.

    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Please post the Combofix log.

    Thanks
    Geri
     
    Geri,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...