1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

System Error

Discussion in 'Malware and Virus Removal Archive' started by Bomberman333, 2008/03/22.

  1. 2008/03/22
    Bomberman333

    Bomberman333 Inactive Thread Starter

    Joined:
    2008/03/22
    Messages:
    3
    Likes Received:
    0
    Hi, I've noticed quite a few other threads on this Virus, but can't seem to get rid of it.
    Whenever I go to open an Internet page or folder in my computer, I am greeted with this message.
    [​IMG]
    I've run many searches on Spybot and the registry key Win32.Agent.gvu kept reappearing after I deleted it.
    Again, I have read the other threads on this topic and tried to remove it, but have had no success.
    Anyway, here's my HijackThis log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:11:53 PM, on 3/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Media Player Classic - {486D0362-657B-4771-B56D-AE29AA31B78B} - C:\WINDOWS\ausctv32a.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe "
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1186856622859
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205196276890
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - http://universalcrap333.piczo.com/
    O24 - Desktop Component 2: (no name) - http://solarsaiyan.piczo.com/

    --
    End of file - 9989 bytes

    Thanks for your support.
     
    Bomberman333,
    #1
  2. 2008/03/22
    Bomberman333

    Bomberman333 Inactive Thread Starter

    Joined:
    2008/03/22
    Messages:
    3
    Likes Received:
    0
    Here's the System Scanner log as well.


    Deckard's System Scanner v20071014.68
    Run by Mike on 2008-03-22 14:46:46
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    94: 2008-03-22 19:46:53 UTC - RP232 - Deckard's System Scanner Restore Point
    93: 2008-03-22 03:15:01 UTC - RP231 - Installed AVG 7.5
    92: 2008-03-22 03:09:51 UTC - RP230 - Installed AVG 7.5
    91: 2008-03-22 02:55:09 UTC - RP229 - Installed AVG 8.0
    90: 2008-03-22 02:54:48 UTC - RP228 - Removed AVG 8.0


    -- First Restore Point --
    1: 2007-12-24 06:47:30 UTC - RP139 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Mike.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:48:32 PM, on 3/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Mike\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Mike.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Media Player Classic - {486D0362-657B-4771-B56D-AE29AA31B78B} - C:\WINDOWS\ausctv32a.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe "
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1186856622859
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205196276890
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - http://universalcrap333.piczo.com/
    O24 - Desktop Component 2: (no name) - http://solarsaiyan.piczo.com/

    --
    End of file - 9964 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
    R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>

    S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
    S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
    S3 ldiskl - c:\docume~1\mike\locals~1\temp\ldiskl.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe
    R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

    S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-03-22 11:32:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2008-03-17 13:54:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-02-22 and 2008-03-22 -----------------------------

    2008-03-22 14:10:45 0 d-------- C:\Program Files\Trend Micro
    2008-03-22 12:43:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-21 22:15:40 0 d-------- C:\Documents and Settings\Mike\Application Data\AVG7
    2008-03-21 22:15:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-03-21 22:15:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-21 22:15:02 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-21 17:29:34 228352 --a------ C:\WINDOWS\ausctv32a.dll
    2008-03-21 14:24:42 0 d-------- C:\Program Files\WinAVI Video Converter
    2008-03-20 12:35:08 0 d-------- C:\Program Files\AVG
    2008-03-20 12:35:07 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-03-20 12:19:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-03-20 12:19:07 0 dr------- C:\Documents and Settings\LocalService\Favorites
    2008-03-20 12:19:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
    2008-03-15 17:46:50 0 d-------- C:\Program Files\PowerISO
    2008-03-15 16:30:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-03-15 16:30:56 0 d-------- C:\Documents and Settings\Mike\Application Data\Azureus
    2008-03-14 23:42:50 0 d-------- C:\Documents and Settings\Mike\Application Data\WinRAR
    2008-03-07 23:24:48 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-07 23:24:38 0 d-------- C:\Documents and Settings\Mike\Application Data\Any Video Converter Professional
    2008-03-07 13:06:40 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-07 13:06:16 0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-03-07 12:59:53 0 d-------- C:\WINDOWS\RegisteredPackages
    2008-03-07 11:34:38 0 d-------- C:\Program Files\Common Files\xing shared
    2008-03-05 20:47:46 0 d-------- C:\Documents and Settings\Mike\Application Data\Talkback
    2008-03-05 20:47:12 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-05 20:47:09 0 d-------- C:\Documents and Settings\Mike\Application Data\Mozilla
    2008-03-02 21:30:43 0 d-------- C:\Program Files\Phun
    2008-03-02 21:03:10 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2008-03-02 19:43:23 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-02-28 20:53:52 0 d--h----- C:\Program Files\Zero G Registry
    2008-02-28 20:53:20 0 d--h----- C:\Documents and Settings\Mike\InstallAnywhere
    2008-02-24 21:31:18 0 d-------- C:\Program Files\WhatPulse
    2008-02-23 22:34:53 0 d-------- C:\Program Files\iPod
    2008-02-23 22:34:48 0 d-------- C:\Program Files\iTunes
    2008-02-23 22:33:51 0 d-------- C:\Program Files\QuickTime


    -- Find3M Report ---------------------------------------------------------------

    2008-03-21 12:53:37 0 d-------- C:\Program Files\Java
    2008-03-16 23:30:43 0 d-------- C:\Documents and Settings\Mike\Application Data\Adobe
    2008-03-15 17:58:13 0 d-------- C:\Program Files\Common Files\Adobe
    2008-03-14 23:43:02 0 d-------- C:\Documents and Settings\Mike\Application Data\Audacity
    2008-03-14 21:56:09 0 d-------- C:\Program Files\DivX
    2008-03-10 20:18:44 0 d-------- C:\Program Files\Movie Maker
    2008-03-07 13:06:16 0 d-------- C:\Program Files\Common Files
    2008-03-07 11:34:36 0 d-------- C:\Program Files\Real
    2008-03-07 11:34:28 0 d-------- C:\Program Files\Common Files\Real
    2008-03-02 21:05:12 0 d-------- C:\Program Files\AIM6
    2008-02-26 21:56:41 0 d-------- C:\Documents and Settings\Mike\Application Data\Real
    2008-02-20 21:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-02-20 21:04:39 0 d-------- C:\Program Files\World of Warcraft
    2008-02-20 21:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-20 21:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-20 21:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-20 21:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-20 21:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-20 21:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-20 21:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-18 11:12:38 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2008-02-17 00:03:53 0 d-------- C:\Program Files\Windows Defender
    2008-02-16 22:52:44 0 d-------- C:\Documents and Settings\Mike\Application Data\bang
    2008-02-11 17:52:40 0 d-------- C:\Program Files\Bonjour
    2008-02-10 21:41:25 0 d-------- C:\Program Files\Microsoft Digital Image 2006
    2008-02-10 21:37:22 0 d-------- C:\Documents and Settings\Mike\Application Data\AdobeUM
    2008-02-10 21:37:22 0 d-------- C:\Documents and Settings\Mike\Application Data\AdobeAUM
    2008-02-07 20:24:23 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-01-26 18:37:19 0 d-------- C:\Program Files\Microsoft Games


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{486D0362-657B-4771-B56D-AE29AA31B78B}]
    03/21/2008 05:29 PM 228352 --a------ C:\WINDOWS\ausctv32a.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 04:04 AM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [08/16/2006 02:35 AM]
    "nwiz "= "nwiz.exe" [08/16/2006 02:35 AM C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [08/16/2006 02:35 AM]
    "SkyTel "= "SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
    "RTHDCPL "= "RTHDCPL.EXE" [12/18/2006 10:12 PM C:\WINDOWS\RTHDCPL.EXE]
    "Alcmtr "= "ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\ALCMTR.EXE]
    "RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 07:42 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
    "Profiler "= "C:\Program Files\Saitek\Software\Profiler.exe" [06/14/2005 03:23 PM]
    "SaiMfd "= "C:\Program Files\Saitek\Software\SaiMfd.exe" [06/17/2005 07:02 PM]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 04:30 PM]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [03/15/2006 07:00 AM C:\WINDOWS\system32\bthprops.cpl]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/07/2008 11:34 AM]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [09/11/2007 01:43 AM]
    "PWRISOVM.EXE "= "C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2008 02:05 AM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/21/2008 10:15 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/11/2007 02:15 PM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 07:00 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "Aim6 "=" " []
    "WhatPulse "= "C:\Program Files\WhatPulse\WhatPulse.exe" [08/21/2006 12:48 PM]
    "ares "= "C:\Program Files\Ares\Ares.exe" []
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/11/2007 2:15:27 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    8032 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-03-22 14:49:04 ------------
     
    Bomberman333,
    #2


  3. to hide this advert.

  4. 2008/03/22
    Bomberman333

    Bomberman333 Inactive Thread Starter

    Joined:
    2008/03/22
    Messages:
    3
    Likes Received:
    0
    Sorry, nevermind it. It was removed with System Restore.
     
    Bomberman333,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...