Virus Obfustat

WillieDH · 08-08-2007 9:07am #1

Anyone come across this, AVG popped up two infections

Some threads suggest it came with Stalker which I installed recently

AVG says it's head but I'm nervous about that

ActorSeeksJob · 08-08-2007 1:05pm

Do this

CLICK HERE to download the HijackThis Installer:

Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

WillieDH · 08-08-2007 6:06pm

Thanks Dude, here's the log file text

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:27, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone.exe
C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone UI.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SitecomWirelessInternetUsbPhone] "C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone.exe"
O4 - HKLM\..\Run: [SitecomWirelessInternetUsbPhoneUI] "C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone UI.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe

--
End of file - 7548 bytes

ActorSeeksJob · 08-08-2007 6:14pm

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So tell me how that goes for you, and post the two DSS texts in full in your next reply.

WillieDH · 09-08-2007 8:45am

Hi

I've actually replace AVG with Avira as my anti virus and it's not detecting the virus.

Plus I've run the Microsoft Malicious Program removal tool for this month, deep scan, and again nothing.

Do I still need to do what you are suggesting or should I just leave it ?

ActorSeeksJob · 09-08-2007 4:57pm

It's up to you. Just cause Avira doesn't detect anything doesn't mean your PC is clean. You do for a fact have a piece of malware that can result in you losing your internet access, and is generally nasty enough. So I will leave it up to you whether you want to do the instructions.

WillieDH · 09-08-2007 10:06pm

Ah ok, I'm away for a couple of days, will try it over the weekend.

Thanks for letting me know that I do have a nasty !

Let you know how I get on.

WillieDH · 12-08-2007 12:22pm

Here's the main.txt one

-- Last 5 Restore Point(s) --
196: 2007-08-12 12:17:47 UTC - RP196 - Deckard's System Scanner Restore Point
195: 2007-08-12 09:37:38 UTC - RP195 - System Checkpoint
194: 2007-08-11 09:03:46 UTC - RP194 - System Checkpoint
193: 2007-08-08 10:27:07 UTC - RP193 - Installed AVG 7.5
192: 2007-08-08 10:26:36 UTC - RP192 - Removed AVG 7.5

-- First Restore Point --
1: 2007-06-30 12:05:51 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as LogOn.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:28, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone.exe
C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone UI.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Documents and Settings\LogOn\Desktop\Virus Fix\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\LogOn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SitecomWirelessInternetUsbPhone] "C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone.exe"
O4 - HKLM\..\Run: [SitecomWirelessInternetUsbPhoneUI] "C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone UI.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe

--
End of file - 7525 bytes

-- File Associations

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 Memctl - c:\program files\u-abit\flashmenu\memctl.sys
S3 PciBus - c:\windows\system32\drivers\pcibus.sys
S3 WINFLASH - c:\program files\u-abit\flashmenu\winflash.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

-- Device Manager: Disabled

Class GUID:
Description: PCI Device
Device ID: PCI\VEN_10DE&DEV_026C&SUBSYS_1C2D147B&REV_A2\3&2411E6FE&0&81
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_10DE&DEV_026C&SUBSYS_1C2D147B&REV_A2\3&2411E6FE&0&81
Service:

-- Files created between 2007-07-12 and 2007-08-12

2007-08-08 13:27:13 0 d

C:\Program Files\AC3Filter
2007-08-08 12:01:56 0 d

C:\Documents and Settings\LogOn\Application Data\Skype
2007-08-08 12:01:40 0 d

C:\Program Files\Skype
2007-08-08 12:01:40 0 d

C:\Program Files\Common Files\Skype
2007-08-08 12:01:32 0 d

C:\Documents and Settings\All Users\Application Data\Skype
2007-08-08 11:27:07 0 d

C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-08 11:25:33 0 d

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-08-08 11:08:16 0 d

C:\Program Files\Trend Micro
2007-08-08 09:44:22 0 d

C:\Program Files\Sitecom
2007-08-05 19:49:22 0 d

C:\Program Files\THQ
2007-07-21 18:19:12 512000 --a

C:\WINDOWS\system32\NVIDIA® SLI SCREENSAVER.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-07-21 18:19:11 0 d

C:\WINDOWS\system32\NVIDIA® SLI SCREENSAVER dir
2007-07-21 14:02:10 0 d

C:\Program Files\Windows Media Connect 2
2007-07-21 14:01:29 0 d

C:\749e954f7cba111938311b066e
2007-07-21 14:01:25 0 d

C:\WINDOWS\system32\drivers\UMDF
2007-07-20 11:20:27 0 d

C:\Program Files\SystemRequirementsLab
2007-07-19 12:33:08 0 d

C:\Program Files\Steam
2007-07-19 12:30:55 0 d

C:\WINDOWS\system32\appmgmt
2007-07-19 12:24:20 10240 --a

C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-07-19 10:23:56 0 d

C:\WINDOWS\BricoPacks

-- Find3M Report

2007-08-12 09:35:46 0 d

C:\Program Files\LogMeIn
2007-08-11 11:38:53 0 d

C:\Program Files\SpeedFan
2007-08-08 13:19:50 0 d

C:\Program Files\DivX
2007-08-08 12:57:19 0 d--h

C:\Program Files\InstallShield Installation Information
2007-08-08 12:57:19 0 d

C:\Program Files\Futuremark
2007-08-08 12:01:40 0 d

C:\Program Files\Common Files
2007-07-19 12:25:08 0 d

C:\Program Files\Creative
2007-07-19 11:27:27 409600 --a

C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-07-19 11:27:27 114688 --a

C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-07-19 11:13:11 0 d

C:\Program Files\Movie Maker
2007-07-09 10:35:16 183808 --a-s---- C:\WINDOWS\NDNuninstall7_48.exe
2007-07-09 10:30:06 8464 --a

C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-07-09 10:30:06 50688 --a-s---- C:\WINDOWS\NDNuninstall6_38.exe
2007-07-09 10:30:06 0 d

C:\Program Files\themexp
2007-07-09 10:27:21 0 d

C:\Program Files\TGTSoft
2007-07-08 15:05:07 0 d

C:\Program Files\Codemasters
2007-07-08 10:42:17 0 d

C:\Program Files\CPU & Ram Meter
2007-07-07 12:20:21 0 d

C:\Documents and Settings\LogOn\Application Data\Ahead
2007-07-06 12:47:18 0 d

C:\Documents and Settings\LogOn\Application Data\Creative
2007-07-05 22:21:08 34843 --a

C:\WINDOWS\system32\FlashMenu.sys
2007-07-05 21:43:35 0 d

C:\Documents and Settings\LogOn\Application Data\DivX
2007-07-01 16:42:43 0 d

C:\Program Files\Common Files\InstallShield
2007-07-01 16:42:30 0 d

C:\Program Files\OpenAL
2007-07-01 16:22:10 0 d

C:\Documents and Settings\LogOn\Application Data\vlc
2007-07-01 12:21:17 0 d

C:\Program Files\NVIDIA Corporation
2007-07-01 11:09:28 0 d

C:\Program Files\BitLord
2007-07-01 09:02:30 0 d

C:\Documents and Settings\LogOn\Application Data\Adobe
2007-06-30 22:08:54 0 d

C:\Program Files\Messenger
2007-06-30 17:58:42 0 d

C:\Program Files\U-ABIT
2007-06-30 17:58:35 0 d

C:\Documents and Settings\LogOn\Application Data\InstallShield
2007-06-30 16:12:28 0 d

C:\Program Files\Lexmark 730 Series
2007-06-30 16:04:54 0 d

C:\Program Files\Ahead
2007-06-30 16:03:30 0 d

C:\Program Files\Common Files\Ahead
2007-06-30 16:00:51 0 d

C:\Program Files\Microsoft Works
2007-06-30 16:00:47 0 d

C:\Program Files\MSBuild
2007-06-30 15:41:56 0 d

C:\Documents and Settings\LogOn\Application Data\Opera
2007-06-30 15:41:52 0 d

C:\Program Files\Opera
2007-06-30 15:36:29 0 d

C:\Program Files\AlienGUIse
2007-06-30 15:21:18 5468672 --a

C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-30 15:13:48 0 d

C:\Program Files\WinCustomize
2007-06-30 15:12:20 0 d

C:\Program Files\Stardock
2007-06-30 15:12:20 0 d

C:\Program Files\Common Files\Stardock
2007-06-30 15:07:06 0 d

C:\Program Files\DVD Shrink
2007-06-30 15:06:24 0 d

C:\Program Files\VideoLAN
2007-06-30 15:05:52 0 d

C:\Program Files\DVD Decrypter
2007-06-30 15:01:15 0 d

C:\Program Files\Common Files\Adobe
2007-06-30 14:59:39 0 d

C:\Documents and Settings\LogOn\Application Data\Macromedia
2007-06-30 13:51:18 0 d

C:\Program Files\Common Files\ODBC
2007-06-30 13:51:11 0 d

C:\Program Files\Common Files\SpeechEngines
2007-06-30 13:50:32 62 --ahs---- C:\Documents and Settings\LogOn\Application Data\desktop.ini
2007-06-30 13:14:43 22 --a

C:\WINDOWS\FileName
2007-06-30 13:05:41 0 d

C:\Documents and Settings\LogOn\Application Data\Identities
2007-06-30 13:02:08 0 d

C:\Program Files\microsoft frontpage
2007-06-30 13:01:52 0 -rahs---- C:\MSDOS.SYS
2007-06-30 13:01:52 0 -rahs---- C:\IO.SYS
2007-06-30 13:01:52 0 --a

C:\CONFIG.SYS
2007-06-30 13:01:52 0 --a

C:\AUTOEXEC.BAT
2007-06-30 13:00:59 0 d--h

C:\Program Files\WindowsUpdate
2007-06-30 13:00:15 0 d

C:\Program Files\Common Files\MSSoap
2007-06-30 12:59:28 21640 --a

C:\WINDOWS\system32\emptyregdb.dat
2007-06-30 12:59:12 0 d

C:\Program Files\Online Services
2007-06-30 12:59:03 0 d

C:\Program Files\MSN Gaming Zone
2007-06-30 12:58:56 0 d

C:\Program Files\Windows NT
2007-05-31 07:44:55 823296 --a

C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 07:44:54 802816 --a

C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-31 07:44:54 823296 --a

C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 07:44:54 740442 --a

C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/04/2007 06:05]
"nwiz"="nwiz.exe" [20/04/2007 06:05 C:\WINDOWS\system32\nwiz.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [17/02/2006 10:40]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [20/04/2007 06:05]
"CTHelper"="CTHELPER.EXE" [17/08/2006 11:32 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [17/08/2006 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SitecomWirelessInternetUsbPhone"="C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone.exe" [30/06/2006 14:13]
"SitecomWirelessInternetUsbPhoneUI"="C:\Program Files\Sitecom\Wireless Internet USB Phone\Wireless Internet USB Phone UI.exe" [09/08/2006 10:56]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [02/04/2007 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04/04/2007 14:20]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" []
"Steam"="C:\Program Files\Steam\Steam.exe" [19/07/2007 12:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06/08/2007 12:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 25/05/2007 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 20/12/2001 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
"C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

-- End of Deckard's System Scanner: finished at 2007-08-12 at 13:18:59

WillieDH · 12-08-2007 12:23pm

And the extra one

Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
CPU 3: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
Percentage of Memory in Use: 14%
Physical Memory (total/avail): 3327.48 MiB / 2858.52 MiB
Pagefile Memory (total/avail): 5211.01 MiB / 4845.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 106.96 GiB free.

is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
Z: is Network (NTFS)

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) Disabled
AV: Avira AntiVir PersonalEdition v 6.39.0.230
(Avira GmbH)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Steam\\steamapps\\liamhalpin\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\liamhalpin\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\U-ABIT\\FlashMenu\\flashmenu.exe"="C:\\Program Files\\U-ABIT\\FlashMenu\\flashmenu.exe:*:Enabled:FlashMenu Application"
"C:\\Program Files\\Steam\\steamapps\\liamhalpin\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\liamhalpin\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"="C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe:*:Enabled:DiRT Executable"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\LogOn\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MASTERBLASTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\LogOn
LOGONSERVER=\\MASTERBLASTER
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f07
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LogOn\LOCALS~1\Temp
TMP=C:\DOCUME~1\LogOn\LOCALS~1\Temp
USERDOMAIN=MASTERBLASTER
USERNAME=LogOn
USERPROFILE=C:\Documents and Settings\LogOn
windir=C:\WINDOWS

-- User Profiles

LogOn (admin)

-- Add/Remove Programs

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\setup.exe" -l0x9 -removeonly
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
CPU & Ram Meter --> "C:\WINDOWS\CPU & Ram Meter\uninstall.exe" "/U:C:\Program Files\CPU & Ram Meter\Uninstall\uninstall.xml"
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Live! Cam Vista IM Driver (1.01.03.1104) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Day of Defeat: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/300
DiRT --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x9 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
FlashMenu --> C:\Program Files\InstallShield Installation Information\{047E5F60-5357-43FB-A080-1912EB0132A4}\Setup.exe -runfromtemp -l0x0009 -removeonly
Futuremark Measurement Services Client --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
Half-Life 2: Lost Coast --> "C:\Program Files\Steam\steam.exe" steam://uninstall/340
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Lexmark 730 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE
LogMeIn --> MsiExec.exe /I{3FEC3A5B-60FF-4626-B425-08E09B121A15}
LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
OpenAL --> "C:\Program Files\OpenAL\OALINST.EXE" /U /S
Opera 9.21 --> MsiExec.exe /X{39619863-8A11-4B60-A166-E6747C986EBE}
Painkiller Gold Edition --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3200
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0003] --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Sitecom Wireless Internet USB Phone version 1.4.0.7.1 --> "C:\Program Files\Sitecom\Wireless Internet USB Phone\unins000.exe"
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log

Event ID #730: Error
Event Submitted/Written: 08/12/2007 01:03:24 AM
Event Source: Application Error
Event Description:
Faulting application hl2.exe, version 0.0.0.0, faulting module studiorender.dll, version 0.0.0.0, fault address 0x0003197a.
Processing media-specific event for [hl2.exe!ws!]

Event ID #709: Error
Event Submitted/Written: 08/08/2007 11:28:57 AM
Event Source: Application Error
Event Description:
Faulting application avscan.exe, version 7.0.4.15, faulting module wblind.dll, version 4.6.0.1, fault address 0x00053d29.
Processing media-specific event for [avscan.exe!ws!]

Event ID #705: Error
Event Submitted/Written: 08/08/2007 10:59:18 AM
Event Source: AVG7
Event Description:
2007-08-08 09:59:18,015 MASTERBLASTER [003548:003552] ERROR 000 AVG7.CC.plugins.CPluginManager plugin {491A5626-1E72-4BD9-B454-299127582DA5} action 393 running failed: The specified module could not be found. (126)

Event ID #605: Error
Event Submitted/Written: 08/02/2007 07:01:55 PM
Event Source: Application Error
Event Description:
Faulting application hl2.exe, version 0.0.0.0, faulting module studiorender.dll, version 0.0.0.0, fault address 0x0003197a.
Processing media-specific event for [hl2.exe!ws!]

Event ID #588: Error
Event Submitted/Written: 07/29/2007 05:31:34 PM
Event Source: Application Error
Event Description:
Faulting application hl2.exe, version 0.0.0.0, faulting module studiorender.dll, version 0.0.0.0, fault address 0x0003197a.
Processing media-specific event for [hl2.exe!ws!]

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event ID #210: Error
Event Submitted/Written: 08/12/2007 01:16:54 PM
Event Source: DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event ID #207: Error
Event Submitted/Written: 08/12/2007 01:16:54 PM
Event Source: DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event ID #206: Error
Event Submitted/Written: 08/12/2007 01:16:54 PM
Event Source: DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event ID #190: Error
Event Submitted/Written: 08/12/2007 01:10:07 PM
Event Source: DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event ID #189: Error
Event Submitted/Written: 08/12/2007 01:10:07 PM
Event Source: DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

-- End of Deckard's System Scanner: finished at 2007-08-12 at 13:18:59

feylya · 12-08-2007 4:17pm

It's a false positive caused by one of the DLL's in LogMeIn. Check the website for an update

WillieDH · 12-08-2007 5:33pm

Thanks Lads, oh and what am I updating, logmein or avg ?!

ActorSeeksJob · 12-08-2007 9:57pm

Virus Obfustat seems to be a false positive like Feylya said.

WillieDH did you follow the steps in removing NewDotNet? How did that go? Does this folder look familiar to you C:\WINDOWS\system32\appmgmt ?

You should be updating AVG by the way

WillieDH · 13-08-2007 8:34am

hi newdotnet uninstalled with no problems

I changed my virus provider to avira as well

No the system 32 folder is not familiar to me, why ?

Also I ran Spybot last night and it picked by newdotnet as an issue and fixed it

ActorSeeksJob · 13-08-2007 1:00pm

Delete these files in bold

C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\NDNuninstall6_38.exe

Try this

Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.

dir /a C:\WINDOWS\system32\appmgmt > dirlist.txt
notepad.exe dirlist.txt
del dirlist.txt

Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in Folder.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find Folder.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.

Post the resulting text file in your next reply, and tell me how it went deleting those files.

WillieDH · 15-08-2007 9:54am

Thanks for the help, I'm away on hols so will do this when I get back, let you know how I get on

WillieDH · 17-08-2007 5:06am

Hi

those files don't exist on my system

I did run spybot and it too detect newdotnet as an issue but fixed it too

Am I clean now ?!

ActorSeeksJob · 17-08-2007 12:36pm

yep seem to be clean. good luck !

WillieDH · 21-08-2007 7:37am

Cheers, really appreciate the help with this !

Virus Obfustat

Comments